SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 18 U.S.C. 1029
HTTP tunneling
Dumpster Diving
Possession of access devices
Asymmetric
2. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
Traceroute
Due Care
Pretty Good Privacy (PGP)
Asymmetric
3. ICMP Timestamp
encryption
-PP
integrity
Banner Grabbing
4. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
source routing
Corrective Controls
Unicode
Challenge Handshake Authentication Protocol (CHAP)
5. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
hot site
NetBus
session splicing
Active Directory (AD)
6. Evaluation in which testers attempt to penetrate the network.
Level III assessment
network operations center (NOC)
Wiretapping
Time exceeded
7. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.
gateway
Replacing numbers in a url to access other files
spam
-PS
8. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
remote procedure call (RPC)
Crossover Error Rate (CER)
HTTP
identity theft
9. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
Daemon
Biometrics
-sU
Wi-Fi
10. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
hybrid attack
Tunneling
hot site
site survey
11. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Traceroute
Threat
-sT
-PT
12. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.
Auditing
non-repudiation
LDAP
Zone transfer
13. Port 31337
Backdoor
Worm
Back orifice
SMB
14. FIN Scan
-sF
Due Diligence
HTTP tunneling
Zero Subnet
15. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
Finding a directory listing and gaining access to a parent or root file for access to other files
remote procedure call (RPC)
Audit Trail
fully qualified domain name (FQDN)
16. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
footprinting
Malicious code
Password Authentication Protocol (PAP)
router
17. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.
National Security Agency
HIDS
Hierarchical File System (HFS)
User Datagram Protocol (UDP)
18. A command used in HTTP and FTP to retrieve a file from a server.
separation of duties
GET
Network Address Translation (NAT)
Lightweight Directory Access Protocol (LDAP)
19. UDP Scan
MAC filtering
-PS
security by obscurity
-sU
20. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
role-based access control
Secure Sockets Layer (SSL)
Challenge Handshake Authentication Protocol (CHAP)
-PT
21. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.
Trusted Computer System Evaluation Criteria (TCSEC)
Videocipher II Satellite Encryption System
Man-in-the-middle attack
open source
22. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.
Administratively Prohibited
POST
service level agreements (SLAs)
qualitative analysis
23. The potential for damage to or loss of an IT asset
-PT
802.11
risk
network access server
24. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
Console Port
private network address
Media Access Control (MAC)
Common Internet File System/Server Message Block
25. An informed decision to accept the potential for damage to or loss of an IT asset.
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
-sA
risk acceptance
Man-in-the-middle attack
26. The combination of all IT assets - resources - components - and systems.
Acknowledgment (ACK)
Client
Information Technology (IT) infrastructure
Local Administrator
27. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
social engineering
Denial of Service (DoS)
Distributed DoS (DDoS)
penetration testing
28. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
penetration testing
shoulder surfing
audit
script kiddie
29. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
replay attack
penetration testing
SMB
security controls
30. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
Institute of Electrical and Electronics Engineers (IEEE)
Multipurpose Internet Mail Extensions (MIME)
No previous knowledge of the network
Authentication - Authorization - and Accounting (AAA)
31. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
suicide hacker
proxy server
Transmission Control Protocol (TCP)
-PS
32. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
Wiretapping
End User Licensing Agreement (EULA)
CAM table
reverse social engineering
33. The concept of having more than one person required to complete a task
separation of duties
security controls
flood
Cache
34. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.
Trojan Horse
reconnaissance
Buffer
public key
35. Microsoft SID 500
Demilitarized Zone (DMZ)
Local Administrator
Cold Site
Trojan Horse
36. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
Simple Object Access Protocol (SOAP)
Information Technology (IT) asset valuation
public key infrastructure (PKI)
honeynet
37. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
hash
S
reverse social engineering
private network address
38. Wrapper or Binder
Network Basic Input/Output System (NetBIOS)
Real application encompassing Trojan
Vulnerability
National Security Agency
39. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
Zenmap
symmetric algorithm
Asynchronous
Database
40. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Electronic Code Book (ECB)
U P F
Cryptography
session splicing
41. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
hybrid attack
Adware
Bluesnarfing
Whois
42. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive
sniffer
segment
Active Fingerprinting
Data Link layer
43. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Contingency Plan
-sR
Common Internet File System/Server Message Block
Malware
44. Port 23
Telnet
Lightweight Directory Access Protocol (LDAP)
-sS
pattern matching
45. A small Trojan program that listens on port 777.
Tini
hacktivism
Zone transfer
open source
46. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Smurf attack
enumeration
802.11 i
Virus Hoax
47. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
Cryptography
HTTP tunneling
Boot Sector Virus
Client
48. In computer security - this is an algorithm that uses separate keys for encryption and decryption.
Asymmetric Algorithm
Asset
null session
gateway
49. Phases of an attack
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Trusted Computer Base (TCB)
Access Creep
risk acceptance
50. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
heuristic scanning
Whois
ECHO reply
security kernel