SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The conveying of official access or legal power to a person or entity.
NOP
Authorization
Routing Protocol
Threat
2. Establish Null Session
security defect
net use \[target ip]IPC$ '' /user:''
segment
public key infrastructure (PKI)
3. A data encryption/decryption program often used for e-mail and file storage.
Transmission Control Protocol (TCP)
Replacing numbers in a url to access other files
Baseline
Pretty Good Privacy (PGP)
4. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.
piggybacking
OpenBSD
port knocking
key exchange protocol
5. A protocol used for sending and receiving log information for nodes on a network.
Syslog
FreeBSD
Tunnel
Bluejacking
6. White box test
penetration testing
Digital Watermarking
Redundant Array of Independent Disks (RAID)
Internal access to the network
7. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.
Electronic serial number
human-based social engineering
Bluesnarfing
Collision
8. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
fully qualified domain name (FQDN)
International Organization for Standardization (ISO)
Client
Self Replicating
9. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.
Decryption
limitation of liability and remedies
Daisy Chaining
quantitative risk assessment
10. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
-P0
Asymmetric Algorithm
Eavesdropping
Vulnerability Assessment
11. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
Domain Name System (DNS) cache poisoning
Three-Way (TCP) Handshake
inference attack
risk avoidance
12. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
Backdoor
Access Control List (ACL)
out-of-band signaling
Acceptable Use Policy (AUP)
13. Hex 29
network interface card (NIC)
Defense in Depth
Digital Signature
U P F
14. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
Presentation layer
Ciphertext
Network Address Translation (NAT)
initial sequence number (ISN)
15. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
Network Address Translation (NAT)
fragmentation
Packet Internet Groper (ping)
role-based access control
16. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.
node
security bulletins
Defense in Depth
rootkit
17. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
NT LAN Manager (NTLM)
Time To Live (TTL)
Information Technology Security Evaluation Criteria (ITSEC)
RxBoot
18. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
Request for Comments (RFC)
Routing Protocol
DNS
hacktivism
19. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
XOR Operation
rule-based access control
Digital Signature
Tini
20. Version Detection Scan
Bluesnarfing
-sV
Asset
No previous knowledge of the network
21. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.
script kiddie
Asymmetric Algorithm
Vulnerability Management
remote procedure call (RPC)
22. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
ring topology
Wi-Fi Protected Access (WPA)
Black Hat
Open System Interconnection (OSI) Reference Model
23. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.
iris scanner
routed protocol
Wrapper
Exploit
24. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
Anonymizer
Auditing
Three-Way (TCP) Handshake
protocol
25. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.
enumeration
Black Hat
Secure Sockets Layer (SSL)
Telnet
26. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
security by obscurity
War Chalking
OpenBSD
gateway
27. Polymorphic Virus
public key
non-repudiation
self encrypting
Acknowledgment (ACK)
28. The process of using easily accessible DNS records to map a target network's internal hosts.
remote access
Telnet
Multipartite virus
DNS enumeration
29. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Droppers
CNAME record
Buffer
Minimum acceptable level of risk
30. Cracking Tools
-sT
404EE
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Authorization
31. Port 135
Cryptography
RPC-DCOM
A R
Defines legal email marketing
32. Port 137/138/139
SMB
Zenmap
Lightweight Directory Access Protocol (LDAP)
Detective Controls
33. Paranoid scan timing
War Driving
Presentation layer
identity theft
serial scan & 300 sec wait
34. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
Directory Traversal
physical security
parallel scan & 300 sec timeout & 1.25 sec/probe
sidejacking
35. Controls to detect anomalies or undesirable events occurring on a system.
Domain Name
Daemon
Detective Controls
Corrective Controls
36. Access by information systems (or users) communicating from outside the information system security perimeter.
Virus
remote access
-sW
Videocipher II Satellite Encryption System
37. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
secure channel
LDAP
payload
security bulletins
38. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is
flood
Audit Trail
forwarding
False Acceptance Rate (FAR)
39. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Virus
Cookie
steganography
NT LAN Manager (NTLM)
40. An attack that combines a brute-force attack with a dictionary attack.
hybrid attack
SSH
hash
nslookup
41. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
-sA
Zero Subnet
fully qualified domain name (FQDN)
security controls
42. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.
Asymmetric
security kernel
Adware
Target Of Engagement (TOE)
43. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
Challenge Handshake Authentication Protocol (CHAP)
false rejection rate (FRR)
self encrypting
Mantrap
44. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
SYN attack
RPC-DCOM
RxBoot
hacktivism
45. The potential for damage to or loss of an IT asset
Tunneling Virus
-sV
Electronic Code Book (ECB)
risk
46. A point of reference used to mark an initial state in order to manage change.
Routing Protocol
Baseline
Fiber Distributed Data Interface (FDDI)
Biometrics
47. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
CAM table
Multipurpose Internet Mail Extensions (MIME)
DNS
Trusted Computer Base (TCB)
48. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
scope creep
Trusted Computer System Evaluation Criteria (TCSEC)
The automated process of proactively identifying vulnerabilities of computing systems present in a network
-b
49. Port 22
proxy server
passive attack
SSH
audit
50. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
International Organization for Standardization (ISO)
Cryptography
social engineering
Algorithm