SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
Ciphertext
-sT
404EE
asynchronous transmission
2. A free and popular version of the Unix operating system.
FreeBSD
rogue access point
port scanning
out-of-band signaling
3. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
Time exceeded
Uniform Resource Locator (URL)
quantitative risk assessment
session splicing
4. Any item of value or worth to an organization - whether physical or virtual.
public key infrastructure (PKI)
Bastion host
Asset
Internal access to the network
5. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.
impersonation
quantitative risk assessment
-sL
audit
6. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
flood
iris scanner
Dumpster Diving
Authentication Header (AH)
7. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
-b
Discretionary Access Control (DAC)
nslookup
-sI
8. A group of experts that handles computer security incidents.
Confidentiality
service level agreements (SLAs)
security incident response team (SIRT)
White Box Testing
9. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
limitation of liability and remedies
Collision
Cookie
Bluesnarfing
10. Version Detection Scan
Domain Name System (DNS)
Post Office Protocol 3 (POP3)
Application-Level Attacks
-sV
11. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.
Internet Assigned Number Authority (IANA)
Tunneling
Destination Unreachable
Blowfish
12. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
scope creep
Access Creep
Trusted Computer System Evaluation Criteria (TCSEC)
-sO
13. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
net use \[target ip]IPC$ '' /user:''
rogue access point
Cracker
Discretionary Access Control (DAC)
14. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Trapdoor Function
keylogger
Internet Control Message Protocol (ICMP)
-sF
15. Normal scan timing
SMB
Internet Protocol (IP)
SID
parallel scan
16. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
End User Licensing Agreement (EULA)
RPC-DCOM
false rejection rate (FRR)
security breach or security incident
17. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
Tumbling
FTP
out-of-band signaling
rootkit
18. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
Authentication - Authorization - and Accounting (AAA)
gray box testing
-PT
War Chalking
19. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.
audit
port scanning
Decryption
Wi-Fi Protected Access (WPA)
20. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Telnet
Methodology
Telnet
false negative
21. A software or hardware application or device that captures user keystrokes.
Network Address Translation (NAT)
404EE
parallel scan & 300 sec timeout & 1.25 sec/probe
keylogger
22. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)
Distributed DoS (DDoS)
Destination Unreachable
single loss expectancy (SLE)
Information Technology (IT) security architecture and framework
23. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.
802.11
Service Set Identifier (SSID)
Time exceeded
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
24. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
private network address
promiscuous mode
Virus
Accountability
25. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
Eavesdropping
Exploit
-sS
security incident response team (SIRT)
26. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
private network address
Uniform Resource Locator (URL)
network operations center (NOC)
A
27. Another term for firewalking
Domain Name System (DNS)
R
ring topology
port knocking
28. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.
fragmentation
Echo request
hacktivism
Third Party
29. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
Routing Protocol
Adware
Block Cipher
Web Spider
30. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t
Brute-Force Password Attack
Tumbling
Exploit
security kernel
31. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
hash
forwarding
Certificate
-sO
32. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.
Rijndael
sheepdip
Biometrics
firewalking
33. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.
spoofing
security by obscurity
gateway
802.11 i
34. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
serialize scans & 0.4 sec wait
patch
Network Address Translation (NAT)
Authentication
35. Hex 10
802.11
Asynchronous
Multipurpose Internet Mail Extensions (MIME)
A
36. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.
Institute of Electrical and Electronics Engineers (IEEE)
-sS
-sW
NOP
37. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
Point-to-Point Tunneling Protocol (PPTP)
penetration testing
Active Fingerprinting
Overwhelm CAM table to convert switch to hub mode
38. An attack that combines a brute-force attack with a dictionary attack.
Cloning
Back orifice
802.11 i
hybrid attack
39. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
Access Creep
initial sequence number (ISN)
intrusion detection system (IDS)
Post Office Protocol 3 (POP3)
40. Transmitting one protocol encapsulated inside another protocol.
Baseline
false rejection rate (FRR)
Due Diligence
Tunneling
41. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.
security bulletins
Last In First Out (LIFO)
-PT
Electronic serial number
42. Polite scan timing
security bulletins
serialize scans & 0.4 sec wait
User Datagram Protocol (UDP)
Telnet
43. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can
Common Internet File System/Server Message Block
Tunneling
route
War Chalking
44. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
payload
Zombie
Trapdoor Function
Dumpster Diving
45. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
Corrective Controls
Destination Unreachable
--randomize_hosts -O OS fingerprinting
private network address
46. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
-PT
Audit Data
integrity
Authorization
47. A virus designed to infect the master boot record.
CNAME record
security breach or security incident
802.11 i
Master boot record infector
48. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman
Console Port
DNS enumeration
Bastion host
spoofing
49. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
POST
Annualized Loss Expectancy (ALE)
Mantrap
limitation of liability and remedies
50. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity
personal identification number (PIN)
encryption
Droppers
remote access