Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






2. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






3. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






4. A Windows-based GUI version of nmap.






5. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






6. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






7. Another term for firewalking






8. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






9. Port 137/138/139






10. A virus written in a macro language and usually embedded in document or spreadsheet files.






11. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






12. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.






13. A protocol defining packets that are able to be routed by a router.






14. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






15. Hex 04






16. Port 88






17. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).






18. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






19. TCP Ping






20. A storage buffer that transparently stores data so future requests for the same data can be served faster.






21. A device providing temporary - on-demand - point-to-point network access to users.






22. Phases of an attack






23. A software or hardware application or device that captures user keystrokes.






24. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






25. A point of reference used to mark an initial state in order to manage change.






26. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.






27. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






28. Black hat






29. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






30. The ability to trace actions performed on a system to a specific user or system entity.






31. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






32. An early network application that provides information on users currently logged on to a machine.






33. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






34. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






35. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.






36. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






37. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


38. A string that represents the location of a web resource






39. A communications protocol used for browsing the Internet.






40. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






41. The process of determining if a network entity (user or service) is legitimate






42. Aggressive scan timing






43. nmap all output






44. The level of importance assigned to an IT asset






45. A wireless networking mode where all clients connect to the wireless network through a central access point.






46. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






47. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






48. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






49. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






50. Polite scan timing