SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. don't ping
404EE
-P0
Fraud and related activity in connection with computers
-sL
2. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
inference attack
Lightweight Directory Access Protocol (LDAP)
-PT
Wrapper
3. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.
Domain Name System (DNS) cache poisoning
Syslog
Sign in Seal
heuristic scanning
4. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
rogue access point
Digital Certificate
router
CIA triangle
5. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).
-oG
Zone transfer
initial sequence number (ISN)
Trapdoor Function
6. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
MD5
NetBus
security controls
R
7. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.
Wireless Local Area Network (WLAN)
Rijndael
port scanning
Internet Control Message Protocol (ICMP)
8. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Secure Sockets Layer (SSL)
-PM
Trusted Computer Base (TCB)
Audit Data
9. The software product or system that is the subject of an evaluation.
White Box Testing
qualitative analysis
Target Of Engagement (TOE)
inference attack
10. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
HTTP tunneling
qualitative analysis
Asset
network interface card (NIC)
11. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.
Master boot record infector
Tumbling
Institute of Electrical and Electronics Engineers (IEEE)
integrity
12. A group of people - gathered together by a business entity - working to address a specific problem or goal.
parameter tampering
Brute-Force Password Attack
Tiger Team
public key infrastructure (PKI)
13. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
Authentication Header (AH)
Application-Level Attacks
Secure Multipurpose Mail Extension (S/MIME)
Active Attack
14. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
enumeration
network tap
halo effect
-PB
15. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
FreeBSD
Application-Level Attacks
protocol
ISO 17799
16. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).
script kiddie
risk assessment
False Acceptance Rate (FAR)
SMB
17. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
Open System Interconnection (OSI) Reference Model
Wrapper
audit
DNS enumeration
18. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
802.11 i
Simple Mail Transfer Protocol (SMTP)
Pretty Good Privacy (PGP)
End User Licensing Agreement (EULA)
19. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.
asynchronous transmission
National Security Agency
SID
Transport Layer Security (TLS)
20. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
TACACS
signature scanning
private key
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
21. A protocol used for sending and receiving log information for nodes on a network.
Vulnerability Management
Syslog
Information Technology Security Evaluation Criteria (ITSEC)
limitation of liability and remedies
22. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.
SOA record
protocol
asynchronous transmission
SID
23. A group of experts that handles computer security incidents.
session splicing
Banner Grabbing
security incident response team (SIRT)
XOR Operation
24. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
scope creep
proxy server
logic bomb
-sL
25. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
Buffer
Corrective Controls
false negative
Auditing
26. Two or more LANs connected by a high-speed line across a large geographical area.
false rejection rate (FRR)
S
Wide Area Network (WAN)
DNS enumeration
27. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
Finding a directory listing and gaining access to a parent or root file for access to other files
reconnaissance
Virtual Private Network (VPN)
halo effect
28. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
stateful packet filtering
service level agreements (SLAs)
pattern matching
false rejection rate (FRR)
29. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
heuristic scanning
Kerberos
honeynet
gray hat
30. Describes practices in production and development that promote access to the end product's source materials.
open source
Media Access Control (MAC)
U P F
Ethical Hacker
31. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
gray box testing
Ciphertext
Timestamping
intranet
32. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Client
Vulnerability Assessment
Ethernet
Web Spider
33. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi
spam
gray hat
Level III assessment
Cracker
34. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
out-of-band signaling
Hacks without permission
Virtual Private Network (VPN)
Presentation layer
35. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
Warm Site
red team
HTTP tunneling
MAC filtering
36. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
Brute-Force Password Attack
802.11 i
CAM table
ping sweep
37. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.
Level II assessment
HIDS
Detective Controls
Man-in-the-middle attack
38. A software or hardware defect that often results in system vulnerabilities.
Eavesdropping
Interior Gateway Protocol (IGP)
Bug
Finding a directory listing and gaining access to a parent or root file for access to other files
39. A device on a network.
physical security
hashing algorithm
node
Algorithm
40. RPC Scan
-sR
A procedure for identifying active hosts on a network.
A R
-PS
41. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
Bluesnarfing
RPC-DCOM
White Box Testing
Console Port
42. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.
integrity
Pretty Good Privacy (PGP)
Black Hat
Presentation layer
43. A storage buffer that transparently stores data so future requests for the same data can be served faster.
Antivirus (AV) software
Authentication
Cache
intrusion detection system (IDS)
44. A communications protocol used for browsing the Internet.
Hypertext Transfer Protocol (HTTP)
human-based social engineering
Internet service provider (ISP)
SAM
45. The process of using easily accessible DNS records to map a target network's internal hosts.
EDGAR database
Level II assessment
DNS enumeration
Network Address Translation (NAT)
46. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
Detective Controls
-PS
shrink-wrap code attacks
Point-to-Point Protocol (PPP)
47. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
Asynchronous
spam
Certificate
stateful packet filtering
48. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
War Driving
Telnet
Digital Certificate
infrastructure mode
49. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.
Lightweight Directory Access Protocol (LDAP)
asynchronous transmission
Decryption
S
50. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
risk
Zenmap
Eavesdropping
Droppers