SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
security breach or security incident
Written Authorization
Wired Equivalent Privacy (WEP)
Three-Way (TCP) Handshake
2. Hex 12
A S
integrity
Application-Level Attacks
Address Resolution Protocol (ARP) table
3. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
R
Transmission Control Protocol (TCP)
Competitive Intelligence
Discretionary Access Control (DAC)
4. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
FreeBSD
Data Link layer
Corrective Controls
Tiger Team
5. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
false rejection rate (FRR)
ping sweep
SID
Bluesnarfing
6. A software or hardware defect that often results in system vulnerabilities.
Bug
Countermeasures
Vulnerability Assessment
Block Cipher
7. The process of using easily accessible DNS records to map a target network's internal hosts.
Information Technology (IT) security architecture and framework
packet filtering
DNS enumeration
Zenmap
8. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).
HTTP
key exchange protocol
Banner Grabbing
polymorphic virus
9. Port 53
Target Of Engagement (TOE)
Warm Site
Trusted Computer System Evaluation Criteria (TCSEC)
DNS
10. A business - government agency - or educational institution that provides access to the Internet.
serialize scans & 0.4 sec wait
honeynet
Internet service provider (ISP)
private key
11. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p
Simple Object Access Protocol (SOAP)
heuristic scanning
SNMP
Brute-Force Password Attack
12. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.
stream cipher
SYN flood attack
Institute of Electrical and Electronics Engineers (IEEE)
service level agreements (SLAs)
13. Nmap normal output
Console Port
NetBus
Zone transfer
-oN
14. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
spoofing
penetration testing
SSH
promiscuous mode
15. Another term for firewalking
port knocking
out-of-band signaling
HTTP tunneling
Buffer
16. A computer network confined to a relatively small area - such as a single building or campus.
local area network (LAN)
Collision Domain
Buffer
MAC filtering
17. A software or hardware application or device that captures user keystrokes.
Dumpster Diving
Virtual Private Network (VPN)
keylogger
Active Fingerprinting
18. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.
Auditing
Telnet
Multipurpose Internet Mail Extensions (MIME)
SOA record
19. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
Trapdoor Function
ad hoc mode
Auditing
Self Replicating
20. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
session splicing
-b
Trusted Computer Base (TCB)
File Transfer Protocol (FTP)
21. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
Corrective Controls
Wrapper
Blowfish
Copyright
22. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
forwarding
-p <port ranges>
Cold Site
Certificate Authority (CA)
23. The change or growth of a project's scope
scope creep
Vulnerability
Packet Internet Groper (ping)
Assessment
24. Hex 04
flood
Copyright
R
Uniform Resource Locator (URL)
25. Policy stating what users of a system can and cannot do with the organization's assets.
non-repudiation
signature scanning
Acceptable Use Policy (AUP)
proxy server
26. Hashing algorithm that results in a 128-bit output.
ring topology
out-of-band signaling
Malicious code
MD5
27. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.
Wireless Local Area Network (WLAN)
Hierarchical File System (HFS)
Domain Name System (DNS)
Collision Domain
28. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
risk avoidance
Active Fingerprinting
Routing Protocol
Computer Emergency Response Team (CERT)
29. A defined measure of service within a network system
intrusion detection system (IDS)
Due Care
Telnet
quality of service (QoS)
30. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
single loss expectancy (SLE)
Distributed DoS (DDoS)
Web Spider
stream cipher
31. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
Vulnerability Management
Audit Data
Biometrics
The automated process of proactively identifying vulnerabilities of computing systems present in a network
32. Two or more LANs connected by a high-speed line across a large geographical area.
Wide Area Network (WAN)
stream cipher
site survey
Macro virus
33. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
forwarding
ring topology
Collision Domain
Authorization
34. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
White Box Testing
patch
Defines legal email marketing
social engineering
35. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.
public key infrastructure (PKI)
Distributed DoS (DDoS)
ECHO reply
integrity
36. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
Multipurpose Internet Mail Extensions (MIME)
Tini
impersonation
Discretionary Access Control (DAC)
37. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
Competitive Intelligence
Smurf attack
Decryption
NetBSD
38. A command used in HTTP and FTP to retrieve a file from a server.
GET
HTTP tunneling
802.11 i
Application Layer
39. The potential for damage to or loss of an IT asset
risk
false rejection rate (FRR)
-PT
Due Care
40. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
-p <port ranges>
Internet Protocol Security (IPSec) architecture
Google hacking
SOA record
41. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Access Creep
Defense in Depth
Virus Hoax
Access Point (AP)
42. Xmas Tree scan
spyware
Kerberos
-sX
Community String
43. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)
hardware keystroke logger
hash
Decryption
-sU
44. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
Antivirus (AV) software
Acknowledgment (ACK)
Traceroute
Sign in Seal
45. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
Open System Interconnection (OSI) Reference Model
Asymmetric Algorithm
Unicode
parallel scan
46. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
Routing Information Protocol (RIP)
Mandatory access control (MAC)
Man-in-the-middle attack
EDGAR database
47. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information
encapsulation
route
phishing
Virtual Local Area Network (VLAN)
48. CAN-SPAM
Computer Emergency Response Team (CERT)
Biometrics
Malicious code
Defines legal email marketing
49. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.
firewalking
A R
spam
symmetric encryption
50. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo
Data Encryption Standard (DES)
Information Technology (IT) security architecture and framework
Cookie
human-based social engineering