SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
Buffer Overflow
firewall
Secure Multipurpose Mail Extension (S/MIME)
File Allocation Table (FAT)
2. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
NT LAN Manager (NTLM)
End User Licensing Agreement (EULA)
Active Fingerprinting
Sign in Seal
3. A method of external testing whereby several systems or resources are used together to effect an attack.
risk acceptance
SYN attack
Fast Ethernet
Daisy Chaining
4. The monetary value assigned to an IT asset.
Wi-Fi Protected Access (WPA)
security bulletins
Information Technology (IT) asset valuation
Warm Site
5. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
Smurf attack
Multipurpose Internet Mail Extensions (MIME)
Virtual Private Network (VPN)
-sU
6. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).
Rijndael
Level I assessment
suicide hacker
No previous knowledge of the network
7. An adapter that provides the physical connection to send and receive data between the computer and the network media.
Competitive Intelligence
Uniform Resource Locator (URL)
protocol stack
network interface card (NIC)
8. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)
Internet Protocol (IP)
single loss expectancy (SLE)
Point-to-Point Tunneling Protocol (PPTP)
-sW
9. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori
Acknowledgment (ACK)
A procedure for identifying active hosts on a network.
Biometrics
Digital Certificate
10. Vulnerability Scanning
operating system attack
War Driving
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Timestamping
11. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
Internal access to the network
War Driving
HTTP tunneling
The automated process of proactively identifying vulnerabilities of computing systems present in a network
12. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
Bastion host
Packet Internet Groper (ping)
802.11
No previous knowledge of the network
13. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.
Denial of Service (DoS)
Written Authorization
Information Technology Security Evaluation Criteria (ITSEC)
net use \[target ip]IPC$ '' /user:''
14. Aggressive scan timing
parallel scan & 300 sec timeout & 1.25 sec/probe
symmetric encryption
Timestamping
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
15. A type of malware that covertly collects information about a user.
Simple Network Management Protocol (SNMP)
spyware
-oN
Written Authorization
16. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
Virtual Local Area Network (VLAN)
Client
shoulder surfing
non-repudiation
17. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
End User Licensing Agreement (EULA)
Cold Site
limitation of liability and remedies
Hierarchical File System (HFS)
18. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.
Blowfish
port knocking
hacktivism
hardware keystroke logger
19. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
Asymmetric
ring topology
Bluetooth
Computer-Based Attack
20. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
fragmentation
Wired Equivalent Privacy (WEP)
Client
iris scanner
21. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.
public key infrastructure (PKI)
ECHO reply
Due Diligence
Baseline
22. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.
honeypot
Exploit
Hypertext Transfer Protocol (HTTP)
Boot Sector Virus
23. ACK Scan
Client
Archive
-sA
shoulder surfing
24. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
Backdoor
queue
port knocking
Zombie
25. The level of importance assigned to an IT asset
Directory Traversal
Exploit
INFOSEC Assessment Methodology (IAM)
Information Technology (IT) asset criticality
26. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
Service Set Identifier (SSID)
Block Cipher
encryption
Telnet
27. The transmission of digital signals without precise clocking or synchronization.
encryption
Adware
asynchronous transmission
heuristic scanning
28. Injecting traffic into the network to identify the operating system of a device.
CIA triangle
Active Fingerprinting
polymorphic virus
Copyright
29. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
NetBus
Real application encompassing Trojan
Crossover Error Rate (CER)
Access Control List (ACL)
30. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.
-P0
Zombie
integrity
intranet
31. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
Minimum acceptable level of risk
sidejacking
A S
National Security Agency
32. Wrapper or Binder
Filter
Post Office Protocol 3 (POP3)
Acceptable Use Policy (AUP)
Real application encompassing Trojan
33. A computer file system architecture used in Windows - OS/2 - and most memory cards.
Exposure Factor
File Allocation Table (FAT)
-sV
segment
34. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.
-sT
Service Set Identifier (SSID)
No previous knowledge of the network
Macro virus
35. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.
false rejection rate (FRR)
honeynet
Blowfish
port knocking
36. A list of IP addresses and corresponding MAC addresses stored on a local computer.
Web Spider
Administratively Prohibited
Banner Grabbing
Address Resolution Protocol (ARP) table
37. A group of people - gathered together by a business entity - working to address a specific problem or goal.
Tiger Team
Access Control List (ACL)
Bug
public key
38. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.
pattern matching
802.11 i
inference attack
Covert Channel
39. FTP Bounce Attack
Telnet
NOP
-b
Post Office Protocol 3 (POP3)
40. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
Baseline
Timestamping
red team
risk assessment
41. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.
Adware
fragmentation
Tunneling Virus
Level II assessment
42. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
Brute-Force Password Attack
Database
Cryptographic Key
replay attack
43. Any network incident that prompts some kind of log entry or other notification.
Methodology
Level I assessment
Event
Unicode
44. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo
gap analysis
serialize scans & 0.4 sec wait
White Box Testing
Data Encryption Standard (DES)
45. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks
service level agreements (SLAs)
Hierarchical File System (HFS)
ping sweep
Dumpster Diving
46. Microsoft SID 500
remote access
spam
Local Administrator
MAC filtering
47. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.
Institute of Electrical and Electronics Engineers (IEEE)
steganography
Secure Sockets Layer (SSL)
Transmission Control Protocol (TCP)
48. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
Google hacking
Tunneling
Electronic Code Book (ECB)
asynchronous transmission
49. nmap
site survey
Buffer
--randomize_hosts -O OS fingerprinting
security controls
50. A point of reference used to mark an initial state in order to manage change.
ping sweep
Baseline
Replacing numbers in a url to access other files
-sF
