Test your basic knowledge |

CEH: Certified Ethical Hacker

Subjects : certifications, ceh, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. ex 02
ad hoc mode
Bluejacking
S
-sI

2. Hex 14
RxBoot
polymorphic virus
A R
Certificate Authority (CA)

3. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
encapsulation
Cryptographic Key
Baseline
-oG

4. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.
Whois
audit
Assessment
public key infrastructure (PKI)

5. A host designed to collect data on suspicious activity.
Contingency Plan
honeypot
Institute of Electrical and Electronics Engineers (IEEE)
Data Encryption Standard (DES)

6. The condition of a resource being ready for use and accessible by authorized users.
Target Of Engagement (TOE)
Availability
suicide hacker
operating system attack

7. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.
hash
Lightweight Directory Access Protocol (LDAP)
Point-to-Point Protocol (PPP)
Virus

8. Access by information systems (or users) communicating from outside the information system security perimeter.
Application-Level Attacks
infrastructure mode
remote access
Cryptography

9. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.
Electronic serial number
false rejection rate (FRR)
Auditing
NT LAN Manager (NTLM)

10. An Application layer protocol for managing devices on an IP network.
suicide hacker
Simple Network Management Protocol (SNMP)
Active Directory (AD)
MAC filtering

11. Establish Null Session
net use \[target ip]IPC$ '' /user:''
SYN attack
forwarding
key exchange protocol

12. A protocol used for sending and receiving log information for nodes on a network.
-PT
Biometrics
Syslog
reconnaissance

13. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.
Virus Hoax
rogue access point
fragmentation
security incident response team (SIRT)

14. A communications protocol used for browsing the Internet.
RID Resource identifier
Hypertext Transfer Protocol (HTTP)
security by obscurity
intrusion detection system (IDS)

15. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.
Wireless Local Area Network (WLAN)
Web Spider
INFOSEC Assessment Methodology (IAM)
local area network (LAN)

16. The potential for damage to or loss of an IT asset
ad hoc mode
Common Internet File System/Server Message Block
risk
private network address

17. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
risk
Time exceeded
Whois
Vulnerability Assessment

18. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
Macro virus
scope creep
Vulnerability
Access Creep

19. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
sheepdip
Google hacking
Syslog
audit

20. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive
asynchronous transmission
parallel scan & 300 sec timeout & 1.25 sec/probe
War Dialing
Data Link layer

21. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
Sign in Seal
hash
End User Licensing Agreement (EULA)
false rejection rate (FRR)

22. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.
gateway
red team
Mantrap
Virtual Local Area Network (VLAN)

23. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
-PP
POP 3
Routing Protocol
-PM

24. The Security Accounts Manager file in Windows stores all the password hashes for the system.
SAM
Backdoor
File Allocation Table (FAT)
Unicode

25. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
shoulder surfing
Black Hat
-sA
Copyright

26. TCP Ping
Confidentiality
-PT
RPC-DCOM
parallel scan

27. Injecting traffic into the network to identify the operating system of a device.
404EE
Smurf attack
non-repudiation
Active Fingerprinting

28. A string that represents the location of a web resource
Interior Gateway Protocol (IGP)
shoulder surfing
polymorphic virus
Uniform Resource Locator (URL)

29. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
War Chalking
Certificate Authority (CA)
Cloning
Cookie

30. Shifting responsibility from one party to another
risk transference
Minimum acceptable level of risk
Assessment
Rijndael

31. Microsoft SID 500
Serial Line Internet Protocol (SLIP)
Local Administrator
Corrective Controls
Tunneling

32. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
Post Office Protocol 3 (POP3)
Computer Emergency Response Team (CERT)
-oA
Denial of Service (DoS)

33. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
Acknowledgment (ACK)
Level III assessment
Methodology
Internet Protocol Security (IPSec) architecture

34. Port 31337
NT LAN Manager (NTLM)
Back orifice
security by obscurity
hashing algorithm

35. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
--randomize_hosts -O OS fingerprinting
Asymmetric
Vulnerability Assessment
Authorization

36. An attack that exploits the common mistake many people make when installing operating systems
LDAP
Vulnerability
operating system attack
physical security

37. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
initial sequence number (ISN)
Macro virus
Interior Gateway Protocol (IGP)
-sX

38. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
ring topology
-PI
Presentation layer
quantitative risk assessment

39. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori
keylogger
Digital Certificate
intrusion prevention system (IPS)
sidejacking

40. 18 U.S.C. 1030
Local Administrator
Covert Channel
false rejection rate (FRR)
Fraud and related activity in connection with computers

41. MAC Flooding
Detective Controls
-sX
Web Spider
Overwhelm CAM table to convert switch to hub mode

42. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.
rogue access point
CNAME record
Zone transfer
sheepdip

43. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
Authentication Header (AH)
Corrective Controls
Database
Computer Emergency Response Team (CERT)

44. A group of experts that handles computer security incidents.
security incident response team (SIRT)
Information Technology (IT) asset criticality
keylogger
proxy server

45. Aggressive scan timing
sheepdip
Self Replicating
Accountability
parallel scan & 300 sec timeout & 1.25 sec/probe

46. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
Wi-Fi Protected Access (WPA)
Packet Internet Groper (ping)
Echo request
Temporal Key Integrity Protocol (TKIP)

47. UDP Scan
Buffer Overflow
-sU
public key
router

48. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
enumeration
TACACS
out-of-band signaling
Asynchronous

49. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
Telnet
FTP
ISO 17799
single loss expectancy (SLE)

50. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
hashing algorithm
Internet Protocol Security (IPSec) architecture
Post Office Protocol 3 (POP3)
Contingency Plan