SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive
gray box testing
Access Control List (ACL)
Data Link layer
-PP
2. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.
remote procedure call (RPC)
Timestamping
Service Set Identifier (SSID)
Domain Name System (DNS)
3. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
Bluesnarfing
SSH
Overwhelm CAM table to convert switch to hub mode
Malicious code
4. Port 135
Web Spider
User Datagram Protocol (UDP)
RPC-DCOM
Mantrap
5. A Canonical Name record within DNS - used to provide an alias for a domain name.
Simple Object Access Protocol (SOAP)
CNAME record
Certificate
-oA
6. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.
iris scanner
Target Of Engagement (TOE)
stream cipher
Asynchronous
7. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
intrusion prevention system (IPS)
Telnet
Redundant Array of Independent Disks (RAID)
role-based access control
8. A documented process for a procedure designed to be consistent - repeatable - and accountable.
symmetric encryption
RID Resource identifier
Zenmap
Methodology
9. Phases of an attack
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Active Attack
local area network (LAN)
steganography
10. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
rootkit
Telnet
ECHO reply
-PI
11. LM Hash for short passwords (under 7)
Serial Line Internet Protocol (SLIP)
Defense in Depth
Lightweight Directory Access Protocol (LDAP)
404EE
12. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
firewall
Malware
Eavesdropping
End User Licensing Agreement (EULA)
13. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
Man-in-the-middle attack
Boot Sector Virus
Hypertext Transfer Protocol Secure (HTTPS)
Syslog
14. Recording the time - normally in a log file - when an event happens or when information is created or modified.
firewalking
Timestamping
Zenmap
Cloning
15. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
Threat
risk avoidance
Active Attack
halo effect
16. A document describing information security guidelines - policies - procedures - and standards.
Information Technology (IT) security architecture and framework
heuristic scanning
rootkit
Local Administrator
17. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.
Kerberos
A R
Interior Gateway Protocol (IGP)
protocol
18. Directing a protocol from one port to another.
Active Fingerprinting
port redirection
suicide hacker
Institute of Electrical and Electronics Engineers (IEEE)
19. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
Copyright
Kerberos
-sF
U P F
20. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
single loss expectancy (SLE)
fully qualified domain name (FQDN)
CAM table
node
21. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
TACACS
U P F
Secure Sockets Layer (SSL)
reverse lookup; reverse DNS lookup
22. Port 53
Active Fingerprinting
Real application encompassing Trojan
sheepdip
DNS
23. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
-oN
NetBus
-sF
session hijacking
24. Any item of value or worth to an organization - whether physical or virtual.
local area network (LAN)
human-based social engineering
Asset
Access Point (AP)
25. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
enumeration
Adware
Point-to-Point Tunneling Protocol (PPTP)
protocol
26. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
non-repudiation
risk acceptance
suicide hacker
DNS enumeration
27. FTP Bounce Attack
private network address
Tiger Team
hacktivism
-b
28. An organized collection of data.
false rejection rate (FRR)
gateway
Database
parallel scan & 75 sec timeout & 0.3 sec/probe
29. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
protocol stack
War Chalking
parallel scan & 300 sec timeout & 1.25 sec/probe
route
30. Aggressive scan timing
Third Party
parallel scan & 300 sec timeout & 1.25 sec/probe
Defense in Depth
Institute of Electrical and Electronics Engineers (IEEE)
31. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
Bastion host
hash
ping sweep
Due Care
32. ICMP Timestamp
-PP
Black Hat
Data Encryption Standard (DES)
CIA triangle
33. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
intrusion detection system (IDS)
steganography
Temporal Key Integrity Protocol (TKIP)
role-based access control
34. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
reverse social engineering
symmetric encryption
DNS enumeration
Access Creep
35. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
Cookie
Post Office Protocol 3 (POP3)
signature scanning
Videocipher II Satellite Encryption System
36. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
Domain Name
Cryptography
Traceroute
Corrective Controls
37. The steps taken to gather evidence and information on the targets you wish to attack.
reconnaissance
Asset
network interface card (NIC)
Tunnel
38. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
Open System Interconnection (OSI) Reference Model
Denial of Service (DoS)
Media Access Control (MAC)
RPC-DCOM
39. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
Authentication Header (AH)
Written Authorization
Minimum acceptable level of risk
MD5
40. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
Vulnerability Management
War Chalking
encryption
Fraud and related activity in connection with computers
41. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
-sA
Due Care
SNMP
Destination Unreachable
42. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
inference attack
security kernel
-sL
Audit Data
43. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
ad hoc mode
Post Office Protocol 3 (POP3)
Zero Subnet
SMB
44. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.
Presentation layer
RPC-DCOM
Packet Internet Groper (ping)
Ethernet
45. The process of determining if a network entity (user or service) is legitimate
802.11
pattern matching
Authentication
hardware keystroke logger
46. Two or more LANs connected by a high-speed line across a large geographical area.
Wide Area Network (WAN)
Back orifice
port redirection
Level III assessment
47. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
reverse lookup; reverse DNS lookup
Destination Unreachable
Annualized Loss Expectancy (ALE)
security breach or security incident
48. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Cracker
Collision Domain
Bastion host
Uniform Resource Locator (URL)
49. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.
intranet
signature scanning
-sF
RxBoot
50. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is
ISO 17799
social engineering
segment
flood
