SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
Trapdoor Function
physical security
Request for Comments (RFC)
site survey
2. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
Active Directory (AD)
Echo Reply
Electronic serial number
audit
3. A communications protocol used for browsing the Internet.
Timestamping
Point-to-Point Tunneling Protocol (PPTP)
Black Box Testing
Hypertext Transfer Protocol (HTTP)
4. Hex 10
NetBSD
A
private network address
-PT
5. Black box test
No previous knowledge of the network
network access server
hot site
source routing
6. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
false rejection rate (FRR)
footprinting
ECHO reply
-oG
7. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
Telnet
Community String
social engineering
segment
8. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
network access server
Temporal Key Integrity Protocol (TKIP)
social engineering
symmetric algorithm
9. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
reverse social engineering
Black Box Testing
HIDS
network operations center (NOC)
10. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
802.11 i
Discretionary Access Control (DAC)
Zombie
honeypot
11. Directory Transversal
Interior Gateway Protocol (IGP)
Worm
Finding a directory listing and gaining access to a parent or root file for access to other files
Temporal Key Integrity Protocol (TKIP)
12. A social-engineering attack that manipulates the victim into calling the attacker for help.
reverse social engineering
Assessment
EDGAR database
DNS
13. FTP Bounce Attack
-sR
-b
Mandatory access control (MAC)
Boot Sector Virus
14. Any network incident that prompts some kind of log entry or other notification.
DNS
Telnet
Event
CAM table
15. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
hot site
Fast Ethernet
security bulletins
personal identification number (PIN)
16. Idlescan
firewall
Wi-Fi
-sI
Application Layer
17. A portion of memory used to temporarily store output or input data.
Trojan Horse
CAM table
Buffer
security defect
18. A person or entity indirectly involved in a relationship between two principles.
identity theft
Third Party
MD5
Replacing numbers in a url to access other files
19. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.
Wireless Local Area Network (WLAN)
pattern matching
Buffer
Due Diligence
20. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
Virus
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Buffer Overflow
Echo request
21. Policy stating what users of a system can and cannot do with the organization's assets.
Acceptable Use Policy (AUP)
Mantrap
net use \[target ip]IPC$ '' /user:''
encryption
22. don't ping
quality of service (QoS)
S
-P0
-sL
23. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
Bluetooth
Time To Live (TTL)
Open System Interconnection (OSI) Reference Model
Warm Site
24. Microsoft SID 500
-sO
No previous knowledge of the network
Local Administrator
stream cipher
25. nmap
parallel scan
802.11
--randomize_hosts -O OS fingerprinting
Confidentiality
26. A routing protocol developed to be used within a single organization.
security breach or security incident
Internal access to the network
Interior Gateway Protocol (IGP)
Audit Trail
27. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.
Port Address Translation (PAT)
FTP
ad hoc mode
Electronic serial number
28. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.
War Dialing
Acknowledgment (ACK)
Wi-Fi Protected Access (WPA)
shrink-wrap code attacks
29. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
RPC-DCOM
Information Technology (IT) asset valuation
Audit Data
Redundant Array of Independent Disks (RAID)
30. A documented process for a procedure designed to be consistent - repeatable - and accountable.
steganography
Methodology
Sign in Seal
parameter tampering
31. A computer virus that infects and spreads in multiple ways.
Tumbling
-PB
Port Address Translation (PAT)
Multipartite virus
32. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.
Tunneling Virus
DNS enumeration
spyware
Black Hat
33. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.
suicide hacker
Zero Subnet
Cold Site
rule-based access control
34. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
social engineering
route
Password Authentication Protocol (PAP)
Cryptographic Key
35. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
Information Technology (IT) security architecture and framework
Domain Name System (DNS) lookup
Backdoor
risk
36. Using conversation or some other interaction between people to gather useful information.
Echo Reply
human-based social engineering
stream cipher
Access Creep
37. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
A procedure for identifying active hosts on a network.
Crossover Error Rate (CER)
SSH
Authorization
38. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
White Box Testing
integrity
Data Link layer
stream cipher
39. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
XOR Operation
fragmentation
Zombie
White Box Testing
40. A computer process that requests a service from another computer and accepts the server's responses.
Electronic serial number
Trojan Horse
Daemon
Client
41. The process of recording activity on a system for monitoring and later review.
Wrapper
Auditing
hashing algorithm
Internet Control Message Protocol (ICMP)
42. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
Kerberos
Access Creep
-oN
Application Layer
43. Two or more LANs connected by a high-speed line across a large geographical area.
Wide Area Network (WAN)
-sT
Overwhelm CAM table to convert switch to hub mode
reverse social engineering
44. Insane scan timing
SNMP
parallel scan & 75 sec timeout & 0.3 sec/probe
firewalking
Simple Mail Transfer Protocol (SMTP)
45. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
Finding a directory listing and gaining access to a parent or root file for access to other files
Hypertext Transfer Protocol Secure (HTTPS)
Pretty Good Privacy (PGP)
flood
46. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
ad hoc mode
Secure Multipurpose Mail Extension (S/MIME)
Multipartite virus
Confidentiality
47. A denial-of-service technique that uses numerous hosts to perform the attack.
Antivirus (AV) software
Asymmetric
Distributed DoS (DDoS)
steganography
48. A software or hardware defect that often results in system vulnerabilities.
node
security by obscurity
Bug
Vulnerability
49. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
Uniform Resource Locator (URL)
Tunneling
Destination Unreachable
physical security
50. A protocol used for sending and receiving log information for nodes on a network.
Kerberos
security by obscurity
Syslog
NetBus
