SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Name given to expert groups that handle computer security incidents.
keylogger
single loss expectancy (SLE)
Virtual Private Network (VPN)
Computer Emergency Response Team (CERT)
2. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory
RxBoot
passive attack
Bug
Bluesnarfing
3. A type of encryption where the same key is used to encrypt and decrypt the message.
Address Resolution Protocol (ARP) table
Exposure Factor
hashing algorithm
symmetric encryption
4. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.
Corrective Controls
-sU
hardware keystroke logger
shrink-wrap code attacks
5. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
symmetric algorithm
Client
parallel scan & 75 sec timeout & 0.3 sec/probe
Back orifice
6. don't ping
-P0
Minimum acceptable level of risk
Macro virus
passive attack
7. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
Time exceeded
Echo Reply
ad hoc mode
service level agreements (SLAs)
8. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
Network Basic Input/Output System (NetBIOS)
router
HIDS
Copyright
9. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
security breach or security incident
suicide hacker
hot site
Digital Signature
10. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.
Finding a directory listing and gaining access to a parent or root file for access to other files
Virtual Local Area Network (VLAN)
MAC filtering
Vulnerability Management
11. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
private key
Hypertext Transfer Protocol Secure (HTTPS)
local area network (LAN)
Level I assessment
12. A systematic process for the assessment of security vulnerabilities.
SMB
INFOSEC Assessment Methodology (IAM)
Temporal Key Integrity Protocol (TKIP)
risk transference
13. Port 389
LDAP
Packet Internet Groper (ping)
DNS
Cloning
14. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
stateful packet filtering
inference attack
Temporal Key Integrity Protocol (TKIP)
Vulnerability
15. A storage buffer that transparently stores data so future requests for the same data can be served faster.
router
Buffer Overflow
Master boot record infector
Cache
16. ACK Scan
risk acceptance
-sA
sheepdip
Master boot record infector
17. A protocol for exchanging packets over a serial line.
POP 3
Three-Way (TCP) Handshake
-sL
Serial Line Internet Protocol (SLIP)
18. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
stateful packet filtering
gray hat
security bulletins
Cryptographic Key
19. A device providing temporary - on-demand - point-to-point network access to users.
symmetric algorithm
Third Party
separation of duties
network access server
20. The combination of all IT assets - resources - components - and systems.
Bluetooth
parallel scan & 75 sec timeout & 0.3 sec/probe
Information Technology (IT) infrastructure
File Transfer Protocol (FTP)
21. Port 31337
net use \[target ip]IPC$ '' /user:''
Back orifice
ring topology
Rijndael
22. An early network application that provides information on users currently logged on to a machine.
Anonymizer
risk acceptance
Internal access to the network
Finger
23. A virus that plants itself in a system's boot sector and infects the master boot record.
DNS
single loss expectancy (SLE)
steganography
Boot Sector Virus
24. The Security Accounts Manager file in Windows stores all the password hashes for the system.
SAM
Authentication Header (AH)
parallel scan & 300 sec timeout & 1.25 sec/probe
HIDS
25. Polite scan timing
hacktivism
role-based access control
serialize scans & 0.4 sec wait
Warm Site
26. A small Trojan program that listens on port 777.
INFOSEC Assessment Methodology (IAM)
Algorithm
Tini
Target Of Engagement (TOE)
27. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Trapdoor Function
Hacks without permission
limitation of liability and remedies
Virus
28. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
Biometrics
initial sequence number (ISN)
nslookup
shoulder surfing
29. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
SSH
footprinting
security incident response team (SIRT)
Last In First Out (LIFO)
30. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
Application Layer
hot site
MD5
physical security
31. Attacks on the actual programming code of an application.
Application-Level Attacks
Telnet
Internet Control Message Protocol (ICMP)
Data Link layer
32. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.
Internet Control Message Protocol (ICMP)
Written Authorization
security incident response team (SIRT)
Authentication Header (AH)
33. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
security defect
Possession of access devices
Tunneling
INFOSEC Assessment Methodology (IAM)
34. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi
risk
Active Directory (AD)
-sF
Tunnel
35. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
Information Technology (IT) asset valuation
Authentication Header (AH)
802.11 i
Availability
36. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
Collision Domain
Malware
Sign in Seal
source routing
37. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
Wi-Fi Protected Access (WPA)
Zenmap
Corrective Controls
-sT
38. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.
Auditing
Presentation layer
Antivirus (AV) software
stateful packet filtering
39. Metamorphic Virus
hacktivism
Self Replicating
Black Hat
Active Fingerprinting
40. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
Directory Traversal
polymorphic virus
-oA
remote procedure call (RPC)
41. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
Confidentiality
Service Set Identifier (SSID)
SNMP
Authentication - Authorization - and Accounting (AAA)
42. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
Collision Domain
Point-to-Point Protocol (PPP)
Hypertext Transfer Protocol Secure (HTTPS)
intrusion prevention system (IPS)
43. Xmas Tree scan
Baseline
Transmission Control Protocol (TCP)
-sX
identity theft
44. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
self encrypting
Malware
Secure Multipurpose Mail Extension (S/MIME)
infrastructure mode
45. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
Antivirus (AV) software
infrastructure mode
reverse social engineering
NOP
46. nmap all output
spyware
false rejection rate (FRR)
-oA
Vulnerability Scanning
47. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.
Hypertext Transfer Protocol (HTTP)
Denial of Service (DoS)
Man-in-the-middle attack
Antivirus (AV) software
48. UDP Scan
War Driving
-sU
Hypertext Transfer Protocol (HTTP)
symmetric encryption
49. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
Digital Watermarking
port redirection
POP 3
halo effect
50. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
Droppers
Multipartite virus
Simple Object Access Protocol (SOAP)
initial sequence number (ISN)