Test your basic knowledge |

CEH: Certified Ethical Hacker

Subjects : certifications, ceh, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Idlescan
pattern matching
Whois
-sI
Fraud and related activity in connection with computers

2. The act of dialing all numbers within an organization to discover open modems.
protocol
firewall
payload
War Dialing

3. White hat
NetBSD
Hacks with permission
role-based access control
self encrypting

4. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
session hijacking
Hypertext Transfer Protocol (HTTP)
-PI
Tini

5. NSA
patch
suicide hacker
Echo request
National Security Agency

6. ICMP Netmask
Bluetooth
Secure Multipurpose Mail Extension (S/MIME)
-sW
-PM

7. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
parallel scan
Crossover Error Rate (CER)
routed protocol
CNAME record

8. A group of experts that handles computer security incidents.
Certificate
security incident response team (SIRT)
network interface card (NIC)
security defect

9. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
Challenge Handshake Authentication Protocol (CHAP)
reconnaissance
Wi-Fi Protected Access (WPA)
impersonation

10. A computer virus that infects and spreads in multiple ways.
penetration testing
MD5
Multipartite virus
Written Authorization

11. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
Tini
risk transference
network access server
Whois

12. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.
R
gateway
Daemon
NetBSD

13. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
rootkit
Cache
Audit Data
Competitive Intelligence

14. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.
sheepdip
Asymmetric
Tumbling
Annualized Loss Expectancy (ALE)

15. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
Kerberos
logic bomb
-oA
identity theft

16. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
INFOSEC Assessment Methodology (IAM)
Confidentiality
Countermeasures
Post Office Protocol 3 (POP3)

17. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response
symmetric encryption
packet
-sF
SYN flood attack

18. Attacks on the actual programming code of an application.
hashing algorithm
intrusion prevention system (IPS)
Electronic Code Book (ECB)
Application-Level Attacks

19. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
Extensible Authentication Protocol (EAP)
-sT
Post Office Protocol 3 (POP3)
Daisy Chaining

20. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
secure channel
Data Encryption Standard (DES)
penetration testing
Black Hat

21. Cracking Tools
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
SYN flood attack
Wired Equivalent Privacy (WEP)
Directory Traversal

22. A communications protocol used for browsing the Internet.
parallel scan & 75 sec timeout & 0.3 sec/probe
Acceptable Use Policy (AUP)
Hypertext Transfer Protocol (HTTP)
security defect

23. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
forwarding
operating system attack
Interior Gateway Protocol (IGP)
Minimum acceptable level of risk

24. Port 135
serialize scans & 0.4 sec wait
Filter
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
RPC-DCOM

25. A small Trojan program that listens on port 777.
-P0
Tini
Address Resolution Protocol (ARP)
Time exceeded

26. ICMP Type/Code 11
Virus
script kiddie
Time exceeded
-sI

27. A computer network confined to a relatively small area - such as a single building or campus.
local area network (LAN)
Client
Internal access to the network
Domain Name System (DNS) lookup

28. Nmap ml output
Internet Protocol (IP)
Due Care
-oX
Third Party

29. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
gray box testing
quality of service (QoS)
qualitative analysis
U P F

30. Ports 20/21
FTP
Point-to-Point Protocol (PPP)
CNAME record
separation of duties

31. In computer security - this is an algorithm that uses separate keys for encryption and decryption.
intranet
Asymmetric Algorithm
Replacing numbers in a url to access other files
Bastion host

32. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
Audit Trail
risk avoidance
Overwhelm CAM table to convert switch to hub mode
Certificate

33. TCP Ping
-PT
Transmission Control Protocol (TCP)
SOA record
SMB

34. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
Banner Grabbing
U P F
SNMP
Directory Traversal

35. Computer software or hardware that can intercept and log traffic passing over a digital network.
Block Cipher
Simple Network Management Protocol (SNMP)
sniffer
Certificate

36. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
Information Technology Security Evaluation Criteria (ITSEC)
Audit Data
local area network (LAN)
Echo request

37. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.
private key
End User Licensing Agreement (EULA)
Videocipher II Satellite Encryption System
Interior Gateway Protocol (IGP)

38. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
private network address
forwarding
Electronic Code Book (ECB)
-sP

39. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu
Distributed DoS (DDoS)
intrusion prevention system (IPS)
Collision
flood

40. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
Application Layer
Exposure Factor
keylogger
audit

41. Injecting traffic into the network to identify the operating system of a device.
Brute-Force Password Attack
Interior Gateway Protocol (IGP)
port scanning
Active Fingerprinting

42. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a
-sR
Malicious code
Internet Protocol Security (IPSec) architecture
port knocking

43. An Internet routing protocol used to exchange routing information within an autonomous system.
Information Technology (IT) infrastructure
sniffer
Cracker
Interior Gateway Protocol (IGP)

44. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
User Datagram Protocol (UDP)
Malware
initial sequence number (ISN)
Fiber Distributed Data Interface (FDDI)

45. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
-sX
Virtual Local Area Network (VLAN)
personal identification number (PIN)
Anonymizer

46. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
EDGAR database
Internet service provider (ISP)
Daisy Chaining
ring topology

47. Microsoft SID 500
Electronic Code Book (ECB)
Local Administrator
Internal access to the network
Minimum acceptable level of risk

48. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.
Bug
RID Resource identifier
reverse social engineering
Access Control List (ACL)

49. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.
reverse lookup; reverse DNS lookup
-sX
quality of service (QoS)
Internet Protocol (IP)

50. An adapter that provides the physical connection to send and receive data between the computer and the network media.
network interface card (NIC)
separation of duties
Administratively Prohibited
Redundant Array of Independent Disks (RAID)