SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ACK Scan
-sA
suicide hacker
signature scanning
Application-Level Attacks
2. ICMP Ping
Corrective Controls
Electronic serial number
-PI
scope creep
3. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.
Level I assessment
Three-Way (TCP) Handshake
Asset
Digital Signature
4. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.
A R
Block Cipher
Hierarchical File System (HFS)
iris scanner
5. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
stateful packet filtering
802.11 i
Adware
-sU
6. A file system used by the Mac OS.
Discretionary Access Control (DAC)
Internal access to the network
Hierarchical File System (HFS)
Asymmetric Algorithm
7. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.
encapsulation
Exploit
Back orifice
segment
8. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
honeypot
Black Box Testing
Demilitarized Zone (DMZ)
Point-to-Point Protocol (PPP)
9. RPC Scan
risk
-sR
role-based access control
Domain Name System (DNS) lookup
10. In computer security - this is an algorithm that uses separate keys for encryption and decryption.
False Acceptance Rate (FAR)
Asymmetric Algorithm
Pretty Good Privacy (PGP)
Hypertext Transfer Protocol (HTTP)
11. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.
Filter
Wi-Fi
Authentication Header (AH)
nslookup
12. A section or subset of the network. Often a router or other routing device provides the end point of the segment.
parameter tampering
segment
-PS
Packet Internet Groper (ping)
13. The Security Accounts Manager file in Windows stores all the password hashes for the system.
Kerberos
Vulnerability Scanning
SAM
red team
14. Black box test
RID Resource identifier
No previous knowledge of the network
S
Crossover Error Rate (CER)
15. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
NT LAN Manager (NTLM)
War Driving
private key
Possession of access devices
16. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
Active Fingerprinting
TACACS
protocol
MD5
17. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.
Tunneling Virus
Simple Object Access Protocol (SOAP)
Fraud and related activity in connection with computers
Three-Way (TCP) Handshake
18. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.
keylogger
false rejection rate (FRR)
script kiddie
null session
19. 18 U.S.C. 1030
social engineering
Fraud and related activity in connection with computers
sniffer
Wireless Local Area Network (WLAN)
20. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Cookie
logic bomb
SYN flood attack
Interior Gateway Protocol (IGP)
21. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
Application Layer
SAM
Routing Information Protocol (RIP)
-PI
22. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
flood
-sF
Black Box Testing
router
23. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
encapsulation
-oX
security by obscurity
Backdoor
24. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
-sS
Macro virus
Denial of Service (DoS)
SOA record
25. A social-engineering attack that manipulates the victim into calling the attacker for help.
Bluesnarfing
Cache
reverse social engineering
Eavesdropping
26. nmap
File Allocation Table (FAT)
Digital Watermarking
--randomize_hosts -O OS fingerprinting
Application Layer
27. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.
Bluesnarfing
sheepdip
honeynet
social engineering
28. nmap all output
site survey
802.11
-oA
Wi-Fi Protected Access (WPA)
29. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.
Tunnel
XOR Operation
Blowfish
Audit Trail
30. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
smart card
honeynet
audit
phishing
31. 18 U.S.C. 1029
script kiddie
Possession of access devices
Wrapper
Black Box Testing
32. IP Protocol Scan
Tunnel
Brute-Force Password Attack
-sO
Filter
33. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
queue
penetration testing
Pretty Good Privacy (PGP)
Open System Interconnection (OSI) Reference Model
34. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
key exchange protocol
Kerberos
rootkit
port knocking
35. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Information Technology (IT) infrastructure
Cracker
Point-to-Point Tunneling Protocol (PPTP)
-PM
36. Transmitting one protocol encapsulated inside another protocol.
overt channel
reverse social engineering
security by obscurity
Tunneling
37. Normal scan timing
Asset
forwarding
private key
parallel scan
38. TCP connect() scan
-sT
Password Authentication Protocol (PAP)
International Organization for Standardization (ISO)
Antivirus (AV) software
39. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).
nslookup
key exchange protocol
shrink-wrap code attacks
Backdoor
40. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.
null session
Access Point (AP)
spam
Tunneling
41. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Bluetooth
Last In First Out (LIFO)
Information Technology (IT) security architecture and framework
-sF
42. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
Telnet
Client
firewalking
-sO
43. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.
802.11
Zone transfer
Simple Network Management Protocol (SNMP)
-sO
44. FTP Bounce Attack
-b
personal identification number (PIN)
Banner Grabbing
Contingency Plan
45. Xmas Tree scan
ECHO reply
CIA triangle
open source
-sX
46. The concept of having more than one person required to complete a task
public key
script kiddie
separation of duties
Cookie
47. Name given to expert groups that handle computer security incidents.
Computer Emergency Response Team (CERT)
Bluetooth
TACACS
halo effect
48. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
HTTP tunneling
Time Bomb
Asynchronous
Information Technology (IT) security architecture and framework
49. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.
Console Port
Decryption
Warm Site
Point-to-Point Protocol (PPP)
50. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)
out-of-band signaling
Information Technology Security Evaluation Criteria (ITSEC)
packet filtering
single loss expectancy (SLE)