SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a
Demilitarized Zone (DMZ)
node
File Transfer Protocol (FTP)
symmetric algorithm
2. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
halo effect
smart card
Network Basic Input/Output System (NetBIOS)
Tiger Team
3. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
Cryptography
stream cipher
scope creep
RID Resource identifier
4. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
Certificate Authority (CA)
FTP
penetration testing
Information Technology (IT) asset valuation
5. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.
MAC filtering
SOA record
Fiber Distributed Data Interface (FDDI)
intranet
6. Vulnerability Scanning
Secure Sockets Layer (SSL)
serialize scans & 15 sec wait
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Telnet
7. Xmas Tree scan
remote procedure call (RPC)
-sX
Interior Gateway Protocol (IGP)
Active Directory (AD)
8. The monetary value assigned to an IT asset.
HIDS
Information Technology (IT) asset valuation
Daisy Chaining
-PI
9. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.
Address Resolution Protocol (ARP)
local area network (LAN)
-PM
reverse lookup; reverse DNS lookup
10. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity
Replacing numbers in a url to access other files
Simple Object Access Protocol (SOAP)
personal identification number (PIN)
encapsulation
11. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
CNAME record
Auditing
SSH
stateful packet filtering
12. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.
-sT
Zombie
Simple Object Access Protocol (SOAP)
keylogger
13. Using conversation or some other interaction between people to gather useful information.
Bastion host
human-based social engineering
sniffer
Interior Gateway Protocol (IGP)
14. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
Routing Information Protocol (RIP)
Access Control List (ACL)
Availability
security defect
15. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response
-oX
SYN flood attack
physical security
Vulnerability Assessment
16. A small Trojan program that listens on port 777.
Daemon
Timestamping
Tini
Back orifice
17. Controls to detect anomalies or undesirable events occurring on a system.
Digital Watermarking
Daisy Chaining
Detective Controls
Wiretapping
18. Cracking Tools
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
port scanning
Assessment
Community String
19. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).
sheepdip
Discretionary Access Control (DAC)
intrusion detection system (IDS)
port scanning
20. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
Time To Live (TTL)
Authorization
parallel scan
Certificate
21. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive
Data Link layer
serialize scans & 15 sec wait
public key infrastructure (PKI)
Local Administrator
22. Establish Null Session
-sI
Domain Name
net use \[target ip]IPC$ '' /user:''
Presentation layer
23. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
Audit Data
risk avoidance
Wiretapping
Serial Line Internet Protocol (SLIP)
24. Port 88
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
shoulder surfing
Kerberos
-sO
25. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
Competitive Intelligence
non-repudiation
NOP
Annualized Loss Expectancy (ALE)
26. White box test
Digital Watermarking
Internal access to the network
Network Basic Input/Output System (NetBIOS)
gateway
27. Ping Scan
proxy server
Dumpster Diving
-sP
Data Encryption Standard (DES)
28. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
Trusted Computer System Evaluation Criteria (TCSEC)
rootkit
Level II assessment
spam
29. The transmission of digital signals without precise clocking or synchronization.
Collision Domain
logic bomb
Cryptography
asynchronous transmission
30. ICMP Type/Code 11
Bluetooth
Time exceeded
ad hoc mode
Hypertext Transfer Protocol (HTTP)
31. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
Application Layer
public key infrastructure (PKI)
shrink-wrap code attacks
XOR Operation
32. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.
packet
Sign in Seal
HTTP
public key
33. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
Ethical Hacker
Filter
Adware
hacktivism
34. Another term for firewalking
Multipurpose Internet Mail Extensions (MIME)
port knocking
security breach or security incident
private network address
35. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
Bug
parameter tampering
parallel scan
Last In First Out (LIFO)
36. Port 110
Access Creep
hashing algorithm
-sL
POP 3
37. A denial-of-service technique that uses numerous hosts to perform the attack.
Redundant Array of Independent Disks (RAID)
Distributed DoS (DDoS)
risk acceptance
TACACS
38. IP Protocol Scan
-sO
parallel scan
Audit Trail
Local Administrator
39. A software or hardware defect that often results in system vulnerabilities.
replay attack
Bug
social engineering
risk acceptance
40. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
operating system attack
spoofing
Covert Channel
Blowfish
41. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.
key exchange protocol
Time To Live (TTL)
stateful packet filtering
quantitative risk assessment
42. The default network authentication suite of protocols for Windows NT 4.0
Worm
NT LAN Manager (NTLM)
quality of service (QoS)
Cryptography
43. Hashing algorithm that results in a 128-bit output.
Real application encompassing Trojan
MD5
payload
Competitive Intelligence
44. Two or more LANs connected by a high-speed line across a large geographical area.
Zone transfer
Wide Area Network (WAN)
symmetric algorithm
SYN flood attack
45. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
stateful packet filtering
serialize scans & 0.4 sec wait
Exposure Factor
Ethical Hacker
46. FTP Bounce Attack
Post Office Protocol 3 (POP3)
-b
nslookup
limitation of liability and remedies
47. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
Black Hat
Wi-Fi
Exploit
Finger
48. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption
Community String
penetration testing
Third Party
-PP
49. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
Cold Site
security kernel
Written Authorization
-b
50. A host designed to collect data on suspicious activity.
EDGAR database
Finger
honeypot
Point-to-Point Protocol (PPP)
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests