SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The conveying of official access or legal power to a person or entity.
MAC filtering
-sO
Tunneling Virus
Authorization
2. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.
initial sequence number (ISN)
Telnet
public key infrastructure (PKI)
encryption
3. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
Telnet
Information Technology Security Evaluation Criteria (ITSEC)
Level III assessment
Contingency Plan
4. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
Password Authentication Protocol (PAP)
Time Bomb
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Discretionary Access Control (DAC)
5. Window Scan
Zone transfer
Domain Name System (DNS) lookup
Packet Internet Groper (ping)
-sW
6. The concept of having more than one person required to complete a task
separation of duties
Wi-Fi
node
Replacing numbers in a url to access other files
7. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.
hardware keystroke logger
Confidentiality
spam
Electronic serial number
8. Nmap ml output
-PM
-oX
Level I assessment
Archive
9. A computer process that requests a service from another computer and accepts the server's responses.
iris scanner
Mantrap
Client
Traceroute
10. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
Hierarchical File System (HFS)
Target Of Engagement (TOE)
Vulnerability Scanning
gray box testing
11. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination
False Acceptance Rate (FAR)
Mandatory access control (MAC)
hacktivism
packet filtering
12. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
HIDS
RPC-DCOM
-sL
Worm
13. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.
Denial of Service (DoS)
Contingency Plan
false rejection rate (FRR)
security defect
14. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
Countermeasures
social engineering
Cookie
Trojan Horse
15. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Blowfish
Acknowledgment (ACK)
ping sweep
Ethernet
16. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
Tini
Authentication - Authorization - and Accounting (AAA)
Annualized Loss Expectancy (ALE)
Temporal Key Integrity Protocol (TKIP)
17. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
Challenge Handshake Authentication Protocol (CHAP)
network access server
port scanning
War Driving
18. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
-b
Anonymizer
Dumpster Diving
queue
19. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
-PB
Zone transfer
private network address
Authentication
20. Two or more LANs connected by a high-speed line across a large geographical area.
Wide Area Network (WAN)
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
Zombie
network tap
21. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
-sT
Routing Protocol
Malware
logic bomb
22. The steps taken to gather evidence and information on the targets you wish to attack.
A S
flood
reconnaissance
phishing
23. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
spam
self encrypting
Fast Ethernet
Extensible Authentication Protocol (EAP)
24. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
Decryption
Point-to-Point Tunneling Protocol (PPTP)
Self Replicating
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
25. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
hybrid attack
Application Layer
NT LAN Manager (NTLM)
proxy server
26. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
audit
firewall
-sO
fully qualified domain name (FQDN)
27. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.
hacktivism
proxy server
NT LAN Manager (NTLM)
forwarding
28. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.
Local Administrator
false rejection rate (FRR)
polymorphic virus
private network address
29. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
War Chalking
Bluetooth
Discretionary Access Control (DAC)
Third Party
30. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
Level I assessment
Distributed DoS (DDoS)
Port Address Translation (PAT)
source routing
31. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
Bastion host
Digital Signature
Threat
honeynet
32. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
Finding a directory listing and gaining access to a parent or root file for access to other files
Smurf attack
patch
User Datagram Protocol (UDP)
33. Policy stating what users of a system can and cannot do with the organization's assets.
Acceptable Use Policy (AUP)
-PI
-PB
-PP
34. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
Competitive Intelligence
-PP
Three-Way (TCP) Handshake
False Acceptance Rate (FAR)
35. Polymorphic Virus
-oN
self encrypting
penetration testing
Information Technology Security Evaluation Criteria (ITSEC)
36. Recording the time - normally in a log file - when an event happens or when information is created or modified.
Timestamping
Baseline
false rejection rate (FRR)
Level III assessment
37. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
-PS
Common Internet File System/Server Message Block
Transmission Control Protocol (TCP)
-oA
38. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.
CNAME record
-P0
network tap
Hacks without permission
39. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Last In First Out (LIFO)
Cracker
Cache
Simple Object Access Protocol (SOAP)
40. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Virus
protocol
--randomize_hosts -O OS fingerprinting
Temporal Key Integrity Protocol (TKIP)
41. A command used in HTTP and FTP to retrieve a file from a server.
GET
Time exceeded
quality of service (QoS)
Exploit
42. Hex 12
-sU
A S
Access Control List (ACL)
symmetric encryption
43. An Internet routing protocol used to exchange routing information within an autonomous system.
Interior Gateway Protocol (IGP)
Last In First Out (LIFO)
logic bomb
A
44. A communications protocol used for browsing the Internet.
risk transference
Hypertext Transfer Protocol (HTTP)
Audit Trail
Antivirus (AV) software
45. Describes practices in production and development that promote access to the end product's source materials.
Certificate
open source
parallel scan & 300 sec timeout & 1.25 sec/probe
Authentication Header (AH)
46. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
-PP
GET
Time To Live (TTL)
Domain Name
47. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
Domain Name System (DNS) lookup
remote procedure call (RPC)
Boot Sector Virus
Availability
48. An attack that combines a brute-force attack with a dictionary attack.
routed protocol
Wi-Fi
hybrid attack
public key
49. The potential for damage to or loss of an IT asset
risk
infrastructure mode
phishing
Ethical Hacker
50. Metamorphic Virus
Electronic serial number
Bug
Domain Name
Self Replicating
