SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Any item of value or worth to an organization - whether physical or virtual.
Asset
NOP
Buffer
Biometrics
2. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
qualitative analysis
Baseline
Mandatory access control (MAC)
-oN
3. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.
A procedure for identifying active hosts on a network.
network access server
Fiber Distributed Data Interface (FDDI)
Warm Site
4. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO
qualitative analysis
Annualized Loss Expectancy (ALE)
Brute-Force Password Attack
inference attack
5. nmap all output
-oA
queue
ECHO reply
Zenmap
6. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.
-p <port ranges>
polymorphic virus
U P F
Man-in-the-middle attack
7. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
Vulnerability
Google hacking
Access Control List (ACL)
NT LAN Manager (NTLM)
8. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
-p <port ranges>
pattern matching
intrusion detection system (IDS)
Exposure Factor
9. A program designed to execute at a specific time to release malicious code onto the computer system or network.
gray box testing
intranet
Time Bomb
FreeBSD
10. A software or hardware defect that often results in system vulnerabilities.
ad hoc mode
Bug
node
Level I assessment
11. The act of dialing all numbers within an organization to discover open modems.
War Dialing
Mandatory access control (MAC)
local area network (LAN)
Tunneling Virus
12. NSA
Trusted Computer Base (TCB)
National Security Agency
Backdoor
encryption
13. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
404EE
Information Technology Security Evaluation Criteria (ITSEC)
Buffer Overflow
Zero Subnet
14. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Three-Way (TCP) Handshake
Malware
Blowfish
spoofing
15. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
Collision
Worm
Client
hot site
16. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
Syslog
Collision Domain
Ethical Hacker
Internet Protocol Security (IPSec) architecture
17. Using conversation or some other interaction between people to gather useful information.
human-based social engineering
-sA
LDAP
Real application encompassing Trojan
18. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
Domain Name System (DNS) cache poisoning
Worm
Droppers
gray box testing
19. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
Possession of access devices
TACACS
FreeBSD
Defines legal email marketing
20. The monetary value assigned to an IT asset.
qualitative analysis
Information Technology (IT) asset valuation
Demilitarized Zone (DMZ)
File Transfer Protocol (FTP)
21. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
Request for Comments (RFC)
script kiddie
HTTP tunneling
patch
22. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
intrusion detection system (IDS)
Administratively Prohibited
Access Control List (ACL)
NetBus
23. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it
POP 3
Extensible Authentication Protocol (EAP)
promiscuous mode
Cryptographic Key
24. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.
-sV
Internal access to the network
U P F
false rejection rate (FRR)
25. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.
Active Attack
Countermeasures
stateful packet filtering
Decryption
26. A tool that helps a company to compare its actual performance with its potential performance.
Simple Mail Transfer Protocol (SMTP)
promiscuous mode
Written Authorization
gap analysis
27. Port 88
Kerberos
Audit Data
remote access
Wiretapping
28. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
suicide hacker
limitation of liability and remedies
network tap
human-based social engineering
29. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
Fiber Distributed Data Interface (FDDI)
Point-to-Point Tunneling Protocol (PPTP)
-oG
security bulletins
30. The default network authentication suite of protocols for Windows NT 4.0
Third Party
Cryptographic Key
NT LAN Manager (NTLM)
Cold Site
31. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
initial sequence number (ISN)
Denial of Service (DoS)
serial scan & 300 sec wait
Simple Mail Transfer Protocol (SMTP)
32. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.
private key
Level II assessment
Fast Ethernet
ECHO reply
33. Black hat
Cracker
-b
False Acceptance Rate (FAR)
Hacks without permission
34. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
-oA
Cracker
Audit Trail
Network Basic Input/Output System (NetBIOS)
35. A storage buffer that transparently stores data so future requests for the same data can be served faster.
Archive
Cache
footprinting
key exchange protocol
36. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
War Driving
Tunneling
Collision Domain
Open System Interconnection (OSI) Reference Model
37. A file system used by the Mac OS.
Backdoor
pattern matching
Temporal Key Integrity Protocol (TKIP)
Hierarchical File System (HFS)
38. 18 U.S.C. 1029
Possession of access devices
SYN attack
protocol
Bluesnarfing
39. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.
802.11
Data Link layer
-sI
-sA
40. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)
-PS
packet
Administratively Prohibited
hash
41. ICMP Type/Code 0-0
rule-based access control
Echo Reply
Bit Flipping
Tunneling Virus
42. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
Finding a directory listing and gaining access to a parent or root file for access to other files
firewall
sniffer
Level I assessment
43. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Minimum acceptable level of risk
Cracker
gap analysis
Trapdoor Function
44. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
Internet Control Message Protocol (ICMP)
hybrid attack
War Driving
Assessment
45. Idlescan
-sI
Cryptographic Key
Cookie
Virus
46. Attacks on the actual programming code of an application.
Application-Level Attacks
A procedure for identifying active hosts on a network.
ping sweep
site survey
47. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
Competitive Intelligence
POP 3
reconnaissance
iris scanner
48. Port 135
Serial Line Internet Protocol (SLIP)
rogue access point
rule-based access control
RPC-DCOM
49. Nmap grepable output
Zombie
Computer Emergency Response Team (CERT)
packet filtering
-oG
50. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
File Allocation Table (FAT)
-PT
Vulnerability Scanning
INFOSEC Assessment Methodology (IAM)