SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A defined measure of service within a network system
quality of service (QoS)
site survey
Kerberos
War Chalking
2. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.
public key
Black Box Testing
Cryptography
node
3. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
POST
separation of duties
Multipurpose Internet Mail Extensions (MIME)
queue
4. A computer process that requests a service from another computer and accepts the server's responses.
Lightweight Directory Access Protocol (LDAP)
Client
self encrypting
Vulnerability Assessment
5. The process of using easily accessible DNS records to map a target network's internal hosts.
DNS enumeration
Algorithm
out-of-band signaling
Media Access Control (MAC)
6. The steps taken to gather evidence and information on the targets you wish to attack.
Transport Layer Security (TLS)
NT LAN Manager (NTLM)
reconnaissance
Address Resolution Protocol (ARP)
7. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Simple Object Access Protocol (SOAP)
ECHO reply
Methodology
packet filtering
8. A systematic process for the assessment of security vulnerabilities.
INFOSEC Assessment Methodology (IAM)
quantitative risk assessment
Information Technology (IT) asset criticality
-sP
9. Window Scan
Wrapper
Asymmetric Algorithm
War Dialing
-sW
10. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
Secure Multipurpose Mail Extension (S/MIME)
Fast Ethernet
out-of-band signaling
Droppers
11. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
Point-to-Point Tunneling Protocol (PPTP)
Open System Interconnection (OSI) Reference Model
Hypertext Transfer Protocol (HTTP)
routed protocol
12. Phases of an attack
Cold Site
Internet service provider (ISP)
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Defense in Depth
13. A protocol for exchanging packets over a serial line.
Countermeasures
Serial Line Internet Protocol (SLIP)
Local Administrator
ad hoc mode
14. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
Challenge Handshake Authentication Protocol (CHAP)
NOP
Digital Signature
gray box testing
15. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
Cracker
personal identification number (PIN)
SID
-P0
16. Formal description and evaluation of the vulnerabilities in an information system
Vulnerability Management
secure channel
quantitative risk assessment
Vulnerability Assessment
17. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
SYN attack
Brute-Force Password Attack
secure channel
Trojan Horse
18. Xmas Tree scan
Detective Controls
null session
-sX
Vulnerability Assessment
19. FIN Scan
Certificate Authority (CA)
-sF
Ethical Hacker
-sT
20. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
Worm
piggybacking
Post Office Protocol 3 (POP3)
Ciphertext
21. Polite scan timing
fully qualified domain name (FQDN)
-sL
serialize scans & 0.4 sec wait
Trapdoor Function
22. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.
Information Technology (IT) infrastructure
International Organization for Standardization (ISO)
CNAME record
Kerberos
23. The condition of a resource being ready for use and accessible by authorized users.
keylogger
Access Creep
Availability
Packet Internet Groper (ping)
24. An organized collection of data.
routed protocol
inference attack
Hypertext Transfer Protocol (HTTP)
Database
25. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.
false rejection rate (FRR)
File Allocation Table (FAT)
network access server
Boot Sector Virus
26. The ability to trace actions performed on a system to a specific user or system entity.
XOR Operation
Accountability
ping sweep
remote access
27. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
protocol
Active Directory (AD)
Tunneling Virus
Serial Line Internet Protocol (SLIP)
28. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
Written Authorization
reverse lookup; reverse DNS lookup
Malicious code
R
29. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
Level II assessment
Brute-Force Password Attack
EDGAR database
port redirection
30. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
Copyright
Countermeasures
Multipurpose Internet Mail Extensions (MIME)
security defect
31. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.
null session
replay attack
No previous knowledge of the network
Internet service provider (ISP)
32. A computer file system architecture used in Windows - OS/2 - and most memory cards.
Certificate Authority (CA)
passive attack
remote procedure call (RPC)
File Allocation Table (FAT)
33. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
gray hat
War Driving
Echo request
Annualized Loss Expectancy (ALE)
34. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
private key
Discretionary Access Control (DAC)
MD5
Wide Area Network (WAN)
35. The level of importance assigned to an IT asset
hybrid attack
replay attack
Point-to-Point Protocol (PPP)
Information Technology (IT) asset criticality
36. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
Crossover Error Rate (CER)
signature scanning
File Allocation Table (FAT)
risk
37. Policy stating what users of a system can and cannot do with the organization's assets.
Acceptable Use Policy (AUP)
Ethernet
Telnet
route
38. Monitoring of telephone or Internet conversations - typically by covert means.
Minimum acceptable level of risk
Wiretapping
signature scanning
Banner Grabbing
39. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.
Due Diligence
payload
script kiddie
false negative
40. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets
sniffer
Google hacking
session splicing
asynchronous transmission
41. Aggressive scan timing
Master boot record infector
Access Control List (ACL)
parallel scan & 300 sec timeout & 1.25 sec/probe
flood
42. nmap all output
Certificate
-oA
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Bit Flipping
43. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
spyware
parameter tampering
remote access
Backdoor
44. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p
Data Encryption Standard (DES)
heuristic scanning
Due Diligence
spyware
45. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.
Biometrics
MAC filtering
Last In First Out (LIFO)
asynchronous transmission
46. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
Cold Site
Cache
honeynet
Wireless Local Area Network (WLAN)
47. An attack that exploits the common mistake many people make when installing operating systems
-sU
operating system attack
SSH
Authorization
48. Incremental Substitution
Replacing numbers in a url to access other files
security kernel
User Datagram Protocol (UDP)
stateful packet filtering
49. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
Echo request
ring topology
Tunnel
ECHO reply
50. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.
Address Resolution Protocol (ARP) table
NetBSD
nslookup
-PP
