SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Polite scan timing
serialize scans & 0.4 sec wait
steganography
Ethernet
ISO 17799
2. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public
Point-to-Point Tunneling Protocol (PPTP)
stateful packet filtering
Domain Name System (DNS)
Certificate
3. A routing protocol developed to be used within a single organization.
Interior Gateway Protocol (IGP)
infrastructure mode
Event
Internet Protocol Security (IPSec) architecture
4. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
Extensible Authentication Protocol (EAP)
Distributed DoS (DDoS)
Wired Equivalent Privacy (WEP)
Password Authentication Protocol (PAP)
5. A document describing information security guidelines - policies - procedures - and standards.
The automated process of proactively identifying vulnerabilities of computing systems present in a network
A procedure for identifying active hosts on a network.
Information Technology (IT) security architecture and framework
No previous knowledge of the network
6. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
ring topology
intrusion detection system (IDS)
Tunneling Virus
Redundant Array of Independent Disks (RAID)
7. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
Trojan Horse
RPC-DCOM
reverse lookup; reverse DNS lookup
Virtual Private Network (VPN)
8. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
role-based access control
single loss expectancy (SLE)
Unicode
Domain Name System (DNS) cache poisoning
9. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
Simple Mail Transfer Protocol (SMTP)
User Datagram Protocol (UDP)
Mandatory access control (MAC)
Serial Line Internet Protocol (SLIP)
10. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
service level agreements (SLAs)
Challenge Handshake Authentication Protocol (CHAP)
Anonymizer
SYN attack
11. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).
overt channel
port scanning
Virtual Private Network (VPN)
White Box Testing
12. Monitoring of telephone or Internet conversations - typically by covert means.
FreeBSD
Three-Way (TCP) Handshake
Destination Unreachable
Wiretapping
13. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.
Telnet
gateway
Decryption
encryption
14. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.
Zero Subnet
network interface card (NIC)
Address Resolution Protocol (ARP)
-sP
15. Black box test
parallel scan & 75 sec timeout & 0.3 sec/probe
Point-to-Point Protocol (PPP)
No previous knowledge of the network
Access Point (AP)
16. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
404EE
role-based access control
Denial of Service (DoS)
Due Diligence
17. Injecting traffic into the network to identify the operating system of a device.
Trapdoor Function
Active Fingerprinting
Tini
Auditing
18. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
Zombie
ring topology
session splicing
physical security
19. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.
Annualized Loss Expectancy (ALE)
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Kerberos
802.11 i
20. Access by information systems (or users) communicating from outside the information system security perimeter.
Cookie
remote access
router
red team
21. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
Covert Channel
Minimum acceptable level of risk
Access Point (AP)
Institute of Electrical and Electronics Engineers (IEEE)
22. An Internet routing protocol used to exchange routing information within an autonomous system.
steganography
404EE
Interior Gateway Protocol (IGP)
router
23. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.
Lightweight Directory Access Protocol (LDAP)
Redundant Array of Independent Disks (RAID)
End User Licensing Agreement (EULA)
FTP
24. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
Copyright
footprinting
polymorphic virus
security by obscurity
25. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Exposure Factor
proxy server
Videocipher II Satellite Encryption System
FTP
26. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
Threat
Covert Channel
qualitative analysis
Internet service provider (ISP)
27. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p
heuristic scanning
Biometrics
Buffer
Acknowledgment (ACK)
28. nmap all output
-oA
Point-to-Point Tunneling Protocol (PPTP)
Telnet
risk avoidance
29. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the
role-based access control
Transmission Control Protocol (TCP)
Man-in-the-middle attack
Hierarchical File System (HFS)
30. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
spyware
identity theft
Vulnerability Management
security controls
31. The change or growth of a project's scope
scope creep
gray box testing
symmetric algorithm
Password Authentication Protocol (PAP)
32. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.
Replacing numbers in a url to access other files
Distributed DoS (DDoS)
Covert Channel
logic bomb
33. The ability to trace actions performed on a system to a specific user or system entity.
rule-based access control
Digital Certificate
Accountability
replay attack
34. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.
port knocking
Syslog
quantitative risk assessment
spyware
35. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.
Availability
Google hacking
Traceroute
null session
36. A systematic process for the assessment of security vulnerabilities.
forwarding
802.11
INFOSEC Assessment Methodology (IAM)
ECHO reply
37. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
Cache
Network Address Translation (NAT)
Google hacking
Electronic serial number
38. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Cloning
patch
packet filtering
39. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity
passive attack
personal identification number (PIN)
SAM
false rejection rate (FRR)
40. LM Hash for short passwords (under 7)
CAM table
404EE
End User Licensing Agreement (EULA)
parallel scan
41. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
Assessment
security bulletins
Authentication
red team
42. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
Threat
rootkit
Common Internet File System/Server Message Block
shoulder surfing
43. Port 53
DNS
enumeration
Tiger Team
hardware keystroke logger
44. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.
Transport Layer Security (TLS)
nslookup
Master boot record infector
script kiddie
45. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
qualitative analysis
War Driving
Virus
Macro virus
46. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
sheepdip
Port Address Translation (PAT)
Ciphertext
Unicode
47. A protocol defining packets that are able to be routed by a router.
routed protocol
Information Technology (IT) asset criticality
Cookie
sheepdip
48. Network Scanning
Institute of Electrical and Electronics Engineers (IEEE)
A procedure for identifying active hosts on a network.
Hacks with permission
RPC-DCOM
49. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.
Smurf attack
Presentation layer
Network Basic Input/Output System (NetBIOS)
pattern matching
50. Xmas Tree scan
Unicode
shoulder surfing
-sX
keylogger
