SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
Eavesdropping
Trusted Computer System Evaluation Criteria (TCSEC)
Ethical Hacker
Macro virus
2. don't ping
Rijndael
-P0
Transport Layer Security (TLS)
Mantrap
3. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.
Covert Channel
White Box Testing
Exploit
node
4. A communications protocol used for browsing the Internet.
Domain Name System (DNS) lookup
Buffer
Hierarchical File System (HFS)
Hypertext Transfer Protocol (HTTP)
5. Recording the time - normally in a log file - when an event happens or when information is created or modified.
Timestamping
Block Cipher
Digital Watermarking
-sO
6. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
A S
POP 3
Common Internet File System/Server Message Block
encryption
7. Shifting responsibility from one party to another
false rejection rate (FRR)
risk transference
Cookie
network operations center (NOC)
8. Port 135
RPC-DCOM
Certificate
Pretty Good Privacy (PGP)
SOA record
9. A point of reference used to mark an initial state in order to manage change.
route
Baseline
Interior Gateway Protocol (IGP)
serialize scans & 15 sec wait
10. MAC Flooding
intranet
local area network (LAN)
ISO 17799
Overwhelm CAM table to convert switch to hub mode
11. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
Malware
piggybacking
War Chalking
Internal access to the network
12. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman
White Box Testing
RPC-DCOM
operating system attack
Console Port
13. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
Challenge Handshake Authentication Protocol (CHAP)
Zero Subnet
Digital Signature
security defect
14. The ability to trace actions performed on a system to a specific user or system entity.
limitation of liability and remedies
Accountability
INFOSEC Assessment Methodology (IAM)
CNAME record
15. A data encryption/decryption program often used for e-mail and file storage.
Timestamping
Pretty Good Privacy (PGP)
Digital Watermarking
Local Administrator
16. nmap
SMB
--randomize_hosts -O OS fingerprinting
Discretionary Access Control (DAC)
-P0
17. A section or subset of the network. Often a router or other routing device provides the end point of the segment.
segment
Access Point (AP)
Possession of access devices
Trojan Horse
18. Idlescan
ad hoc mode
remote procedure call (RPC)
-sI
nslookup
19. An Internet routing protocol used to exchange routing information within an autonomous system.
public key infrastructure (PKI)
Interior Gateway Protocol (IGP)
local area network (LAN)
Internet Control Message Protocol (ICMP)
20. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
Tunneling
HTTP tunneling
Unicode
Trojan Horse
21. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
encryption
human-based social engineering
CIA triangle
HTTP tunneling
22. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.
Audit Data
Secure Sockets Layer (SSL)
public key infrastructure (PKI)
Tunneling Virus
23. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
Black Hat
-sR
out-of-band signaling
Tunneling Virus
24. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
Malware
Auditing
Daemon
Level II assessment
25. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t
U P F
Archive
Brute-Force Password Attack
spam
26. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
Collision
Local Administrator
ad hoc mode
limitation of liability and remedies
27. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
fully qualified domain name (FQDN)
Information Technology (IT) asset valuation
hashing algorithm
rootkit
28. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Wide Area Network (WAN)
Virus Hoax
Due Care
Active Fingerprinting
29. Vulnerability Scanning
promiscuous mode
Point-to-Point Protocol (PPP)
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Administratively Prohibited
30. A wireless networking mode where all clients connect to the wireless network through a central access point.
Multipurpose Internet Mail Extensions (MIME)
payload
infrastructure mode
remote access
31. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
POP 3
Transport Layer Security (TLS)
Address Resolution Protocol (ARP) table
payload
32. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
Worm
iris scanner
network operations center (NOC)
Archive
33. A list of IP addresses and corresponding MAC addresses stored on a local computer.
ad hoc mode
802.11 i
Address Resolution Protocol (ARP) table
Trapdoor Function
34. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
Media Access Control (MAC)
Community String
Collision Domain
sheepdip
35. The concept of having more than one person required to complete a task
Data Encryption Standard (DES)
Fraud and related activity in connection with computers
separation of duties
MAC filtering
36. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
Domain Name System (DNS) lookup
Internet Protocol Security (IPSec) architecture
footprinting
404EE
37. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
security breach or security incident
Certificate
Virtual Private Network (VPN)
rootkit
38. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.
Baseline
File Transfer Protocol (FTP)
nslookup
Finding a directory listing and gaining access to a parent or root file for access to other files
39. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.
gray box testing
Request for Comments (RFC)
War Chalking
Multipartite virus
40. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
Virtual Private Network (VPN)
encapsulation
signature scanning
Active Attack
41. The software product or system that is the subject of an evaluation.
Black Hat
Virtual Private Network (VPN)
Target Of Engagement (TOE)
-oN
42. A person or entity indirectly involved in a relationship between two principles.
Third Party
-sS
proxy server
Malware
43. A device providing temporary - on-demand - point-to-point network access to users.
stateful packet filtering
protocol
network access server
Echo request
44. An informed decision to accept the potential for damage to or loss of an IT asset.
Interior Gateway Protocol (IGP)
risk acceptance
single loss expectancy (SLE)
A procedure for identifying active hosts on a network.
45. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
security by obscurity
Cryptographic Key
XOR Operation
Ethical Hacker
46. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc
Whois
Accountability
red team
Active Directory (AD)
47. ICMP Netmask
Zenmap
-PM
Zone transfer
symmetric encryption
48. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
Bluejacking
DNS
Administratively Prohibited
Droppers
49. A computer network confined to a relatively small area - such as a single building or campus.
gray box testing
Media Access Control (MAC)
local area network (LAN)
separation of duties
50. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
false negative
POP 3
null session
-oG
