SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
red team
physical security
Tini
SYN attack
2. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
Acknowledgment (ACK)
ad hoc mode
site survey
User Datagram Protocol (UDP)
3. The combination of all IT assets - resources - components - and systems.
Extensible Authentication Protocol (EAP)
keylogger
inference attack
Information Technology (IT) infrastructure
4. A computer file system architecture used in Windows - OS/2 - and most memory cards.
security controls
Temporal Key Integrity Protocol (TKIP)
Assessment
File Allocation Table (FAT)
5. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
International Organization for Standardization (ISO)
MAC filtering
Access Control List (ACL)
initial sequence number (ISN)
6. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Digital Signature
LDAP
Mantrap
Archive
7. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
Electronic Code Book (ECB)
-oX
Challenge Handshake Authentication Protocol (CHAP)
open source
8. Wrapper or Binder
War Chalking
Archive
quantitative risk assessment
Real application encompassing Trojan
9. Another term for firewalking
Trojan Horse
-p <port ranges>
port knocking
security breach or security incident
10. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
Block Cipher
Request for Comments (RFC)
HIDS
Tini
11. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
shoulder surfing
Droppers
risk acceptance
Asymmetric Algorithm
12. A device on a network.
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
keylogger
node
Virus
13. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
Wired Equivalent Privacy (WEP)
iris scanner
-PP
Defines legal email marketing
14. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.
Covert Channel
Fraud and related activity in connection with computers
Zenmap
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
15. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.
single loss expectancy (SLE)
footprinting
hacktivism
stateful packet filtering
16. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.
Vulnerability Management
qualitative analysis
spam
A R
17. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
SMB
Collision Domain
-PM
public key
18. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
routed protocol
Information Technology (IT) security architecture and framework
Audit Data
FTP
19. A small Trojan program that listens on port 777.
S
Zone transfer
Tini
Algorithm
20. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t
asynchronous transmission
Brute-Force Password Attack
-PP
infrastructure mode
21. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.
intrusion detection system (IDS)
RxBoot
Simple Object Access Protocol (SOAP)
encapsulation
22. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
Authentication
XOR Operation
Active Attack
ring topology
23. A type of encryption where the same key is used to encrypt and decrypt the message.
Bit Flipping
symmetric encryption
Application Layer
Asymmetric
24. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)
impersonation
single loss expectancy (SLE)
Algorithm
Point-to-Point Protocol (PPP)
25. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
Antivirus (AV) software
network operations center (NOC)
XOR Operation
Network Address Translation (NAT)
26. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information
enumeration
phishing
Google hacking
SID
27. ex 02
S
Finding a directory listing and gaining access to a parent or root file for access to other files
ring topology
protocol
28. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
HTTP tunneling
port knocking
CAM table
footprinting
29. The process of determining if a network entity (user or service) is legitimate
Authentication
-sA
Hacks with permission
Buffer Overflow
30. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
A S
false negative
Cookie
Certificate
31. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
Bluesnarfing
Community String
Bit Flipping
Vulnerability Scanning
32. Port 31337
reverse social engineering
Port Address Translation (PAT)
risk transference
Back orifice
33. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
CIA triangle
public key
hash
Availability
34. NSA
Covert Channel
National Security Agency
-sO
symmetric algorithm
35. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.
Asymmetric Algorithm
Uniform Resource Locator (URL)
sheepdip
physical security
36. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.
Ciphertext
Asset
iris scanner
security incident response team (SIRT)
37. A communications protocol used for browsing the Internet.
Competitive Intelligence
Information Technology (IT) security architecture and framework
Hypertext Transfer Protocol (HTTP)
Time Bomb
38. ICMP Type/Code 3-13
Annualized Loss Expectancy (ALE)
footprinting
firewalking
Administratively Prohibited
39. A type of malware that covertly collects information about a user.
802.11
replay attack
spyware
Challenge Handshake Authentication Protocol (CHAP)
40. The condition of a resource being ready for use and accessible by authorized users.
Availability
hash
Ethical Hacker
LDAP
41. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
security by obscurity
Wi-Fi
SOA record
NetBSD
42. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.
null session
open source
phishing
Password Authentication Protocol (PAP)
43. Port 137/138/139
hot site
SMB
-sI
CNAME record
44. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
Google hacking
Real application encompassing Trojan
Back orifice
social engineering
45. A business - government agency - or educational institution that provides access to the Internet.
Internet service provider (ISP)
Bit Flipping
SYN attack
Overwhelm CAM table to convert switch to hub mode
46. The process of embedding information into a digital signal in a way that makes it difficult to remove.
spyware
Digital Watermarking
Unicode
rule-based access control
47. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
802.11 i
intrusion prevention system (IPS)
Console Port
Minimum acceptable level of risk
48. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
Syslog
Digital Signature
Level II assessment
asynchronous transmission
49. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
Competitive Intelligence
quality of service (QoS)
Community String
Secure Sockets Layer (SSL)
50. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
Adware
Worm
Telnet
limitation of liability and remedies
