SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Port 31337
Back orifice
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Digital Signature
Contingency Plan
2. The monetary value assigned to an IT asset.
Information Technology (IT) asset valuation
Post Office Protocol 3 (POP3)
Client
Access Point (AP)
3. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
POST
sidejacking
Algorithm
Sign in Seal
4. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
Tiger Team
Bluejacking
Community String
-oN
5. A command used in HTTP and FTP to retrieve a file from a server.
Packet Internet Groper (ping)
serialize scans & 15 sec wait
Mandatory access control (MAC)
GET
6. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
Electronic Code Book (ECB)
Blowfish
Mandatory access control (MAC)
Biometrics
7. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.
Real application encompassing Trojan
ping sweep
Wiretapping
non-repudiation
8. Recording the time - normally in a log file - when an event happens or when information is created or modified.
scope creep
Contingency Plan
-sV
Timestamping
9. The Security Accounts Manager file in Windows stores all the password hashes for the system.
-oG
Auditing
SAM
security incident response team (SIRT)
10. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
spyware
qualitative analysis
Common Internet File System/Server Message Block
risk assessment
11. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).
footprinting
Computer Emergency Response Team (CERT)
-sS
False Acceptance Rate (FAR)
12. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
Access Point (AP)
Domain Name System (DNS)
Directory Traversal
polymorphic virus
13. A computer process that requests a service from another computer and accepts the server's responses.
-PT
Authentication Header (AH)
Brute-Force Password Attack
Client
14. Hex 10
local area network (LAN)
Cracker
A
-PP
15. Aggressive scan timing
inference attack
parallel scan & 300 sec timeout & 1.25 sec/probe
Mandatory access control (MAC)
Competitive Intelligence
16. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
open source
network operations center (NOC)
Media Access Control (MAC)
Ethical Hacker
17. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc
Active Directory (AD)
Time Bomb
self encrypting
scope creep
18. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
Backdoor
piggybacking
War Dialing
risk
19. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Multipartite virus
pattern matching
Zombie
Threat
20. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity
Archive
Challenge Handshake Authentication Protocol (CHAP)
R
personal identification number (PIN)
21. A denial-of-service technique that uses numerous hosts to perform the attack.
Information Technology (IT) asset criticality
Distributed DoS (DDoS)
TACACS
-sX
22. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.
Address Resolution Protocol (ARP)
Eavesdropping
Service Set Identifier (SSID)
encryption
23. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
impersonation
Domain Name
Point-to-Point Tunneling Protocol (PPTP)
symmetric encryption
24. The steps taken to gather evidence and information on the targets you wish to attack.
SNMP
-PS
reconnaissance
Asynchronous
25. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
logic bomb
ISO 17799
-sW
Decryption
26. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
Overwhelm CAM table to convert switch to hub mode
User Datagram Protocol (UDP)
Due Care
NetBus
27. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.
NOP
risk
site survey
Fiber Distributed Data Interface (FDDI)
28. Nmap grepable output
-oG
Address Resolution Protocol (ARP)
asynchronous transmission
Application-Level Attacks
29. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.
Routing Information Protocol (RIP)
Domain Name
gray box testing
encapsulation
30. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
International Organization for Standardization (ISO)
shrink-wrap code attacks
Vulnerability
overt channel
31. Nmap normal output
-oN
TACACS
Buffer Overflow
End User Licensing Agreement (EULA)
32. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
Virus
heuristic scanning
CAM table
ring topology
33. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
security incident response team (SIRT)
pattern matching
Simple Mail Transfer Protocol (SMTP)
out-of-band signaling
34. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.
site survey
Assessment
false rejection rate (FRR)
Buffer
35. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
CIA triangle
Denial of Service (DoS)
sidejacking
Information Technology Security Evaluation Criteria (ITSEC)
36. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
hot site
-sU
service level agreements (SLAs)
Adware
37. A free and popular version of the Unix operating system.
FreeBSD
private key
Videocipher II Satellite Encryption System
hacktivism
38. MAC Flooding
Overwhelm CAM table to convert switch to hub mode
Annualized Loss Expectancy (ALE)
Virus Hoax
EDGAR database
39. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi
gray hat
XOR Operation
-PT
-PI
40. The change or growth of a project's scope
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Internal access to the network
SOA record
scope creep
41. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
overt channel
Threat
Archive
audit
42. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.
Kerberos
Virus Hoax
spyware
Overwhelm CAM table to convert switch to hub mode
43. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption
FreeBSD
Community String
Due Care
Vulnerability Assessment
44. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
Asymmetric
stream cipher
Extensible Authentication Protocol (EAP)
risk avoidance
45. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
Daemon
Possession of access devices
firewalking
Authentication
46. Monitoring of telephone or Internet conversations - typically by covert means.
-sF
patch
Wiretapping
packet filtering
47. A portion of memory used to temporarily store output or input data.
HTTP
SYN attack
Buffer
Blowfish
48. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
Malware
Videocipher II Satellite Encryption System
enumeration
Point-to-Point Tunneling Protocol (PPTP)
49. Polymorphic Virus
War Chalking
self encrypting
human-based social engineering
iris scanner
50. Computer software or hardware that can intercept and log traffic passing over a digital network.
sniffer
Active Attack
audit
Data Encryption Standard (DES)
