SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Evaluation in which testers attempt to penetrate the network.
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Google hacking
smart card
Level III assessment
2. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Cryptography
Temporal Key Integrity Protocol (TKIP)
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
CNAME record
3. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
Fiber Distributed Data Interface (FDDI)
End User Licensing Agreement (EULA)
spam
operating system attack
4. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
Time To Live (TTL)
Database
Droppers
firewall
5. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.
security incident response team (SIRT)
Eavesdropping
audit
Internet Protocol (IP)
6. An early network application that provides information on users currently logged on to a machine.
parallel scan
A S
Finger
rule-based access control
7. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
Exposure Factor
physical security
Network Address Translation (NAT)
Level III assessment
8. Port 80/81/8080
Zero Subnet
-oX
HTTP
DNS
9. ICMP Timestamp
Trapdoor Function
-PP
security breach or security incident
infrastructure mode
10. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
Zone transfer
Virus
quality of service (QoS)
Macro virus
11. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.
FreeBSD
-sA
iris scanner
Bluesnarfing
12. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr
--randomize_hosts -O OS fingerprinting
Redundant Array of Independent Disks (RAID)
shoulder surfing
intranet
13. The steps taken to gather evidence and information on the targets you wish to attack.
reconnaissance
Digital Watermarking
overt channel
router
14. White box test
site survey
sniffer
Internal access to the network
rogue access point
15. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
replay attack
Time To Live (TTL)
Daemon
inference attack
16. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
Assessment
Wide Area Network (WAN)
Wi-Fi Protected Access (WPA)
smart card
17. TCP Ping
-PP
Timestamping
Traceroute
-PT
18. A type of malware that covertly collects information about a user.
sidejacking
Antivirus (AV) software
Domain Name System (DNS)
spyware
19. Sneaky scan timing
serialize scans & 15 sec wait
promiscuous mode
operating system attack
inference attack
20. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
Certificate Authority (CA)
Telnet
Block Cipher
Echo request
21. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
TACACS
Biometrics
audit
network access server
22. A type of encryption where the same key is used to encrypt and decrypt the message.
Black Hat
spoofing
symmetric encryption
Auditing
23. Directory Transversal
Finding a directory listing and gaining access to a parent or root file for access to other files
parameter tampering
false negative
role-based access control
24. NSA
port redirection
hashing algorithm
National Security Agency
Digital Watermarking
25. The concept of having more than one person required to complete a task
Information Technology (IT) asset criticality
Fiber Distributed Data Interface (FDDI)
separation of duties
Replacing numbers in a url to access other files
26. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.
remote access
Domain Name System (DNS)
Assessment
red team
27. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
packet
Confidentiality
Ethernet
red team
28. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
Port Address Translation (PAT)
Authorization
penetration testing
Finding a directory listing and gaining access to a parent or root file for access to other files
29. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
network interface card (NIC)
Simple Object Access Protocol (SOAP)
Access Control List (ACL)
Computer-Based Attack
30. The default network authentication suite of protocols for Windows NT 4.0
proxy server
NT LAN Manager (NTLM)
Electronic serial number
Eavesdropping
31. A point of reference used to mark an initial state in order to manage change.
Baseline
Password Authentication Protocol (PAP)
source routing
Warm Site
32. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.
Electronic serial number
Tunneling
False Acceptance Rate (FAR)
Traceroute
33. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
Electronic Code Book (ECB)
Vulnerability Assessment
session hijacking
phishing
34. An Internet routing protocol used to exchange routing information within an autonomous system.
script kiddie
security controls
Interior Gateway Protocol (IGP)
File Transfer Protocol (FTP)
35. Another term for firewalking
-oG
port knocking
enumeration
Man-in-the-middle attack
36. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
Routing Protocol
Interior Gateway Protocol (IGP)
XOR Operation
-sV
37. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
footprinting
Authentication
Black Hat
Google hacking
38. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.
local area network (LAN)
Copyright
S
piggybacking
39. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
Access Control List (ACL)
parallel scan & 75 sec timeout & 0.3 sec/probe
Sign in Seal
Echo Reply
40. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.
Traceroute
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Echo request
Defines legal email marketing
41. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
honeynet
Wi-Fi Protected Access (WPA)
parallel scan
network interface card (NIC)
42. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.
Access Creep
U P F
Web Spider
Assessment
43. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
Blowfish
session splicing
false negative
Competitive Intelligence
44. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
Time To Live (TTL)
Hacks with permission
Level II assessment
Worm
45. IP Protocol Scan
Worm
Detective Controls
RxBoot
-sO
46. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
EDGAR database
Bluetooth
Simple Mail Transfer Protocol (SMTP)
Network Basic Input/Output System (NetBIOS)
47. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
802.11
replay attack
End User Licensing Agreement (EULA)
Cache
48. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
Third Party
sheepdip
-sP
Multipurpose Internet Mail Extensions (MIME)
49. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
local area network (LAN)
SNMP
Lightweight Directory Access Protocol (LDAP)
Vulnerability Scanning
50. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
Packet Internet Groper (ping)
File Allocation Table (FAT)
Three-Way (TCP) Handshake
Authentication