SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
Information Technology (IT) asset criticality
Certificate Authority (CA)
Routing Protocol
packet
2. ICMP Type/Code 8
Echo request
War Chalking
Finding a directory listing and gaining access to a parent or root file for access to other files
remote procedure call (RPC)
3. A wireless networking mode where all clients connect to the wireless network through a central access point.
infrastructure mode
Cache
Daisy Chaining
hashing algorithm
4. An evaluation conducted to determine the potential for damage to or loss of an IT asset.
Console Port
Routing Information Protocol (RIP)
risk assessment
End User Licensing Agreement (EULA)
5. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.
Tini
Acknowledgment (ACK)
Baseline
Domain Name System (DNS) lookup
6. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
gray hat
Information Technology Security Evaluation Criteria (ITSEC)
Worm
Fiber Distributed Data Interface (FDDI)
7. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
Wireless Local Area Network (WLAN)
stream cipher
network access server
HIDS
8. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
Hacks without permission
Countermeasures
role-based access control
Virtual Local Area Network (VLAN)
9. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.
Defense in Depth
Presentation layer
encryption
Baseline
10. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.
Active Attack
NOP
Wide Area Network (WAN)
route
11. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio
User Datagram Protocol (UDP)
private key
End User Licensing Agreement (EULA)
The automated process of proactively identifying vulnerabilities of computing systems present in a network
12. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Acceptable Use Policy (AUP)
Covert Channel
physical security
Methodology
13. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
A R
Service Set Identifier (SSID)
Virtual Private Network (VPN)
Discretionary Access Control (DAC)
14. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
Multipartite virus
Discretionary Access Control (DAC)
-oN
Active Attack
15. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
NOP
network operations center (NOC)
Domain Name
-PS
16. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
Port Address Translation (PAT)
Biometrics
Defines legal email marketing
Wireless Local Area Network (WLAN)
17. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.
audit
patch
private key
router
18. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.
Internet Assigned Number Authority (IANA)
Digital Certificate
signature scanning
Wireless Local Area Network (WLAN)
19. Using conversation or some other interaction between people to gather useful information.
audit
Smurf attack
Port Address Translation (PAT)
human-based social engineering
20. A communications protocol used for browsing the Internet.
shoulder surfing
Vulnerability Management
logic bomb
Hypertext Transfer Protocol (HTTP)
21. An adapter that provides the physical connection to send and receive data between the computer and the network media.
Trapdoor Function
Decryption
network interface card (NIC)
spoofing
22. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
inference attack
limitation of liability and remedies
Banner Grabbing
Multipurpose Internet Mail Extensions (MIME)
23. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
Auditing
Virtual Private Network (VPN)
Network Basic Input/Output System (NetBIOS)
Backdoor
24. Black box test
security breach or security incident
Network Basic Input/Output System (NetBIOS)
No previous knowledge of the network
Console Port
25. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.
non-repudiation
fragmentation
-b
separation of duties
26. A business - government agency - or educational institution that provides access to the Internet.
Wrapper
Ciphertext
Routing Information Protocol (RIP)
Internet service provider (ISP)
27. Access by information systems (or users) communicating from outside the information system security perimeter.
remote access
Back orifice
-sA
Zone transfer
28. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.
Archive
Web Spider
Eavesdropping
Kerberos
29. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.
CNAME record
Internet Protocol (IP)
patch
private network address
30. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.
U P F
Defense in Depth
Hierarchical File System (HFS)
Exploit
31. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
encryption
Distributed DoS (DDoS)
Trusted Computer Base (TCB)
Community String
32. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
POST
remote access
patch
flood
33. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
Google hacking
Mantrap
Vulnerability Assessment
risk acceptance
34. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
Baseline
network operations center (NOC)
Open System Interconnection (OSI) Reference Model
honeynet
35. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
-sW
Ethernet
Password Authentication Protocol (PAP)
shrink-wrap code attacks
36. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.
Methodology
Certificate
Information Technology Security Evaluation Criteria (ITSEC)
rule-based access control
37. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
signature scanning
-sL
Vulnerability Management
Denial of Service (DoS)
38. SYN Ping
-PS
Droppers
Wiretapping
A S
39. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
protocol stack
risk transference
Worm
Target Of Engagement (TOE)
40. A person or entity indirectly involved in a relationship between two principles.
Defines legal email marketing
NT LAN Manager (NTLM)
Third Party
Methodology
41. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
Extensible Authentication Protocol (EAP)
-sS
hashing algorithm
sidejacking
42. A computer process that requests a service from another computer and accepts the server's responses.
Hypertext Transfer Protocol Secure (HTTPS)
Common Internet File System/Server Message Block
-sF
Client
43. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
Bluejacking
reverse lookup; reverse DNS lookup
Written Authorization
hash
44. Cracking Tools
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
queue
Information Technology (IT) infrastructure
Syslog
45. don't ping
-P0
Domain Name System (DNS) lookup
Timestamping
Asset
46. The act of checking some sequence of tokens for the presence of the constituents of some pattern.
-sW
session splicing
Tumbling
pattern matching
47. A record showing which user has accessed a given resource and what operations the user performed during a given period.
Buffer
replay attack
Defines legal email marketing
Audit Trail
48. Xmas Tree scan
sniffer
-sX
Active Attack
limitation of liability and remedies
49. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.
Block Cipher
security bulletins
ad hoc mode
Three-Way (TCP) Handshake
50. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.
Service Set Identifier (SSID)
Collision
Ethernet
Domain Name System (DNS)