SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.
fragmentation
Web Spider
Tiger Team
identity theft
2. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
integrity
XOR Operation
non-repudiation
Interior Gateway Protocol (IGP)
3. ICMP Type/Code 8
Information Technology (IT) security architecture and framework
Echo request
pattern matching
Authentication Header (AH)
4. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
EDGAR database
Media Access Control (MAC)
POP 3
Hacks with permission
5. IP Protocol Scan
-sO
network interface card (NIC)
Decryption
Filter
6. TCP SYN Scan
-sS
halo effect
Collision Domain
Information Technology (IT) asset valuation
7. A wireless networking mode where all clients connect to the wireless network through a central access point.
NT LAN Manager (NTLM)
steganography
National Security Agency
infrastructure mode
8. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
flood
-PI
-b
suicide hacker
9. A denial-of-service technique that uses numerous hosts to perform the attack.
Distributed DoS (DDoS)
Virtual Local Area Network (VLAN)
Buffer Overflow
security incident response team (SIRT)
10. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
false rejection rate (FRR)
social engineering
Common Internet File System/Server Message Block
Banner Grabbing
11. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory
Annualized Loss Expectancy (ALE)
RxBoot
POP 3
Access Point (AP)
12. A type of malware that covertly collects information about a user.
NetBSD
spyware
File Transfer Protocol (FTP)
Address Resolution Protocol (ARP)
13. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.
Password Authentication Protocol (PAP)
Level II assessment
ECHO reply
Trojan Horse
14. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
payload
Transport Layer Security (TLS)
Trusted Computer Base (TCB)
Tumbling
15. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.
gray box testing
public key
Simple Network Management Protocol (SNMP)
symmetric algorithm
16. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
Anonymizer
Secure Sockets Layer (SSL)
International Organization for Standardization (ISO)
protocol
17. Controls to detect anomalies or undesirable events occurring on a system.
hacktivism
Detective Controls
Blowfish
Cracker
18. NSA
Fast Ethernet
National Security Agency
net use \[target ip]IPC$ '' /user:''
Wireless Local Area Network (WLAN)
19. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
DNS enumeration
User Datagram Protocol (UDP)
Asymmetric
Droppers
20. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
ad hoc mode
promiscuous mode
Time exceeded
Level II assessment
21. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
-sA
Uniform Resource Locator (URL)
War Chalking
integrity
22. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
Three-Way (TCP) Handshake
Accountability
security bulletins
sniffer
23. Idlescan
War Driving
-sI
Detective Controls
Network Address Translation (NAT)
24. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.
Ethernet
Database
Smurf attack
rule-based access control
25. An adapter that provides the physical connection to send and receive data between the computer and the network media.
network interface card (NIC)
Corrective Controls
Asynchronous
operating system attack
26. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
Telnet
smart card
Black Box Testing
Possession of access devices
27. Hex 14
-sI
-PB
Tini
A R
28. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.
hardware keystroke logger
-sV
Wrapper
Access Control List (ACL)
29. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).
passive attack
802.11
remote procedure call (RPC)
pattern matching
30. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
quality of service (QoS)
SYN attack
Transmission Control Protocol (TCP)
Cold Site
31. Transmitting one protocol encapsulated inside another protocol.
node
-P0
Tunneling
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
32. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
NT LAN Manager (NTLM)
logic bomb
halo effect
Zombie
33. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).
Local Administrator
public key
port scanning
Malware
34. Incremental Substitution
Replacing numbers in a url to access other files
packet filtering
-PS
Decryption
35. The software product or system that is the subject of an evaluation.
-sU
Target Of Engagement (TOE)
security incident response team (SIRT)
remote access
36. Evaluation in which testers attempt to penetrate the network.
Multipurpose Internet Mail Extensions (MIME)
Level III assessment
-PP
HTTP
37. A storage buffer that transparently stores data so future requests for the same data can be served faster.
Media Access Control (MAC)
Internet service provider (ISP)
heuristic scanning
Cache
38. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
Routing Protocol
protocol
Simple Mail Transfer Protocol (SMTP)
source routing
39. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
802.11
Zero Subnet
Corrective Controls
replay attack
40. The combination of all IT assets - resources - components - and systems.
encryption
Information Technology (IT) infrastructure
halo effect
Post Office Protocol 3 (POP3)
41. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
Internet service provider (ISP)
-sX
Asymmetric Algorithm
queue
42. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
Tumbling
Possession of access devices
Community String
TACACS
43. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Timestamping
Data Link layer
Ethernet
security breach or security incident
44. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.
Antivirus (AV) software
Fiber Distributed Data Interface (FDDI)
Time To Live (TTL)
private network address
45. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
Telnet
Asynchronous
overt channel
Mandatory access control (MAC)
46. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
Unicode
Vulnerability
Cryptographic Key
hashing algorithm
47. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Filter
Cloning
security breach or security incident
Finger
48. ICMP Type/Code 3-13
-sX
inference attack
Administratively Prohibited
Vulnerability Scanning
49. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
-sW
Decryption
secure channel
Discretionary Access Control (DAC)
50. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.
SYN flood attack
File Transfer Protocol (FTP)
parallel scan & 300 sec timeout & 1.25 sec/probe
Domain Name