SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The concept of having more than one person required to complete a task
Time Bomb
White Box Testing
Network Basic Input/Output System (NetBIOS)
separation of duties
2. Sneaky scan timing
security breach or security incident
Authentication
serialize scans & 15 sec wait
Decryption
3. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.
Event
Computer-Based Attack
risk transference
Internet Protocol (IP)
4. Name given to expert groups that handle computer security incidents.
Third Party
Computer Emergency Response Team (CERT)
Corrective Controls
quantitative risk assessment
5. Cracking Tools
Asynchronous
phishing
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
SYN attack
6. A software or hardware application or device that captures user keystrokes.
Exposure Factor
operating system attack
Accountability
keylogger
7. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
Hypertext Transfer Protocol Secure (HTTPS)
session splicing
Time Bomb
Decryption
8. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
Cookie
Whois
Electronic Code Book (ECB)
Multipurpose Internet Mail Extensions (MIME)
9. CAN-SPAM
MAC filtering
Exploit
Defines legal email marketing
Mandatory access control (MAC)
10. Nmap grepable output
Mantrap
Level I assessment
A procedure for identifying active hosts on a network.
-oG
11. A device providing temporary - on-demand - point-to-point network access to users.
-PP
HTTP
network access server
Trojan Horse
12. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Cryptographic Key
Active Directory (AD)
serialize scans & 15 sec wait
Ethernet
13. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.
False Acceptance Rate (FAR)
penetration testing
Multipurpose Internet Mail Extensions (MIME)
script kiddie
14. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.
security kernel
segment
Multipurpose Internet Mail Extensions (MIME)
hybrid attack
15. White hat
SMB
Hacks with permission
iris scanner
Simple Network Management Protocol (SNMP)
16. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.
Institute of Electrical and Electronics Engineers (IEEE)
Hacks without permission
-oG
Fraud and related activity in connection with computers
17. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
Possession of access devices
Computer Emergency Response Team (CERT)
key exchange protocol
private network address
18. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
Routing Information Protocol (RIP)
Decryption
security breach or security incident
Telnet
19. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can
route
Level I assessment
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Discretionary Access Control (DAC)
20. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
Packet Internet Groper (ping)
Cryptographic Key
enumeration
social engineering
21. Ports 20/21
FTP
Hypertext Transfer Protocol Secure (HTTPS)
physical security
router
22. Hex 14
security breach or security incident
SAM
A R
Minimum acceptable level of risk
23. The art and science of creating a covert message or image within another message - image - audio - or video file.
Replacing numbers in a url to access other files
Countermeasures
steganography
Trapdoor Function
24. The level of importance assigned to an IT asset
Information Technology (IT) asset criticality
Level II assessment
INFOSEC Assessment Methodology (IAM)
RID Resource identifier
25. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t
Self Replicating
Brute-Force Password Attack
Digital Watermarking
initial sequence number (ISN)
26. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.
Due Care
-P0
-sI
serialize scans & 0.4 sec wait
27. Port 22
logic bomb
SSH
-b
Administratively Prohibited
28. A protocol used to pass control and error messages between nodes on the Internet.
Wi-Fi Protected Access (WPA)
port knocking
Internet Control Message Protocol (ICMP)
Kerberos
29. A file system used by the Mac OS.
personal identification number (PIN)
Black Hat
Hierarchical File System (HFS)
Boot Sector Virus
30. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
Asset
Ciphertext
Request for Comments (RFC)
Google hacking
31. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
Domain Name System (DNS) cache poisoning
queue
out-of-band signaling
Hypertext Transfer Protocol Secure (HTTPS)
32. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
Packet Internet Groper (ping)
gateway
Vulnerability Scanning
inference attack
33. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).
Level III assessment
Zone transfer
shrink-wrap code attacks
port knocking
34. Hex 12
A S
Time To Live (TTL)
-sV
NetBSD
35. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.
Simple Network Management Protocol (SNMP)
Due Diligence
National Security Agency
A S
36. don't ping
Hacks without permission
RID Resource identifier
-P0
NOP
37. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
firewall
private network address
intrusion detection system (IDS)
Unicode
38. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.
hardware keystroke logger
Digital Certificate
HIDS
Buffer
39. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
NetBus
risk acceptance
non-repudiation
404EE
40. TCP connect() scan
Asymmetric
R
hashing algorithm
-sT
41. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.
serialize scans & 0.4 sec wait
Wrapper
War Chalking
Internet Assigned Number Authority (IANA)
42. A type of encryption where the same key is used to encrypt and decrypt the message.
symmetric encryption
personal identification number (PIN)
Wireless Local Area Network (WLAN)
Accountability
43. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
reverse social engineering
EDGAR database
sidejacking
File Transfer Protocol (FTP)
44. A method of external testing whereby several systems or resources are used together to effect an attack.
404EE
Asynchronous
False Acceptance Rate (FAR)
Daisy Chaining
45. A software or hardware defect that often results in system vulnerabilities.
infrastructure mode
Bluejacking
remote access
Bug
46. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
Anonymizer
Temporal Key Integrity Protocol (TKIP)
Certificate Authority (CA)
Network Address Translation (NAT)
47. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
-oN
-sS
Backdoor
Authorization
48. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
out-of-band signaling
Collision
Information Technology (IT) asset criticality
replay attack
49. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.
-oX
quantitative risk assessment
Tunneling Virus
Cryptographic Key
50. Port 31337
heuristic scanning
Back orifice
parallel scan & 75 sec timeout & 0.3 sec/probe
Tumbling