SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Security Accounts Manager file in Windows stores all the password hashes for the system.
SAM
Adware
Authentication Header (AH)
ring topology
2. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
reverse lookup; reverse DNS lookup
Warm Site
Asynchronous
Authentication Header (AH)
3. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
Multipurpose Internet Mail Extensions (MIME)
Smurf attack
Tini
forwarding
4. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
Bluesnarfing
limitation of liability and remedies
Time Bomb
Ethernet
5. Hex 10
Redundant Array of Independent Disks (RAID)
Written Authorization
A
War Dialing
6. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
Minimum acceptable level of risk
source routing
Crossover Error Rate (CER)
Whois
7. Vulnerability Scanning
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Last In First Out (LIFO)
reconnaissance
Tunnel
8. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.
null session
Tiger Team
security breach or security incident
Simple Mail Transfer Protocol (SMTP)
9. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p
site survey
-sF
heuristic scanning
Discretionary Access Control (DAC)
10. White box test
Internal access to the network
Tini
Baseline
Real application encompassing Trojan
11. A communications path - such as the Internet - authorized for data transmission within a computer system or network.
net use \[target ip]IPC$ '' /user:''
overt channel
-sR
stream cipher
12. The ability to trace actions performed on a system to a specific user or system entity.
Black Hat
integrity
Defines legal email marketing
Accountability
13. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
patch
Asymmetric
intranet
Contingency Plan
14. ICMP Netmask
spoofing
-PM
Uniform Resource Locator (URL)
TACACS
15. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
parameter tampering
passive attack
-p <port ranges>
White Box Testing
16. ACK Scan
open source
Wired Equivalent Privacy (WEP)
SMB
-sA
17. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
proxy server
session hijacking
Archive
EDGAR database
18. A list of IP addresses and corresponding MAC addresses stored on a local computer.
Audit Data
Address Resolution Protocol (ARP) table
Local Administrator
out-of-band signaling
19. Port 22
SSH
false rejection rate (FRR)
Wrapper
War Dialing
20. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
asynchronous transmission
Bluejacking
Fast Ethernet
key exchange protocol
21. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
SSH
ECHO reply
ISO 17799
Vulnerability Management
22. An early network application that provides information on users currently logged on to a machine.
Information Technology (IT) asset valuation
Availability
phishing
Finger
23. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
infrastructure mode
Vulnerability
-sA
-sV
24. Network Scanning
MD5
Master boot record infector
human-based social engineering
A procedure for identifying active hosts on a network.
25. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
Destination Unreachable
Man-in-the-middle attack
site survey
Time To Live (TTL)
26. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
impersonation
Target Of Engagement (TOE)
stream cipher
Trusted Computer System Evaluation Criteria (TCSEC)
27. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
false rejection rate (FRR)
Packet Internet Groper (ping)
Wi-Fi Protected Access (WPA)
Eavesdropping
28. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
Ciphertext
S
route
non-repudiation
29. Aggressive scan timing
parallel scan & 300 sec timeout & 1.25 sec/probe
route
Internet Control Message Protocol (ICMP)
Man-in-the-middle attack
30. Port 31337
User Datagram Protocol (UDP)
Back orifice
Methodology
SAM
31. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
Certificate Authority (CA)
Droppers
firewalking
honeynet
32. Hashing algorithm that results in a 128-bit output.
MD5
net use \[target ip]IPC$ '' /user:''
A R
Event
33. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
Competitive Intelligence
fragmentation
Back orifice
Directory Traversal
34. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.
SSH
ECHO reply
Daemon
Defines legal email marketing
35. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.
impersonation
port redirection
Fast Ethernet
Zone transfer
36. nmap
Interior Gateway Protocol (IGP)
--randomize_hosts -O OS fingerprinting
hot site
Rijndael
37. A documented process for a procedure designed to be consistent - repeatable - and accountable.
NT LAN Manager (NTLM)
Methodology
Ethical Hacker
OpenBSD
38. The change or growth of a project's scope
scope creep
POST
packet
SMB
39. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
security bulletins
Assessment
NetBSD
network operations center (NOC)
40. Idlescan
Digital Signature
hardware keystroke logger
Wired Equivalent Privacy (WEP)
-sI
41. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.
replay attack
-oG
GET
Lightweight Directory Access Protocol (LDAP)
42. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
quality of service (QoS)
Bluejacking
Trusted Computer Base (TCB)
intrusion detection system (IDS)
43. The transmission of digital signals without precise clocking or synchronization.
sniffer
Discretionary Access Control (DAC)
asynchronous transmission
Pretty Good Privacy (PGP)
44. A free and popular version of the Unix operating system.
Local Administrator
Institute of Electrical and Electronics Engineers (IEEE)
FreeBSD
false rejection rate (FRR)
45. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
Information Technology (IT) asset valuation
Access Point (AP)
Smurf attack
Level III assessment
46. Describes practices in production and development that promote access to the end product's source materials.
open source
public key infrastructure (PKI)
Rijndael
physical security
47. The potential for damage to or loss of an IT asset
Vulnerability Scanning
S
serialize scans & 15 sec wait
risk
48. A business - government agency - or educational institution that provides access to the Internet.
Interior Gateway Protocol (IGP)
site survey
Internet service provider (ISP)
Database
49. Two or more LANs connected by a high-speed line across a large geographical area.
Cache
-PT
packet filtering
Wide Area Network (WAN)
50. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
intrusion prevention system (IPS)
Target Of Engagement (TOE)
Cracker
Presentation layer
