Tests are not all created equally. There are good tests, and then there are bad tests - the difference between the two is the quality of the question. We took a look at the EC-Council Ethical Hacking Practice test and found it amusing in some ways, but confusing in others...
For example, one of the questions asked something similar to:
How will a web site operator overcome an XSS flaw?
- Disable remote desktop
- Check the database for errors
- Check sanity of the code by reviewing the headers
- Block port 125
The answer is pretty obvious, but the obvious answer is not really correct - IMHO. You need to check the sanity of more than just the header.
Other example, Which is true about active stack fingerprinting:
- It uses sniffing techniques instead of the scanning techniques
- It is based on the fact that various vendors of OS implement the TCP stack differently
- It uses password crackers to escalate system privileges
- It is based on the differential implantation of the stack and the various ways an OS responds to it
Well, I know it is one of two options...but aren't those both true? Perhaps someone can shed some light here for me...
While many of the questions were good, some were a bit to specific. For example, knowing the name of a trojan that replaces MSMessenger on your PC is something I personally didn't know off the top of my head. Keeping track of the names and MO's of the thousands of trojans out there is pretty much impossible.
Still, the quiz was worth my time and I even learned a thing or two!
...and you don't have to use your real information.