Test your basic knowledge |

CEH: Certified Ethical Hacker

Subjects : certifications, ceh, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
Blowfish
Black Box Testing
Distributed DoS (DDoS)
Cryptography

2. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.
Institute of Electrical and Electronics Engineers (IEEE)
quantitative risk assessment
Defense in Depth
Lightweight Directory Access Protocol (LDAP)

3. The process of using easily accessible DNS records to map a target network's internal hosts.
Mantrap
reconnaissance
Routing Protocol
DNS enumeration

4. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
Bug
SNMP
symmetric algorithm
social engineering

5. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
Pretty Good Privacy (PGP)
Third Party
heuristic scanning
replay attack

6. A virus designed to infect the master boot record.
parameter tampering
encryption
Google hacking
Master boot record infector

7. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
NT LAN Manager (NTLM)
gateway
Point-to-Point Tunneling Protocol (PPTP)
Information Technology (IT) security architecture and framework

8. ICMP Netmask
Open System Interconnection (OSI) Reference Model
-PM
Digital Signature
sniffer

9. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
Ciphertext
impersonation
heuristic scanning
Extensible Authentication Protocol (EAP)

10. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
Cracker
operating system attack
false negative
Fiber Distributed Data Interface (FDDI)

11. The monetary value assigned to an IT asset.
Information Technology (IT) asset valuation
Rijndael
asynchronous transmission
Auditing

12. A point of reference used to mark an initial state in order to manage change.
Cloning
Computer-Based Attack
Baseline
Corrective Controls

13. Xmas Tree scan
piggybacking
Cold Site
-sX
Tumbling

14. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.
Service Set Identifier (SSID)
risk acceptance
fully qualified domain name (FQDN)
Web Spider

15. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
hacktivism
encryption
TACACS
User Datagram Protocol (UDP)

16. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere
Temporal Key Integrity Protocol (TKIP)
-sF
source routing
security by obscurity

17. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
hot site
Domain Name
Network Basic Input/Output System (NetBIOS)
steganography

18. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
security controls
Dumpster Diving
footprinting
FTP

19. nmap all output
Copyright
The automated process of proactively identifying vulnerabilities of computing systems present in a network
A S
-oA

20. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
-sL
Wireless Local Area Network (WLAN)
XOR Operation
Virus Hoax

21. Port 110
Ethernet
POP 3
security by obscurity
Confidentiality

22. A method of external testing whereby several systems or resources are used together to effect an attack.
Active Attack
Internal access to the network
Daisy Chaining
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.

23. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
Zombie
-sI
out-of-band signaling
Trusted Computer System Evaluation Criteria (TCSEC)

24. The process of embedding information into a digital signal in a way that makes it difficult to remove.
Possession of access devices
Target Of Engagement (TOE)
Annualized Loss Expectancy (ALE)
Digital Watermarking

25. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Whois
role-based access control
Trusted Computer Base (TCB)
piggybacking

26. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
Banner Grabbing
Secure Sockets Layer (SSL)
Multipartite virus
service level agreements (SLAs)

27. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
ring topology
Tunneling
Data Link layer
Last In First Out (LIFO)

28. Polymorphic Virus
Crossover Error Rate (CER)
-b
Wired Equivalent Privacy (WEP)
self encrypting

29. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
site survey
Countermeasures
reverse social engineering
Self Replicating

30. LM Hash for short passwords (under 7)
fully qualified domain name (FQDN)
User Datagram Protocol (UDP)
404EE
Console Port

31. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
proxy server
Certificate
phishing
Active Fingerprinting

32. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.
Man-in-the-middle attack
reverse social engineering
S
Possession of access devices

33. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Asymmetric
gray hat
fragmentation
source routing

34. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
Back orifice
Discretionary Access Control (DAC)
-oX
Adware

35. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
Syslog
routed protocol
Cryptographic Key
Trojan Horse

36. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
Password Authentication Protocol (PAP)
Multipurpose Internet Mail Extensions (MIME)
session hijacking
Brute-Force Password Attack

37. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.
Multipurpose Internet Mail Extensions (MIME)
role-based access control
GET
Virtual Local Area Network (VLAN)

38. Transmitting one protocol encapsulated inside another protocol.
Tunneling
Malicious code
Replacing numbers in a url to access other files
impersonation

39. ICMP Ping
firewall
A
Active Directory (AD)
-PI

40. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
Tumbling
Crossover Error Rate (CER)
logic bomb
ISO 17799

41. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
Man-in-the-middle attack
Trusted Computer System Evaluation Criteria (TCSEC)
-PB
Backdoor

42. Port 137/138/139
SMB
Temporal Key Integrity Protocol (TKIP)
Address Resolution Protocol (ARP)
A R

43. A group of experts that handles computer security incidents.
OpenBSD
Secure Multipurpose Mail Extension (S/MIME)
RPC-DCOM
security incident response team (SIRT)

44. Port 161/162
SNMP
reverse social engineering
impersonation
Echo request

45. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
Asynchronous
reverse lookup; reverse DNS lookup
Discretionary Access Control (DAC)
infrastructure mode

46. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
Bluesnarfing
footprinting
public key
Threat

47. A Windows-based GUI version of nmap.
encryption
Pretty Good Privacy (PGP)
quality of service (QoS)
Zenmap

48. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
Wide Area Network (WAN)
forwarding
piggybacking
Biometrics

49. Network Scanning
personal identification number (PIN)
DNS
Address Resolution Protocol (ARP) table
A procedure for identifying active hosts on a network.

50. A software or hardware defect that often results in system vulnerabilities.
RPC-DCOM
out-of-band signaling
Bug
CIA triangle

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CEH: Certified Ethical Hacker

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests