SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
false rejection rate (FRR)
NetBus
social engineering
Hypertext Transfer Protocol (HTTP)
2. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
site survey
Simple Object Access Protocol (SOAP)
queue
Network Address Translation (NAT)
3. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
security breach or security incident
Finger
source routing
patch
4. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)
Countermeasures
payload
overt channel
hash
5. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Last In First Out (LIFO)
Cookie
Tunneling
War Dialing
6. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
Active Attack
limitation of liability and remedies
Hacks with permission
Anonymizer
7. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
Secure Multipurpose Mail Extension (S/MIME)
CNAME record
RID Resource identifier
Active Directory (AD)
8. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.
Contingency Plan
OpenBSD
RxBoot
reverse lookup; reverse DNS lookup
9. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
Password Authentication Protocol (PAP)
router
false rejection rate (FRR)
File Transfer Protocol (FTP)
10. RPC Scan
Level III assessment
-sR
Due Care
Redundant Array of Independent Disks (RAID)
11. Describes practices in production and development that promote access to the end product's source materials.
smart card
open source
Bluejacking
serial scan & 300 sec wait
12. A computer process that requests a service from another computer and accepts the server's responses.
Audit Trail
Banner Grabbing
Replacing numbers in a url to access other files
Client
13. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
stateful packet filtering
Asset
Worm
RxBoot
14. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
Active Directory (AD)
out-of-band signaling
Wi-Fi
Level II assessment
15. A storage buffer that transparently stores data so future requests for the same data can be served faster.
key exchange protocol
Cache
self encrypting
Simple Object Access Protocol (SOAP)
16. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
Blowfish
physical security
A S
Access Creep
17. A social-engineering attack that manipulates the victim into calling the attacker for help.
Hypertext Transfer Protocol (HTTP)
Application Layer
reverse social engineering
firewalking
18. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.
Domain Name System (DNS) lookup
Access Point (AP)
spoofing
Request for Comments (RFC)
19. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.
Domain Name
queue
payload
Internet Protocol (IP)
20. ICMP Timestamp
Routing Information Protocol (RIP)
-PP
-P0
ping sweep
21. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
Domain Name System (DNS) lookup
SYN flood attack
-sL
session splicing
22. A data encryption/decryption program often used for e-mail and file storage.
Cryptography
gateway
Client
Pretty Good Privacy (PGP)
23. Window Scan
Rijndael
-sW
Access Control List (ACL)
reverse social engineering
24. Ping Scan
Defines legal email marketing
Baseline
source routing
-sP
25. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
DNS enumeration
Audit Trail
reverse lookup; reverse DNS lookup
keylogger
26. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
Copyright
Point-to-Point Tunneling Protocol (PPTP)
Data Encryption Standard (DES)
fully qualified domain name (FQDN)
27. Normal scan timing
parallel scan
EDGAR database
Vulnerability Management
U P F
28. Phases of an attack
-sL
hybrid attack
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
SID
29. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
Ethernet
NetBSD
Hypertext Transfer Protocol (HTTP)
Target Of Engagement (TOE)
30. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all
Data Link layer
Bug
Routing Information Protocol (RIP)
network access server
31. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.
Bluejacking
Web Spider
Warm Site
encapsulation
32. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
RPC-DCOM
War Chalking
gray box testing
-sS
33. White hat
Hacks with permission
Copyright
Address Resolution Protocol (ARP) table
Routing Protocol
34. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
passive attack
Ciphertext
RID Resource identifier
Baseline
35. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
fragmentation
qualitative analysis
Auditing
Bluetooth
36. The monetary value assigned to an IT asset.
Information Technology (IT) asset valuation
Mandatory access control (MAC)
S
Time exceeded
37. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.
Domain Name System (DNS) cache poisoning
Electronic serial number
hashing algorithm
risk assessment
38. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
Cryptographic Key
MD5
self encrypting
packet
39. A virus written in a macro language and usually embedded in document or spreadsheet files.
Tiger Team
intrusion prevention system (IPS)
Macro virus
-sU
40. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Simple Network Management Protocol (SNMP)
Detective Controls
Asymmetric
Transmission Control Protocol (TCP)
41. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
Information Technology (IT) asset criticality
Echo Reply
proxy server
Internal access to the network
42. CAN-SPAM
Defines legal email marketing
Corrective Controls
Algorithm
route
43. The process of determining if a network entity (user or service) is legitimate
Point-to-Point Tunneling Protocol (PPTP)
shrink-wrap code attacks
NOP
Authentication
44. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
Media Access Control (MAC)
identity theft
piggybacking
Syslog
45. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
Domain Name
Lightweight Directory Access Protocol (LDAP)
HTTP tunneling
network interface card (NIC)
46. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
suicide hacker
operating system attack
Smurf attack
Media Access Control (MAC)
47. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
Virus
-b
inference attack
ring topology
48. NSA
Authentication Header (AH)
rootkit
Serial Line Internet Protocol (SLIP)
National Security Agency
49. ICMP Type/Code 3-13
hybrid attack
-sA
Administratively Prohibited
remote procedure call (RPC)
50. A virus designed to infect the master boot record.
Master boot record infector
-sR
Echo request
-sT
