SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
route
Multipartite virus
Antivirus (AV) software
intrusion detection system (IDS)
2. A social-engineering attack using computer resources - such as e-mail or IRC.
ring topology
risk transference
Computer-Based Attack
Macro virus
3. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc
-PI
Transport Layer Security (TLS)
Active Directory (AD)
Destination Unreachable
4. Computer software or hardware that can intercept and log traffic passing over a digital network.
Level II assessment
logic bomb
sniffer
hashing algorithm
5. The condition of a resource being ready for use and accessible by authorized users.
Level I assessment
Uniform Resource Locator (URL)
Eavesdropping
Availability
6. Network Scanning
A procedure for identifying active hosts on a network.
-P0
service level agreements (SLAs)
-sF
7. Port 80/81/8080
DNS enumeration
Interior Gateway Protocol (IGP)
HTTP
File Allocation Table (FAT)
8. ICMP Timestamp
risk acceptance
stream cipher
Zenmap
-PP
9. A computer process that requests a service from another computer and accepts the server's responses.
Virtual Private Network (VPN)
Client
Routing Protocol
OpenBSD
10. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
-sR
R
parallel scan & 300 sec timeout & 1.25 sec/probe
initial sequence number (ISN)
11. NSA
National Security Agency
Tunnel
red team
ping sweep
12. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.
Destination Unreachable
Tiger Team
personal identification number (PIN)
Covert Channel
13. Directory Transversal
Finding a directory listing and gaining access to a parent or root file for access to other files
Mandatory access control (MAC)
Information Technology (IT) asset criticality
Exploit
14. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Trusted Computer Base (TCB)
symmetric encryption
risk avoidance
Time Bomb
15. Port 22
SSH
router
Interior Gateway Protocol (IGP)
out-of-band signaling
16. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
Wi-Fi Protected Access (WPA)
802.11
nslookup
Institute of Electrical and Electronics Engineers (IEEE)
17. ICMP Ping
source routing
Domain Name System (DNS)
-PI
Daemon
18. FIN Scan
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
-sF
spyware
rootkit
19. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
reconnaissance
overt channel
Media Access Control (MAC)
honeynet
20. ex 02
hybrid attack
S
War Dialing
Level I assessment
21. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
User Datagram Protocol (UDP)
Hypertext Transfer Protocol (HTTP)
NetBus
security incident response team (SIRT)
22. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo
Traceroute
Data Encryption Standard (DES)
Domain Name
Bluetooth
23. Attacks on the actual programming code of an application.
Written Authorization
Finding a directory listing and gaining access to a parent or root file for access to other files
Application-Level Attacks
hash
24. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
network operations center (NOC)
source routing
qualitative analysis
Information Technology Security Evaluation Criteria (ITSEC)
25. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
Adware
sniffer
sheepdip
MD5
26. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
reverse lookup; reverse DNS lookup
Level III assessment
Accountability
Overwhelm CAM table to convert switch to hub mode
27. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.
router
SSH
Traceroute
Service Set Identifier (SSID)
28. Nmap normal output
Rijndael
network operations center (NOC)
site survey
-oN
29. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
Droppers
ISO 17799
risk
enumeration
30. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
Copyright
Internal access to the network
Vulnerability Scanning
HIDS
31. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
honeypot
halo effect
Exploit
Competitive Intelligence
32. The ability to trace actions performed on a system to a specific user or system entity.
Destination Unreachable
security incident response team (SIRT)
Blowfish
Accountability
33. Vulnerability Scanning
Community String
The automated process of proactively identifying vulnerabilities of computing systems present in a network
router
Simple Mail Transfer Protocol (SMTP)
34. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
smart card
-p <port ranges>
Virus
35. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
enumeration
Trojan Horse
false negative
proxy server
36. nmap all output
spam
Methodology
-oA
honeynet
37. A protocol for exchanging packets over a serial line.
-p <port ranges>
Media Access Control (MAC)
Certificate
Serial Line Internet Protocol (SLIP)
38. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
self encrypting
Assessment
Wired Equivalent Privacy (WEP)
encryption
39. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public
overt channel
Certificate
Worm
encryption
40. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Exposure Factor
802.11
-sX
LDAP
41. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.
Certificate Authority (CA)
reverse lookup; reverse DNS lookup
quantitative risk assessment
local area network (LAN)
42. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.
risk transference
Service Set Identifier (SSID)
Access Creep
gray box testing
43. A type of encryption where the same key is used to encrypt and decrypt the message.
false rejection rate (FRR)
Block Cipher
port redirection
symmetric encryption
44. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
Presentation layer
802.11 i
404EE
-sI
45. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Threat
Trapdoor Function
Collision
Virus Hoax
46. Hex 29
U P F
security controls
Master boot record infector
pattern matching
47. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
replay attack
False Acceptance Rate (FAR)
Time To Live (TTL)
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
48. Access by information systems (or users) communicating from outside the information system security perimeter.
Point-to-Point Tunneling Protocol (PPTP)
Information Technology Security Evaluation Criteria (ITSEC)
remote procedure call (RPC)
remote access
49. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.
service level agreements (SLAs)
-PB
Transport Layer Security (TLS)
Database
50. A routing protocol developed to be used within a single organization.
network operations center (NOC)
Collision
Internet service provider (ISP)
Interior Gateway Protocol (IGP)
