SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
Local Administrator
fully qualified domain name (FQDN)
Contingency Plan
Network Address Translation (NAT)
2. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
Temporal Key Integrity Protocol (TKIP)
Interior Gateway Protocol (IGP)
Banner Grabbing
OpenBSD
3. Hashing algorithm that results in a 128-bit output.
MD5
Algorithm
identity theft
-PM
4. Polite scan timing
smart card
personal identification number (PIN)
Domain Name System (DNS) cache poisoning
serialize scans & 0.4 sec wait
5. FIN Scan
INFOSEC Assessment Methodology (IAM)
patch
-sF
Demilitarized Zone (DMZ)
6. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.
Target Of Engagement (TOE)
encapsulation
Pretty Good Privacy (PGP)
Digital Certificate
7. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).
Syslog
NOP
phishing
Cracker
8. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.
A S
Open System Interconnection (OSI) Reference Model
Hypertext Transfer Protocol Secure (HTTPS)
Wireless Local Area Network (WLAN)
9. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
enumeration
sidejacking
risk
Time exceeded
10. Hex 29
Three-Way (TCP) Handshake
Authentication - Authorization - and Accounting (AAA)
U P F
rogue access point
11. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
intrusion prevention system (IPS)
Daemon
Auditing
Time To Live (TTL)
12. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
fully qualified domain name (FQDN)
Denial of Service (DoS)
Biometrics
Port Address Translation (PAT)
13. Evaluation in which testers attempt to penetrate the network.
Internet Protocol Security (IPSec) architecture
Media Access Control (MAC)
packet filtering
Level III assessment
14. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
-PP
Destination Unreachable
Countermeasures
Interior Gateway Protocol (IGP)
15. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
security controls
War Driving
hybrid attack
-oA
16. The level of importance assigned to an IT asset
hot site
Information Technology (IT) asset criticality
Multipartite virus
Application-Level Attacks
17. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
Covert Channel
Certificate
Tunneling Virus
Competitive Intelligence
18. Using conversation or some other interaction between people to gather useful information.
human-based social engineering
session hijacking
protocol
gateway
19. List Scan
Self Replicating
-sL
SSH
Cold Site
20. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Network Address Translation (NAT)
shrink-wrap code attacks
Bastion host
Trapdoor Function
21. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
Computer Emergency Response Team (CERT)
spoofing
Warm Site
Routing Information Protocol (RIP)
22. A device providing temporary - on-demand - point-to-point network access to users.
NetBus
network access server
Antivirus (AV) software
Secure Multipurpose Mail Extension (S/MIME)
23. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
Master boot record infector
Anonymizer
RxBoot
RID Resource identifier
24. A method of external testing whereby several systems or resources are used together to effect an attack.
Authentication Header (AH)
Daisy Chaining
Exploit
GET
25. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
Cryptographic Key
Trusted Computer System Evaluation Criteria (TCSEC)
overt channel
Cryptography
26. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
stream cipher
Password Authentication Protocol (PAP)
Corrective Controls
security kernel
27. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
Bastion host
MAC filtering
Tunnel
halo effect
28. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
Cracker
Videocipher II Satellite Encryption System
nslookup
Domain Name System (DNS) lookup
29. ICMP Type/Code 11
Decryption
Client
Address Resolution Protocol (ARP) table
Time exceeded
30. A storage buffer that transparently stores data so future requests for the same data can be served faster.
Cache
infrastructure mode
Third Party
Wiretapping
31. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
Secure Multipurpose Mail Extension (S/MIME)
packet
risk assessment
32. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
Common Internet File System/Server Message Block
inference attack
pattern matching
Media Access Control (MAC)
33. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
security breach or security incident
Virus
rootkit
Authentication Header (AH)
34. TCP Ping
Authentication
-oG
-PT
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
35. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
red team
-sR
gateway
Extensible Authentication Protocol (EAP)
36. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.
-sL
Temporal Key Integrity Protocol (TKIP)
Web Spider
-sF
37. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
local area network (LAN)
shrink-wrap code attacks
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Antivirus (AV) software
38. TCP SYN Scan
Videocipher II Satellite Encryption System
Decryption
Vulnerability Management
-sS
39. ICMP Type/Code 3-13
-oG
Bluesnarfing
CIA triangle
Administratively Prohibited
40. A type of encryption where the same key is used to encrypt and decrypt the message.
Videocipher II Satellite Encryption System
HTTP
HIDS
symmetric encryption
41. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
Bluejacking
Point-to-Point Tunneling Protocol (PPTP)
piggybacking
-PB
42. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
Boot Sector Virus
promiscuous mode
Ciphertext
Hypertext Transfer Protocol Secure (HTTPS)
43. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.
qualitative analysis
hash
Real application encompassing Trojan
Fast Ethernet
44. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
site survey
scope creep
red team
File Transfer Protocol (FTP)
45. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
Self Replicating
symmetric algorithm
honeypot
Cryptography
46. A string that represents the location of a web resource
Uniform Resource Locator (URL)
protocol stack
Back orifice
Ciphertext
47. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
Cold Site
queue
Unicode
Certificate Authority (CA)
48. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a
private network address
Written Authorization
Rijndael
Malicious code
49. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
Mantrap
single loss expectancy (SLE)
risk assessment
Methodology
50. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.
Request for Comments (RFC)
Service Set Identifier (SSID)
rootkit
integrity
