SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
iris scanner
serial scan & 300 sec wait
shoulder surfing
Application Layer
2. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
non-repudiation
Overwhelm CAM table to convert switch to hub mode
spoofing
hardware keystroke logger
3. Window Scan
Sign in Seal
Simple Network Management Protocol (SNMP)
Domain Name
-sW
4. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
public key infrastructure (PKI)
Media Access Control (MAC)
Domain Name System (DNS) cache poisoning
Denial of Service (DoS)
5. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
Open System Interconnection (OSI) Reference Model
-oG
Fraud and related activity in connection with computers
POST
6. A data encryption/decryption program often used for e-mail and file storage.
Pretty Good Privacy (PGP)
Finding a directory listing and gaining access to a parent or root file for access to other files
rule-based access control
HIDS
7. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.
security defect
rule-based access control
-PB
serialize scans & 15 sec wait
8. Describes practices in production and development that promote access to the end product's source materials.
open source
Tini
security defect
fragmentation
9. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.
scope creep
stateful packet filtering
Virtual Local Area Network (VLAN)
Blowfish
10. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
Black Hat
Asset
smart card
nslookup
11. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.
hardware keystroke logger
Countermeasures
integrity
Uniform Resource Locator (URL)
12. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
ECHO reply
Exposure Factor
-PP
suicide hacker
13. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman
Bit Flipping
Console Port
Routing Protocol
HTTP
14. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
Routing Protocol
Antivirus (AV) software
Interior Gateway Protocol (IGP)
Acceptable Use Policy (AUP)
15. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
Point-to-Point Tunneling Protocol (PPTP)
role-based access control
encapsulation
Internet service provider (ISP)
16. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
symmetric algorithm
risk avoidance
Asymmetric Algorithm
Wide Area Network (WAN)
17. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
Asymmetric Algorithm
shoulder surfing
Open System Interconnection (OSI) Reference Model
false rejection rate (FRR)
18. Xmas Tree scan
-sX
firewall
CAM table
-oA
19. The combination of all IT assets - resources - components - and systems.
Information Technology (IT) infrastructure
Open System Interconnection (OSI) Reference Model
Bit Flipping
session splicing
20. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
security defect
risk transference
stream cipher
network access server
21. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.
Secure Sockets Layer (SSL)
key exchange protocol
OpenBSD
Web Spider
22. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
fully qualified domain name (FQDN)
Bastion host
sidejacking
Back orifice
23. Polymorphic Virus
fully qualified domain name (FQDN)
Confidentiality
Daemon
self encrypting
24. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.
Anonymizer
ECHO reply
intrusion detection system (IDS)
spam
25. A free and popular version of the Unix operating system.
FreeBSD
Timestamping
Buffer
public key
26. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.
security controls
Web Spider
Timestamping
shrink-wrap code attacks
27. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).
Active Attack
NOP
Zenmap
Unicode
28. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
passive attack
Anonymizer
Backdoor
Active Fingerprinting
29. The art and science of creating a covert message or image within another message - image - audio - or video file.
Hacks without permission
steganography
-p <port ranges>
enumeration
30. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
quantitative risk assessment
Accountability
Black Box Testing
Wide Area Network (WAN)
31. Insane scan timing
-PP
spam
Trusted Computer Base (TCB)
parallel scan & 75 sec timeout & 0.3 sec/probe
32. A tool that helps a company to compare its actual performance with its potential performance.
asynchronous transmission
inference attack
network tap
gap analysis
33. The level of importance assigned to an IT asset
Information Technology (IT) asset criticality
File Transfer Protocol (FTP)
piggybacking
-sT
34. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can
route
Computer Emergency Response Team (CERT)
honeynet
Open System Interconnection (OSI) Reference Model
35. Directing a protocol from one port to another.
Bluesnarfing
port redirection
-sT
DNS enumeration
36. CAN-SPAM
Eavesdropping
Time To Live (TTL)
Overwhelm CAM table to convert switch to hub mode
Defines legal email marketing
37. Port 23
Bit Flipping
session splicing
Telnet
Possession of access devices
38. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.
port scanning
Wiretapping
quantitative risk assessment
encapsulation
39. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Collision Domain
SOA record
open source
Virus Hoax
40. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a
Malicious code
HIDS
Minimum acceptable level of risk
Exploit
41. An Application layer protocol for sending electronic mail between servers.
Simple Mail Transfer Protocol (SMTP)
802.11 i
personal identification number (PIN)
serial scan & 300 sec wait
42. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO
Secure Multipurpose Mail Extension (S/MIME)
-sT
Annualized Loss Expectancy (ALE)
Service Set Identifier (SSID)
43. LM Hash for short passwords (under 7)
U P F
-sR
404EE
risk
44. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
War Chalking
stream cipher
Telnet
Computer Emergency Response Team (CERT)
45. A type of encryption where the same key is used to encrypt and decrypt the message.
Blowfish
Due Diligence
Tunnel
symmetric encryption
46. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
Community String
Audit Trail
personal identification number (PIN)
ring topology
47. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Virtual Local Area Network (VLAN)
Cryptography
Data Encryption Standard (DES)
sniffer
48. ICMP Ping
open source
SYN attack
Request for Comments (RFC)
-PI
49. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Malware
-PI
-PS
Internet Control Message Protocol (ICMP)
50. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.
Covert Channel
End User Licensing Agreement (EULA)
serial scan & 300 sec wait
RID Resource identifier