SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
Archive
EDGAR database
Application Layer
Pretty Good Privacy (PGP)
2. A social-engineering attack that manipulates the victim into calling the attacker for help.
reverse social engineering
Macro virus
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
risk assessment
3. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
Cold Site
quality of service (QoS)
S
Unicode
4. SYN Ping
protocol
-PS
Due Care
Zombie
5. A software or hardware application or device that captures user keystrokes.
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Crossover Error Rate (CER)
keylogger
false rejection rate (FRR)
6. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.
Password Authentication Protocol (PAP)
Blowfish
Institute of Electrical and Electronics Engineers (IEEE)
Time Bomb
7. ICMP Timestamp
-PP
Post Office Protocol 3 (POP3)
International Organization for Standardization (ISO)
Bit Flipping
8. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
File Transfer Protocol (FTP)
-sP
Antivirus (AV) software
Point-to-Point Tunneling Protocol (PPTP)
9. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.
Computer-Based Attack
GET
Extensible Authentication Protocol (EAP)
Written Authorization
10. The steps taken to gather evidence and information on the targets you wish to attack.
Droppers
Tunneling Virus
integrity
reconnaissance
11. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
A
penetration testing
Detective Controls
Data Link layer
12. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
DNS
Service Set Identifier (SSID)
firewalking
Echo Reply
13. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
Virus
Blowfish
Authentication - Authorization - and Accounting (AAA)
network access server
14. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
red team
-sF
network interface card (NIC)
Wiretapping
15. 18 U.S.C. 1030
Blowfish
Fraud and related activity in connection with computers
Network Basic Input/Output System (NetBIOS)
Demilitarized Zone (DMZ)
16. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response
SYN flood attack
Echo Reply
Contingency Plan
Network Address Translation (NAT)
17. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
Active Attack
Time To Live (TTL)
Threat
HTTP
18. A social-engineering attack using computer resources - such as e-mail or IRC.
Asset
ad hoc mode
File Allocation Table (FAT)
Computer-Based Attack
19. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
SOA record
Administratively Prohibited
Time Bomb
End User Licensing Agreement (EULA)
20. PI and PT Ping
Assessment
private key
Asynchronous
-PB
21. The lack of clocking (imposed time ordering) on a bit stream.
Application Layer
Asynchronous
session hijacking
Due Care
22. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
Bluesnarfing
Asymmetric Algorithm
Information Technology (IT) security architecture and framework
Hypertext Transfer Protocol Secure (HTTPS)
23. Establish Null Session
net use \[target ip]IPC$ '' /user:''
Assessment
network tap
private network address
24. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Archive
HTTP
National Security Agency
identity theft
25. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
Multipurpose Internet Mail Extensions (MIME)
Ethical Hacker
Zone transfer
Extensible Authentication Protocol (EAP)
26. A method of external testing whereby several systems or resources are used together to effect an attack.
Information Technology (IT) asset criticality
Kerberos
Syslog
Daisy Chaining
27. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
Transmission Control Protocol (TCP)
Bluetooth
net use \[target ip]IPC$ '' /user:''
U P F
28. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
Post Office Protocol 3 (POP3)
Unicode
patch
Address Resolution Protocol (ARP)
29. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)
single loss expectancy (SLE)
Three-Way (TCP) Handshake
Web Spider
Collision Domain
30. Nmap grepable output
Confidentiality
Routing Information Protocol (RIP)
-oG
White Box Testing
31. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
Daisy Chaining
Event
role-based access control
parallel scan & 300 sec timeout & 1.25 sec/probe
32. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.
Electronic serial number
ping sweep
Zone transfer
sheepdip
33. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
Telnet
quantitative risk assessment
halo effect
Packet Internet Groper (ping)
34. Injecting traffic into the network to identify the operating system of a device.
Active Fingerprinting
Replacing numbers in a url to access other files
security breach or security incident
false rejection rate (FRR)
35. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
symmetric algorithm
False Acceptance Rate (FAR)
parallel scan
risk acceptance
36. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Filter
Level III assessment
Confidentiality
Digital Certificate
37. CAN-SPAM
Certificate Authority (CA)
Defines legal email marketing
-P0
SNMP
38. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
fragmentation
serialize scans & 15 sec wait
network operations center (NOC)
Domain Name System (DNS) lookup
39. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory
honeynet
suicide hacker
RxBoot
RPC-DCOM
40. nmap all output
Cloning
RxBoot
security breach or security incident
-oA
41. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
Vulnerability Assessment
Destination Unreachable
Antivirus (AV) software
Client
42. List Scan
Electronic serial number
spam
-sL
network interface card (NIC)
43. A program designed to execute at a specific time to release malicious code onto the computer system or network.
Time Bomb
network operations center (NOC)
Daemon
fully qualified domain name (FQDN)
44. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
false negative
rule-based access control
encryption
Methodology
45. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
Possession of access devices
Countermeasures
Internet Control Message Protocol (ICMP)
rogue access point
46. Access by information systems (or users) communicating from outside the information system security perimeter.
Confidentiality
Ethernet
remote access
A R
47. Nmap ml output
-oX
risk assessment
Time To Live (TTL)
-sV
48. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
identity theft
Internet Control Message Protocol (ICMP)
public key
Event
49. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
serial scan & 300 sec wait
sniffer
Crossover Error Rate (CER)
Level I assessment
50. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
logic bomb
Black Box Testing
pattern matching
null session