SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
Virtual Local Area Network (VLAN)
Hierarchical File System (HFS)
Trojan Horse
Information Technology Security Evaluation Criteria (ITSEC)
2. Formal description and evaluation of the vulnerabilities in an information system
Kerberos
Multipurpose Internet Mail Extensions (MIME)
Brute-Force Password Attack
Vulnerability Assessment
3. Black hat
Tunneling
Domain Name
Bit Flipping
Hacks without permission
4. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks
gray box testing
patch
Dumpster Diving
heuristic scanning
5. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
session splicing
passive attack
Droppers
Accountability
6. LM Hash for short passwords (under 7)
Target Of Engagement (TOE)
Tini
404EE
Information Technology Security Evaluation Criteria (ITSEC)
7. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
Simple Object Access Protocol (SOAP)
session splicing
self encrypting
Simple Network Management Protocol (SNMP)
8. A social-engineering attack using computer resources - such as e-mail or IRC.
Copyright
Block Cipher
Computer-Based Attack
Access Point (AP)
9. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
Corrective Controls
Worm
Open System Interconnection (OSI) Reference Model
End User Licensing Agreement (EULA)
10. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
nslookup
Threat
Warm Site
Trapdoor Function
11. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
Hacks with permission
stream cipher
Collision Domain
remote access
12. Another term for firewalking
RID Resource identifier
inference attack
Internet service provider (ISP)
port knocking
13. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.
802.11 i
spoofing
Denial of Service (DoS)
Domain Name System (DNS)
14. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
Black Box Testing
No previous knowledge of the network
--randomize_hosts -O OS fingerprinting
non-repudiation
15. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
scope creep
payload
Defense in Depth
Media Access Control (MAC)
16. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
hacktivism
scope creep
Wi-Fi Protected Access (WPA)
Bit Flipping
17. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.
Confidentiality
ISO 17799
infrastructure mode
FreeBSD
18. A tool that helps a company to compare its actual performance with its potential performance.
gap analysis
Application Layer
SOA record
Competitive Intelligence
19. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
symmetric algorithm
Minimum acceptable level of risk
Asymmetric Algorithm
Event
20. ICMP Ping
-PI
Tunneling
Cookie
NOP
21. IP Protocol Scan
Electronic Code Book (ECB)
Kerberos
-sO
Cracker
22. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
OpenBSD
Active Attack
session splicing
Request for Comments (RFC)
23. Nmap normal output
-oN
public key infrastructure (PKI)
serialize scans & 0.4 sec wait
rule-based access control
24. A protocol defining packets that are able to be routed by a router.
Tumbling
Extensible Authentication Protocol (EAP)
routed protocol
-PT
25. An informed decision to accept the potential for damage to or loss of an IT asset.
risk acceptance
Confidentiality
The automated process of proactively identifying vulnerabilities of computing systems present in a network
security incident response team (SIRT)
26. A software or hardware application or device that captures user keystrokes.
Ciphertext
Digital Watermarking
human-based social engineering
keylogger
27. A record showing which user has accessed a given resource and what operations the user performed during a given period.
Packet Internet Groper (ping)
SYN flood attack
Audit Trail
security incident response team (SIRT)
28. ICMP Type/Code 3-13
-sS
Computer-Based Attack
Administratively Prohibited
Audit Data
29. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
risk
Application Layer
Minimum acceptable level of risk
Malware
30. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
Electronic Code Book (ECB)
null session
Certificate
Wi-Fi
31. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.
script kiddie
Written Authorization
site survey
penetration testing
32. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.
-sI
Vulnerability Management
-oA
Asset
33. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
Algorithm
gray hat
firewall
port scanning
34. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
Internet Assigned Number Authority (IANA)
Zombie
CIA triangle
Covert Channel
35. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).
SNMP
Rijndael
War Driving
Electronic serial number
36. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
INFOSEC Assessment Methodology (IAM)
War Chalking
hot site
-sL
37. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
-sP
Virus Hoax
Assessment
Event
38. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
Digital Certificate
protocol
Interior Gateway Protocol (IGP)
Malicious code
39. Paranoid scan timing
risk assessment
non-repudiation
-oG
serial scan & 300 sec wait
40. Computer software or hardware that can intercept and log traffic passing over a digital network.
HTTP
human-based social engineering
private key
sniffer
41. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
Trapdoor Function
CIA triangle
Black Box Testing
Mantrap
42. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
Cold Site
open source
Master boot record infector
File Transfer Protocol (FTP)
43. A communications protocol used for browsing the Internet.
Hypertext Transfer Protocol (HTTP)
-sF
LDAP
Computer-Based Attack
44. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
Droppers
private key
Vulnerability Assessment
pattern matching
45. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
Algorithm
encryption
Time exceeded
honeynet
46. A virus written in a macro language and usually embedded in document or spreadsheet files.
Macro virus
Cookie
security controls
session splicing
47. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
rootkit
Decryption
NetBus
Black Hat
48. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
Buffer Overflow
risk
risk avoidance
-sU
49. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
Warm Site
Application-Level Attacks
Internet Protocol Security (IPSec) architecture
separation of duties
50. Policy stating what users of a system can and cannot do with the organization's assets.
hacktivism
forwarding
Acceptable Use Policy (AUP)
Internet Assigned Number Authority (IANA)
