SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
penetration testing
Due Diligence
HTTP tunneling
SMB
2. ICMP Timestamp
Level II assessment
-sA
-PP
heuristic scanning
3. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Three-Way (TCP) Handshake
Ethernet
penetration testing
Countermeasures
4. A software or hardware defect that often results in system vulnerabilities.
smart card
infrastructure mode
Bug
Authentication Header (AH)
5. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
protocol
sidejacking
War Driving
-oG
6. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
Worm
Information Technology (IT) infrastructure
A procedure for identifying active hosts on a network.
Temporal Key Integrity Protocol (TKIP)
7. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
R
Information Technology (IT) security architecture and framework
piggybacking
ad hoc mode
8. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
Authentication Header (AH)
White Box Testing
Vulnerability
Post Office Protocol 3 (POP3)
9. Monitoring of telephone or Internet conversations - typically by covert means.
Address Resolution Protocol (ARP) table
Filter
impersonation
Wiretapping
10. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
Domain Name
promiscuous mode
remote procedure call (RPC)
SNMP
11. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Black Box Testing
Information Technology (IT) security architecture and framework
Hacks with permission
Minimum acceptable level of risk
12. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP
packet
Internet Assigned Number Authority (IANA)
SOA record
Transport Layer Security (TLS)
13. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
Collision Domain
CIA triangle
hacktivism
Self Replicating
14. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
firewalking
Ethernet
ISO 17799
false rejection rate (FRR)
15. Transmitting one protocol encapsulated inside another protocol.
Tunneling
single loss expectancy (SLE)
OpenBSD
Database
16. Describes practices in production and development that promote access to the end product's source materials.
rogue access point
remote access
Fraud and related activity in connection with computers
open source
17. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.
encapsulation
Tunneling
Crossover Error Rate (CER)
Zero Subnet
18. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
XOR Operation
-p <port ranges>
open source
Discretionary Access Control (DAC)
19. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
security by obscurity
Virtual Private Network (VPN)
gap analysis
Level II assessment
20. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
intrusion detection system (IDS)
Secure Sockets Layer (SSL)
false rejection rate (FRR)
Simple Object Access Protocol (SOAP)
21. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
SSH
Collision
smart card
Syslog
22. An organized collection of data.
Kerberos
Database
Contingency Plan
Information Technology (IT) security architecture and framework
23. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
Internet Assigned Number Authority (IANA)
risk avoidance
Access Control List (ACL)
security incident response team (SIRT)
24. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
ISO 17799
FTP
Routing Information Protocol (RIP)
Virus Hoax
25. An adapter that provides the physical connection to send and receive data between the computer and the network media.
Collision
network interface card (NIC)
Block Cipher
firewall
26. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
Virus
private key
Ethernet
fully qualified domain name (FQDN)
27. A portion of memory used to temporarily store output or input data.
parallel scan & 75 sec timeout & 0.3 sec/probe
Buffer
Vulnerability Scanning
Virtual Local Area Network (VLAN)
28. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
initial sequence number (ISN)
secure channel
XOR Operation
SYN flood attack
29. A systematic process for the assessment of security vulnerabilities.
security by obscurity
-sI
INFOSEC Assessment Methodology (IAM)
CIA triangle
30. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
enumeration
limitation of liability and remedies
Filter
Copyright
31. Hex 04
shrink-wrap code attacks
Simple Network Management Protocol (SNMP)
Asymmetric
R
32. ICMP Type/Code 11
fragmentation
-oA
Time exceeded
Warm Site
33. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
Assessment
public key
Internet Protocol (IP)
Trusted Computer System Evaluation Criteria (TCSEC)
34. A small Trojan program that listens on port 777.
Console Port
-PB
Tini
signature scanning
35. Computer software or hardware that can intercept and log traffic passing over a digital network.
key exchange protocol
sniffer
scope creep
Syslog
36. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.
FTP
Confidentiality
Transmission Control Protocol (TCP)
The automated process of proactively identifying vulnerabilities of computing systems present in a network
37. ICMP Type/Code 3
Destination Unreachable
Unicode
Redundant Array of Independent Disks (RAID)
Eavesdropping
38. A protocol used for sending and receiving log information for nodes on a network.
Syslog
gap analysis
CAM table
Rijndael
39. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
Simple Network Management Protocol (SNMP)
Bluejacking
Address Resolution Protocol (ARP) table
Cryptographic Key
40. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
Whois
parameter tampering
Anonymizer
hacktivism
41. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
human-based social engineering
Possession of access devices
Information Technology (IT) asset valuation
Internet Protocol Security (IPSec) architecture
42. The condition of a resource being ready for use and accessible by authorized users.
-sO
Availability
Cloning
-p <port ranges>
43. Paranoid scan timing
false rejection rate (FRR)
Algorithm
serial scan & 300 sec wait
Bit Flipping
44. A type of encryption where the same key is used to encrypt and decrypt the message.
port scanning
Virus Hoax
symmetric encryption
network interface card (NIC)
45. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
pattern matching
Presentation layer
ring topology
Service Set Identifier (SSID)
46. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
shoulder surfing
role-based access control
Cold Site
Tunneling Virus
47. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.
Defense in Depth
integrity
Zero Subnet
false rejection rate (FRR)
48. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Banner Grabbing
Blowfish
Electronic serial number
Cryptography
49. Another term for firewalking
Daemon
ISO 17799
Asymmetric
port knocking
50. A protocol defining packets that are able to be routed by a router.
routed protocol
Master boot record infector
Authorization
iris scanner