SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
Defines legal email marketing
remote access
rootkit
Annualized Loss Expectancy (ALE)
2. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.
spam
Asset
out-of-band signaling
Cold Site
3. A routing protocol developed to be used within a single organization.
Authentication Header (AH)
National Security Agency
protocol stack
Interior Gateway Protocol (IGP)
4. Shifting responsibility from one party to another
Black Hat
risk transference
Buffer
Zero Subnet
5. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
-sL
-sA
Address Resolution Protocol (ARP) table
Wired Equivalent Privacy (WEP)
6. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.
Active Attack
A
false rejection rate (FRR)
Access Point (AP)
7. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
Sign in Seal
gray box testing
Administratively Prohibited
Tunnel
8. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
Temporal Key Integrity Protocol (TKIP)
-oG
Worm
sidejacking
9. A device providing temporary - on-demand - point-to-point network access to users.
network access server
INFOSEC Assessment Methodology (IAM)
Transmission Control Protocol (TCP)
Eavesdropping
10. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
script kiddie
patch
pattern matching
piggybacking
11. Metamorphic Virus
SMB
Point-to-Point Tunneling Protocol (PPTP)
Data Link layer
Self Replicating
12. Port 161/162
-PT
Third Party
SNMP
Asset
13. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
Demilitarized Zone (DMZ)
Active Fingerprinting
Tunnel
Common Internet File System/Server Message Block
14. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
Cracker
International Organization for Standardization (ISO)
XOR Operation
Droppers
15. A data encryption/decryption program often used for e-mail and file storage.
Eavesdropping
FreeBSD
Zone transfer
Pretty Good Privacy (PGP)
16. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Warm Site
Information Technology (IT) security architecture and framework
Virus
Hacks with permission
17. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
Trusted Computer System Evaluation Criteria (TCSEC)
Level II assessment
Web Spider
Domain Name System (DNS) lookup
18. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.
Wi-Fi Protected Access (WPA)
Internet Assigned Number Authority (IANA)
Wi-Fi
packet filtering
19. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
Electronic Code Book (ECB)
gray hat
security defect
Access Control List (ACL)
20. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.
security kernel
Black Hat
security defect
Ethical Hacker
21. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
Information Technology (IT) asset criticality
Serial Line Internet Protocol (SLIP)
gap analysis
Vulnerability
22. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
Routing Information Protocol (RIP)
SYN attack
Cold Site
port redirection
23. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.
Dumpster Diving
Antivirus (AV) software
POST
Level I assessment
24. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.
Syslog
Unicode
Competitive Intelligence
Confidentiality
25. Policy stating what users of a system can and cannot do with the organization's assets.
Domain Name System (DNS)
ECHO reply
Detective Controls
Acceptable Use Policy (AUP)
26. A document describing information security guidelines - policies - procedures - and standards.
-oA
Information Technology (IT) security architecture and framework
Institute of Electrical and Electronics Engineers (IEEE)
Routing Information Protocol (RIP)
27. A program designed to execute at a specific time to release malicious code onto the computer system or network.
Time Bomb
Access Creep
XOR Operation
404EE
28. Cracking Tools
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Mantrap
Active Attack
Block Cipher
29. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.
OpenBSD
Finger
Virtual Local Area Network (VLAN)
War Dialing
30. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
Vulnerability Scanning
Bastion host
Client
Annualized Loss Expectancy (ALE)
31. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
DNS
Asset
Temporal Key Integrity Protocol (TKIP)
Wide Area Network (WAN)
32. An informed decision to accept the potential for damage to or loss of an IT asset.
risk acceptance
Ciphertext
spam
Man-in-the-middle attack
33. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.
-sR
firewall
SID
Assessment
34. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
Target Of Engagement (TOE)
risk transference
-sS
Network Address Translation (NAT)
35. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.
Written Authorization
Anonymizer
fragmentation
-sX
36. Directory Transversal
Adware
Finding a directory listing and gaining access to a parent or root file for access to other files
Application Layer
smart card
37. CAN-SPAM
Bluejacking
MAC filtering
Threat
Defines legal email marketing
38. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.
gray box testing
File Transfer Protocol (FTP)
INFOSEC Assessment Methodology (IAM)
ECHO reply
39. A type of encryption where the same key is used to encrypt and decrypt the message.
symmetric encryption
A
-sA
Tunnel
40. A protocol used to pass control and error messages between nodes on the Internet.
Transmission Control Protocol (TCP)
Baseline
File Allocation Table (FAT)
Internet Control Message Protocol (ICMP)
41. Polymorphic Virus
hybrid attack
self encrypting
serialize scans & 15 sec wait
Assessment
42. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.
Denial of Service (DoS)
Application Layer
File Transfer Protocol (FTP)
Ethical Hacker
43. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Malware
Vulnerability Scanning
NT LAN Manager (NTLM)
remote procedure call (RPC)
44. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
reconnaissance
secure channel
Cold Site
hot site
45. IP Protocol Scan
-sO
Boot Sector Virus
-sP
audit
46. Any item of value or worth to an organization - whether physical or virtual.
Wiretapping
Bluetooth
Routing Protocol
Asset
47. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr
node
-oX
Redundant Array of Independent Disks (RAID)
-oA
48. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Cracker
Unicode
Redundant Array of Independent Disks (RAID)
Event
49. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
Port Address Translation (PAT)
Ciphertext
public key
port redirection
50. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
-sI
infrastructure mode
reverse lookup; reverse DNS lookup
quality of service (QoS)