SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)
Detective Controls
hash
network tap
Telnet
2. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Tunneling
Filter
iris scanner
Acceptable Use Policy (AUP)
3. CAN-SPAM
CIA triangle
Transport Layer Security (TLS)
-sP
Defines legal email marketing
4. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
Application-Level Attacks
Zenmap
Wired Equivalent Privacy (WEP)
User Datagram Protocol (UDP)
5. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.
Domain Name
serial scan & 300 sec wait
Block Cipher
MAC filtering
6. In computer security - this is an algorithm that uses separate keys for encryption and decryption.
Asymmetric Algorithm
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
parallel scan
Videocipher II Satellite Encryption System
7. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
Virus
Temporal Key Integrity Protocol (TKIP)
Decryption
ECHO reply
8. The steps taken to gather evidence and information on the targets you wish to attack.
National Security Agency
stream cipher
reconnaissance
Defines legal email marketing
9. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie
Interior Gateway Protocol (IGP)
Cookie
Media Access Control (MAC)
Exploit
10. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.
Hacks without permission
-PP
Digital Certificate
Tunneling Virus
11. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.
parallel scan
Internet Protocol (IP)
-p <port ranges>
SMB
12. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
serialize scans & 0.4 sec wait
Directory Traversal
Mantrap
Active Attack
13. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
EDGAR database
-sW
Backdoor
TACACS
14. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
RPC-DCOM
Time To Live (TTL)
-PI
service level agreements (SLAs)
15. The default network authentication suite of protocols for Windows NT 4.0
serialize scans & 0.4 sec wait
Redundant Array of Independent Disks (RAID)
honeynet
NT LAN Manager (NTLM)
16. A protocol that allows a client computer to request services from a server and the server to return the results.
local area network (LAN)
spam
Time Bomb
remote procedure call (RPC)
17. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
Virtual Private Network (VPN)
Google hacking
Filter
service level agreements (SLAs)
18. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
Blowfish
Internet service provider (ISP)
Collision
Cold Site
19. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
Information Technology (IT) infrastructure
footprinting
SID
replay attack
20. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.
Routing Information Protocol (RIP)
Lightweight Directory Access Protocol (LDAP)
Finger
Mandatory access control (MAC)
21. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
Multipurpose Internet Mail Extensions (MIME)
Authentication
security controls
Boot Sector Virus
22. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
physical security
Information Technology (IT) security architecture and framework
Written Authorization
Transport Layer Security (TLS)
23. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Banner Grabbing
Denial of Service (DoS)
Access Control List (ACL)
Cryptography
24. ICMP Ping
rogue access point
MD5
-PI
honeynet
25. 18 U.S.C. 1030
Distributed DoS (DDoS)
Bug
Fraud and related activity in connection with computers
pattern matching
26. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
heuristic scanning
Last In First Out (LIFO)
suicide hacker
local area network (LAN)
27. Idlescan
rogue access point
-sI
Administratively Prohibited
DNS enumeration
28. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.
overt channel
Information Technology (IT) security architecture and framework
Block Cipher
Tunneling Virus
29. The conveying of official access or legal power to a person or entity.
Master boot record infector
identity theft
Authorization
self encrypting
30. Attacks on the actual programming code of an application.
Access Creep
Application-Level Attacks
-p <port ranges>
Cracker
31. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.
network tap
-sV
Unicode
Distributed DoS (DDoS)
32. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
Time To Live (TTL)
Mandatory access control (MAC)
fully qualified domain name (FQDN)
War Driving
33. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.
HIDS
Console Port
Tunneling
U P F
34. PI and PT Ping
EDGAR database
Methodology
Dumpster Diving
-PB
35. Hex 04
Post Office Protocol 3 (POP3)
queue
protocol stack
R
36. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
scope creep
Defense in Depth
risk avoidance
Discretionary Access Control (DAC)
37. A social-engineering attack using computer resources - such as e-mail or IRC.
honeypot
Simple Network Management Protocol (SNMP)
Zero Subnet
Computer-Based Attack
38. A computer network confined to a relatively small area - such as a single building or campus.
Minimum acceptable level of risk
local area network (LAN)
private key
XOR Operation
39. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
router
single loss expectancy (SLE)
Corrective Controls
Database
40. Computer software or hardware that can intercept and log traffic passing over a digital network.
private network address
proxy server
NOP
sniffer
41. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
symmetric encryption
Ciphertext
risk
packet
42. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
Tini
Port Address Translation (PAT)
network operations center (NOC)
Secure Multipurpose Mail Extension (S/MIME)
43. 18 U.S.C. 1029
keylogger
Corrective Controls
Trapdoor Function
Possession of access devices
44. The potential for damage to or loss of an IT asset
risk
Demilitarized Zone (DMZ)
-sP
audit
45. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
A R
Acknowledgment (ACK)
Eavesdropping
Electronic serial number
46. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
source routing
XOR Operation
Access Control List (ACL)
Bluejacking
47. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.
red team
Authentication Header (AH)
personal identification number (PIN)
404EE
48. A computer virus that infects and spreads in multiple ways.
payload
Lightweight Directory Access Protocol (LDAP)
Multipartite virus
footprinting
49. A command used in HTTP and FTP to retrieve a file from a server.
GET
Information Technology (IT) asset valuation
personal identification number (PIN)
reconnaissance
50. The ability to trace actions performed on a system to a specific user or system entity.
Anonymizer
physical security
qualitative analysis
Accountability
