SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Normal scan timing
symmetric algorithm
parallel scan
Assessment
Asymmetric
2. Hex 04
Warm Site
Three-Way (TCP) Handshake
Authentication Header (AH)
R
3. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
NetBus
Multipurpose Internet Mail Extensions (MIME)
Routing Protocol
hardware keystroke logger
4. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
Computer-Based Attack
Access Creep
hashing algorithm
Syslog
5. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
network operations center (NOC)
Vulnerability
intrusion detection system (IDS)
quality of service (QoS)
6. FIN Scan
CIA triangle
Ethical Hacker
GET
-sF
7. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
XOR Operation
Directory Traversal
infrastructure mode
Virus
8. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
quantitative risk assessment
Ethical Hacker
Smurf attack
physical security
9. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.
false rejection rate (FRR)
Trusted Computer System Evaluation Criteria (TCSEC)
gray hat
Finding a directory listing and gaining access to a parent or root file for access to other files
10. A computer network confined to a relatively small area - such as a single building or campus.
SID
Domain Name System (DNS)
Bluejacking
local area network (LAN)
11. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
War Chalking
ring topology
encryption
Request for Comments (RFC)
12. A virus designed to infect the master boot record.
Backdoor
ISO 17799
Uniform Resource Locator (URL)
Master boot record infector
13. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.
scope creep
Daemon
EDGAR database
hashing algorithm
14. ICMP Type/Code 0-0
infrastructure mode
File Allocation Table (FAT)
Echo Reply
Simple Object Access Protocol (SOAP)
15. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
network operations center (NOC)
remote access
Three-Way (TCP) Handshake
Audit Data
16. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
802.11 i
File Transfer Protocol (FTP)
Authentication - Authorization - and Accounting (AAA)
--randomize_hosts -O OS fingerprinting
17. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.
ad hoc mode
Assessment
Information Technology Security Evaluation Criteria (ITSEC)
MAC filtering
18. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.
Cookie
-P0
Fiber Distributed Data Interface (FDDI)
session splicing
19. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
social engineering
scope creep
Brute-Force Password Attack
Digital Signature
20. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
Trojan Horse
Eavesdropping
limitation of liability and remedies
suicide hacker
21. Network Scanning
Mantrap
Zombie
A procedure for identifying active hosts on a network.
Network Address Translation (NAT)
22. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.
null session
Trojan Horse
International Organization for Standardization (ISO)
Application-Level Attacks
23. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.
Transport Layer Security (TLS)
-PP
-sI
iris scanner
24. An Application layer protocol for managing devices on an IP network.
Simple Network Management Protocol (SNMP)
key exchange protocol
Redundant Array of Independent Disks (RAID)
Simple Object Access Protocol (SOAP)
25. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
-sU
heuristic scanning
qualitative analysis
26. The monetary value assigned to an IT asset.
Rijndael
Information Technology (IT) asset valuation
Asynchronous
secure channel
27. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.
Active Attack
White Box Testing
Pretty Good Privacy (PGP)
Certificate
28. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
red team
Cloning
Asymmetric Algorithm
Buffer
29. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
network operations center (NOC)
Mantrap
Written Authorization
Antivirus (AV) software
30. Any item of value or worth to an organization - whether physical or virtual.
Asset
risk
Application-Level Attacks
-P0
31. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
Finding a directory listing and gaining access to a parent or root file for access to other files
enumeration
Authorization
firewall
32. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
rootkit
Syslog
parallel scan
Detective Controls
33. UDP Scan
Wired Equivalent Privacy (WEP)
-sR
-sU
footprinting
34. Sneaky scan timing
serialize scans & 15 sec wait
single loss expectancy (SLE)
Bit Flipping
source routing
35. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Exposure Factor
gap analysis
Ethical Hacker
Transport Layer Security (TLS)
36. Version Detection Scan
-sV
inference attack
Overwhelm CAM table to convert switch to hub mode
Hypertext Transfer Protocol Secure (HTTPS)
37. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
intrusion prevention system (IPS)
false rejection rate (FRR)
CAM table
Electronic Code Book (ECB)
38. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.
Authorization
Anonymizer
Vulnerability Management
smart card
39. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.
security incident response team (SIRT)
Filter
-sU
hardware keystroke logger
40. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
reverse lookup; reverse DNS lookup
payload
-oN
Competitive Intelligence
41. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Level III assessment
Service Set Identifier (SSID)
Last In First Out (LIFO)
Database
42. White hat
out-of-band signaling
Hacks with permission
Cold Site
fully qualified domain name (FQDN)
43. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
pattern matching
Open System Interconnection (OSI) Reference Model
false negative
Availability
44. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
Wi-Fi Protected Access (WPA)
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
spoofing
A procedure for identifying active hosts on a network.
45. Attacks on the actual programming code of an application.
queue
Wide Area Network (WAN)
parameter tampering
Application-Level Attacks
46. A group of experts that handles computer security incidents.
security incident response team (SIRT)
impersonation
Third Party
-oX
47. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
sidejacking
Point-to-Point Tunneling Protocol (PPTP)
local area network (LAN)
queue
48. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
quantitative risk assessment
Zombie
queue
security by obscurity
49. In computer security - this is an algorithm that uses separate keys for encryption and decryption.
-sR
Wrapper
Asymmetric Algorithm
NetBus
50. ICMP Ping
Authentication
firewall
risk acceptance
-PI
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests