SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information
Virtual Local Area Network (VLAN)
phishing
proxy server
Digital Watermarking
2. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.
SOA record
FTP
integrity
Adware
3. Port 88
protocol
Kerberos
Vulnerability Scanning
HTTP tunneling
4. Port Scanning
5. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.
symmetric algorithm
White Box Testing
LDAP
Lightweight Directory Access Protocol (LDAP)
6. SYN Ping
-PS
ring topology
Anonymizer
-b
7. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
Backdoor
Level I assessment
Due Diligence
8. The ability to trace actions performed on a system to a specific user or system entity.
Due Care
White Box Testing
Smurf attack
Accountability
9. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all
HTTP tunneling
Possession of access devices
Routing Information Protocol (RIP)
parallel scan & 75 sec timeout & 0.3 sec/probe
10. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
Address Resolution Protocol (ARP) table
Black Box Testing
Cookie
Collision Domain
11. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
reverse social engineering
Port Address Translation (PAT)
Biometrics
stream cipher
12. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
hot site
Ethical Hacker
role-based access control
POST
13. PI and PT Ping
Buffer
Hacks without permission
FTP
-PB
14. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.
Extensible Authentication Protocol (EAP)
packet filtering
public key
Active Fingerprinting
15. A point of reference used to mark an initial state in order to manage change.
Open System Interconnection (OSI) Reference Model
separation of duties
-PT
Baseline
16. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
encryption
Time exceeded
Multipurpose Internet Mail Extensions (MIME)
Routing Protocol
17. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.
private network address
Kerberos
Level III assessment
-oN
18. A data encryption/decryption program often used for e-mail and file storage.
public key infrastructure (PKI)
Simple Network Management Protocol (SNMP)
Telnet
Pretty Good Privacy (PGP)
19. Port 53
DNS
Active Attack
Syslog
Administratively Prohibited
20. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
security breach or security incident
Routing Information Protocol (RIP)
RxBoot
session splicing
21. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.
script kiddie
Assessment
Packet Internet Groper (ping)
Availability
22. Ping Scan
Authentication Header (AH)
Algorithm
-sP
Tini
23. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
-PS
false rejection rate (FRR)
Challenge Handshake Authentication Protocol (CHAP)
NT LAN Manager (NTLM)
24. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
network interface card (NIC)
HTTP tunneling
ring topology
FTP
25. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
hash
Wide Area Network (WAN)
Contingency Plan
stateful packet filtering
26. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.
A S
Bluesnarfing
intranet
War Driving
27. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.
hacktivism
Hacks without permission
Acceptable Use Policy (AUP)
non-repudiation
28. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere
encryption
network operations center (NOC)
security by obscurity
Common Internet File System/Server Message Block
29. The lack of clocking (imposed time ordering) on a bit stream.
GET
User Datagram Protocol (UDP)
Asynchronous
Cache
30. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
Internet service provider (ISP)
Network Basic Input/Output System (NetBIOS)
Replacing numbers in a url to access other files
-PP
31. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Videocipher II Satellite Encryption System
self encrypting
Tumbling
Asymmetric
32. ICMP Type/Code 0-0
Echo Reply
false rejection rate (FRR)
Detective Controls
logic bomb
33. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
Asset
-sS
polymorphic virus
Collision
34. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
quantitative risk assessment
stateful packet filtering
ad hoc mode
encapsulation
35. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
parameter tampering
INFOSEC Assessment Methodology (IAM)
Open System Interconnection (OSI) Reference Model
gray box testing
36. A protocol that allows a client computer to request services from a server and the server to return the results.
remote procedure call (RPC)
Simple Network Management Protocol (SNMP)
sniffer
Authentication
37. A wireless networking mode where all clients connect to the wireless network through a central access point.
infrastructure mode
Covert Channel
-P0
Droppers
38. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
private network address
Buffer Overflow
Vulnerability Scanning
Level I assessment
39. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.
Information Technology (IT) infrastructure
NetBus
network tap
The automated process of proactively identifying vulnerabilities of computing systems present in a network
40. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
Trojan Horse
Unicode
Zenmap
-sW
41. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
Media Access Control (MAC)
Defines legal email marketing
node
Uniform Resource Locator (URL)
42. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo
Data Encryption Standard (DES)
Discretionary Access Control (DAC)
Filter
gray hat
43. The process of embedding information into a digital signal in a way that makes it difficult to remove.
Block Cipher
End User Licensing Agreement (EULA)
source routing
Digital Watermarking
44. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
Internet Protocol Security (IPSec) architecture
Simple Mail Transfer Protocol (SMTP)
Application Layer
polymorphic virus
45. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
Due Diligence
Man-in-the-middle attack
network operations center (NOC)
War Dialing
46. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
security breach or security incident
Competitive Intelligence
security incident response team (SIRT)
Algorithm
47. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
War Chalking
spyware
Ethical Hacker
rule-based access control
48. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
Sign in Seal
Copyright
Smurf attack
Warm Site
49. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).
flood
honeynet
qualitative analysis
Zone transfer
50. Black box test
Unicode
separation of duties
No previous knowledge of the network
Trusted Computer Base (TCB)