SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. White hat
Daemon
Filter
Domain Name
Hacks with permission
2. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
Threat
HTTP tunneling
Bastion host
Electronic Code Book (ECB)
3. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.
fully qualified domain name (FQDN)
sniffer
non-repudiation
Wrapper
4. ACK Scan
shoulder surfing
Simple Object Access Protocol (SOAP)
-sA
security kernel
5. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
Trusted Computer System Evaluation Criteria (TCSEC)
Secure Sockets Layer (SSL)
Port Address Translation (PAT)
signature scanning
6. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
Packet Internet Groper (ping)
Electronic Code Book (ECB)
honeynet
Simple Object Access Protocol (SOAP)
7. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.
Client
Acceptable Use Policy (AUP)
security controls
Domain Name System (DNS)
8. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
NOP
private key
iris scanner
Internet Protocol Security (IPSec) architecture
9. An adapter that provides the physical connection to send and receive data between the computer and the network media.
-sW
Unicode
spoofing
network interface card (NIC)
10. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Videocipher II Satellite Encryption System
Bluejacking
Filter
security incident response team (SIRT)
11. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
audit
Application Layer
R
Active Fingerprinting
12. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
Buffer Overflow
Zombie
network interface card (NIC)
halo effect
13. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
Port Address Translation (PAT)
HTTP
queue
Discretionary Access Control (DAC)
14. A list of IP addresses and corresponding MAC addresses stored on a local computer.
out-of-band signaling
Address Resolution Protocol (ARP) table
parallel scan
Asynchronous
15. The concept of having more than one person required to complete a task
separation of duties
Hierarchical File System (HFS)
CAM table
Time exceeded
16. nmap
Wiretapping
R
Backdoor
--randomize_hosts -O OS fingerprinting
17. A method of external testing whereby several systems or resources are used together to effect an attack.
Daisy Chaining
Client
Destination Unreachable
Electronic Code Book (ECB)
18. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
Annualized Loss Expectancy (ALE)
Client
Zenmap
rootkit
19. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
piggybacking
NetBus
Buffer Overflow
asynchronous transmission
20. 18 U.S.C. 1030
Fraud and related activity in connection with computers
Algorithm
route
Malware
21. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.
hybrid attack
Three-Way (TCP) Handshake
qualitative analysis
Service Set Identifier (SSID)
22. Any item of value or worth to an organization - whether physical or virtual.
Asset
Wide Area Network (WAN)
passive attack
Blowfish
23. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
Vulnerability
firewalking
source routing
Hacks with permission
24. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
Virtual Private Network (VPN)
logic bomb
Acknowledgment (ACK)
flood
25. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Event
Trapdoor Function
honeypot
Accountability
26. The potential for damage to or loss of an IT asset
parameter tampering
risk
remote procedure call (RPC)
XOR Operation
27. A point of reference used to mark an initial state in order to manage change.
session splicing
U P F
-PS
Baseline
28. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Archive
Virus Hoax
quality of service (QoS)
Tini
29. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
Data Link layer
User Datagram Protocol (UDP)
SYN flood attack
Trapdoor Function
30. A social-engineering attack using computer resources - such as e-mail or IRC.
false rejection rate (FRR)
public key
Computer-Based Attack
SNMP
31. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
script kiddie
shrink-wrap code attacks
Cracker
Filter
32. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
Echo Reply
protocol
ECHO reply
penetration testing
33. A program designed to execute at a specific time to release malicious code onto the computer system or network.
-P0
Banner Grabbing
Time Bomb
Annualized Loss Expectancy (ALE)
34. Port 22
Tunneling
SSH
Database
security controls
35. A protocol used to pass control and error messages between nodes on the Internet.
public key
router
Accountability
Internet Control Message Protocol (ICMP)
36. A virus written in a macro language and usually embedded in document or spreadsheet files.
Macro virus
SNMP
Hacks without permission
Assessment
37. A free and popular version of the Unix operating system.
Acknowledgment (ACK)
Hacks without permission
Written Authorization
FreeBSD
38. Two or more LANs connected by a high-speed line across a large geographical area.
SNMP
Wide Area Network (WAN)
-sV
LDAP
39. nmap
-p <port ranges>
Uniform Resource Locator (URL)
-PP
Archive
40. A string that represents the location of a web resource
Uniform Resource Locator (URL)
Zero Subnet
Network Basic Input/Output System (NetBIOS)
Cloning
41. An early network application that provides information on users currently logged on to a machine.
Finger
overt channel
stream cipher
Information Technology (IT) asset valuation
42. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.
Kerberos
Rijndael
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
Anonymizer
43. A communications protocol used for browsing the Internet.
Hypertext Transfer Protocol (HTTP)
Fast Ethernet
fully qualified domain name (FQDN)
footprinting
44. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
Multipurpose Internet Mail Extensions (MIME)
-sL
footprinting
Multipartite virus
45. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.
Routing Protocol
RPC-DCOM
XOR Operation
Address Resolution Protocol (ARP)
46. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
gray hat
Point-to-Point Protocol (PPP)
White Box Testing
routed protocol
47. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
fragmentation
security kernel
Zone transfer
sidejacking
48. An attack that exploits the common mistake many people make when installing operating systems
operating system attack
Interior Gateway Protocol (IGP)
Google hacking
port knocking
49. Nmap normal output
POST
Virtual Private Network (VPN)
Covert Channel
-oN
50. Port 110
remote access
Domain Name System (DNS) lookup
POP 3
ping sweep
