SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
XOR Operation
Cryptography
Malware
Dumpster Diving
2. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
routed protocol
role-based access control
Last In First Out (LIFO)
Accountability
3. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.
reconnaissance
Wi-Fi
Copyright
Archive
4. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
Assessment
Destination Unreachable
Community String
Unicode
5. Xmas Tree scan
-sX
404EE
serialize scans & 15 sec wait
gateway
6. The conveying of official access or legal power to a person or entity.
hashing algorithm
A R
Contingency Plan
Authorization
7. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
protocol stack
Man-in-the-middle attack
Detective Controls
Cryptographic Key
8. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
limitation of liability and remedies
Bit Flipping
Electronic serial number
smart card
9. Paranoid scan timing
Warm Site
parallel scan & 75 sec timeout & 0.3 sec/probe
serial scan & 300 sec wait
forwarding
10. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.
spam
qualitative analysis
intrusion prevention system (IPS)
Exposure Factor
11. Any item of value or worth to an organization - whether physical or virtual.
Finding a directory listing and gaining access to a parent or root file for access to other files
piggybacking
Wi-Fi Protected Access (WPA)
Asset
12. IP Protocol Scan
nslookup
-sO
stateful packet filtering
risk transference
13. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.
Internet Assigned Number Authority (IANA)
Tunneling Virus
Computer-Based Attack
Dumpster Diving
14. NSA
SAM
Master boot record infector
Digital Certificate
National Security Agency
15. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points
Domain Name System (DNS) cache poisoning
site survey
local area network (LAN)
NOP
16. A computer virus that infects and spreads in multiple ways.
Bluejacking
Multipartite virus
International Organization for Standardization (ISO)
Certificate
17. A data encryption/decryption program often used for e-mail and file storage.
Vulnerability Scanning
Pretty Good Privacy (PGP)
session hijacking
Crossover Error Rate (CER)
18. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Telnet
Zero Subnet
identity theft
Bit Flipping
19. Wrapper or Binder
MAC filtering
Web Spider
Real application encompassing Trojan
quality of service (QoS)
20. The lack of clocking (imposed time ordering) on a bit stream.
Cracker
Buffer Overflow
network access server
Asynchronous
21. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi
Cookie
Tunnel
SMB
-PS
22. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.
Baseline
Bluetooth
SMB
human-based social engineering
23. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
Defines legal email marketing
Ciphertext
intrusion detection system (IDS)
protocol stack
24. Two or more LANs connected by a high-speed line across a large geographical area.
Secure Multipurpose Mail Extension (S/MIME)
patch
Wide Area Network (WAN)
CAM table
25. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
Zero Subnet
penetration testing
port knocking
Point-to-Point Protocol (PPP)
26. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.
security defect
Active Fingerprinting
Bastion host
SID
27. 18 U.S.C. 1030
Digital Watermarking
Fraud and related activity in connection with computers
Telnet
Institute of Electrical and Electronics Engineers (IEEE)
28. Recording the time - normally in a log file - when an event happens or when information is created or modified.
Timestamping
Simple Mail Transfer Protocol (SMTP)
Audit Trail
risk
29. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
Simple Object Access Protocol (SOAP)
Domain Name
Algorithm
hacktivism
30. List Scan
Black Hat
identity theft
-sL
Cloning
31. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Methodology
Cookie
Discretionary Access Control (DAC)
reconnaissance
32. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
sheepdip
Port Address Translation (PAT)
CNAME record
Due Diligence
33. An adapter that provides the physical connection to send and receive data between the computer and the network media.
network interface card (NIC)
Presentation layer
proxy server
router
34. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
hardware keystroke logger
signature scanning
risk assessment
Time Bomb
35. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
Acknowledgment (ACK)
Virtual Private Network (VPN)
router
personal identification number (PIN)
36. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
ping sweep
802.11
sidejacking
SID
37. The process of determining if a network entity (user or service) is legitimate
The automated process of proactively identifying vulnerabilities of computing systems present in a network
remote access
symmetric algorithm
Authentication
38. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
Request for Comments (RFC)
XOR Operation
Eavesdropping
Exploit
39. don't ping
human-based social engineering
gray hat
-P0
Routing Protocol
40. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
forwarding
payload
-oA
single loss expectancy (SLE)
41. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
halo effect
Local Administrator
White Box Testing
Active Fingerprinting
42. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.
passive attack
router
Electronic serial number
Daisy Chaining
43. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
Routing Protocol
site survey
Hypertext Transfer Protocol Secure (HTTPS)
Exposure Factor
44. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
router
queue
Transmission Control Protocol (TCP)
Buffer Overflow
45. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori
initial sequence number (ISN)
Authentication Header (AH)
Digital Certificate
Cryptography
46. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
ring topology
Domain Name System (DNS)
reverse social engineering
Open System Interconnection (OSI) Reference Model
47. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.
Extensible Authentication Protocol (EAP)
null session
Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP) table
48. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr
Wired Equivalent Privacy (WEP)
script kiddie
Redundant Array of Independent Disks (RAID)
Domain Name System (DNS)
49. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a
GET
Demilitarized Zone (DMZ)
Database
fragmentation
50. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc
-sA
Active Directory (AD)
rule-based access control
MD5
