SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.
Echo request
Secure Multipurpose Mail Extension (S/MIME)
Black Hat
Hacks without permission
2. Xmas Tree scan
404EE
Multipartite virus
-sX
packet
3. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
Cookie
Authentication Header (AH)
Request for Comments (RFC)
Threat
4. A protocol that allows a client computer to request services from a server and the server to return the results.
remote procedure call (RPC)
human-based social engineering
Community String
script kiddie
5. An adapter that provides the physical connection to send and receive data between the computer and the network media.
Secure Sockets Layer (SSL)
network interface card (NIC)
-PM
parallel scan & 75 sec timeout & 0.3 sec/probe
6. An attack that exploits the common mistake many people make when installing operating systems
NT LAN Manager (NTLM)
POP 3
Web Spider
operating system attack
7. A virus written in a macro language and usually embedded in document or spreadsheet files.
Internet service provider (ISP)
hacktivism
Macro virus
Uniform Resource Locator (URL)
8. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.
false rejection rate (FRR)
OpenBSD
service level agreements (SLAs)
single loss expectancy (SLE)
9. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
Bluejacking
Cache
network interface card (NIC)
Hypertext Transfer Protocol (HTTP)
10. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
Information Technology (IT) security architecture and framework
session hijacking
LDAP
Active Attack
11. The process of recording activity on a system for monitoring and later review.
Malicious code
-p <port ranges>
Third Party
Auditing
12. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
single loss expectancy (SLE)
Institute of Electrical and Electronics Engineers (IEEE)
CIA triangle
site survey
13. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
Tunnel
-sP
Bluetooth
NT LAN Manager (NTLM)
14. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
Domain Name System (DNS) cache poisoning
Common Internet File System/Server Message Block
Access Control List (ACL)
Audit Data
15. The level of importance assigned to an IT asset
Community String
Information Technology (IT) asset criticality
GET
Three-Way (TCP) Handshake
16. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
Contingency Plan
Defense in Depth
reverse social engineering
Kerberos
17. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public
HIDS
risk acceptance
Adware
Certificate
18. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
Interior Gateway Protocol (IGP)
Cryptography
Biometrics
symmetric algorithm
19. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Last In First Out (LIFO)
out-of-band signaling
halo effect
Bastion host
20. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
-b
infrastructure mode
Adware
footprinting
21. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
secure channel
Trapdoor Function
risk acceptance
sniffer
22. Port 80/81/8080
footprinting
phishing
Time Bomb
HTTP
23. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
ring topology
Written Authorization
Directory Traversal
The automated process of proactively identifying vulnerabilities of computing systems present in a network
24. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
null session
service level agreements (SLAs)
sheepdip
Smurf attack
25. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive
hybrid attack
Worm
Data Link layer
Daisy Chaining
26. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
out-of-band signaling
Collision Domain
segment
OpenBSD
27. Idlescan
Routing Protocol
-sS
Telnet
-sI
28. An early network application that provides information on users currently logged on to a machine.
Level I assessment
security incident response team (SIRT)
Finger
symmetric encryption
29. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Kerberos
-sI
Auditing
Cryptography
30. 18 U.S.C. 1030
The automated process of proactively identifying vulnerabilities of computing systems present in a network
audit
symmetric algorithm
Fraud and related activity in connection with computers
31. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
Cookie
SSH
Request for Comments (RFC)
serial scan & 300 sec wait
32. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.
protocol
Internal access to the network
International Organization for Standardization (ISO)
private key
33. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.
-oX
-sS
Vulnerability Management
Service Set Identifier (SSID)
34. ICMP Type/Code 8
Console Port
Echo request
RPC-DCOM
Password Authentication Protocol (PAP)
35. The condition of a resource being ready for use and accessible by authorized users.
-p <port ranges>
Availability
routed protocol
Decryption
36. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
Certificate Authority (CA)
Access Control List (ACL)
Data Encryption Standard (DES)
-sX
37. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
stream cipher
Destination Unreachable
promiscuous mode
Exploit
38. Black box test
Dumpster Diving
Self Replicating
No previous knowledge of the network
Decryption
39. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
Secure Multipurpose Mail Extension (S/MIME)
Institute of Electrical and Electronics Engineers (IEEE)
Adware
replay attack
40. Polymorphic Virus
spam
self encrypting
operating system attack
Availability
41. A file system used by the Mac OS.
Hierarchical File System (HFS)
Point-to-Point Tunneling Protocol (PPTP)
null session
-PP
42. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.
false rejection rate (FRR)
Bluejacking
Corrective Controls
-sA
43. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
Network Address Translation (NAT)
Simple Object Access Protocol (SOAP)
Tunneling
Common Internet File System/Server Message Block
44. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
802.11 i
Eavesdropping
Information Technology (IT) security architecture and framework
Banner Grabbing
45. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
symmetric encryption
Filter
Temporal Key Integrity Protocol (TKIP)
Tumbling
46. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Address Resolution Protocol (ARP)
penetration testing
Virus Hoax
NOP
47. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
payload
Telnet
Possession of access devices
phishing
48. A software or hardware application or device that captures user keystrokes.
Rijndael
keylogger
Wi-Fi
Hierarchical File System (HFS)
49. White box test
port redirection
-sX
Internal access to the network
physical security
50. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
integrity
Directory Traversal
Wrapper
audit