Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a






2. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t






3. A protocol that allows a client computer to request services from a server and the server to return the results.






4. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






5. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






6. Black hat






7. A communications protocol used for browsing the Internet.






8. Hex 10






9. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






10. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






11. Port 88






12. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






13. Another term for firewalking






14. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






15. ICMP Ping






16. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






17. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






18. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






19. Shifting responsibility from one party to another






20. Window Scan






21. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






22. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






23. TCP connect() scan






24. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






25. Incremental Substitution






26. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






27. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






28. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






29. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






30. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






31. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).






32. Aggressive scan timing






33. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






34. SYN Ping






35. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






36. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






37. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.






38. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






39. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






40. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






41. A file system used by the Mac OS.






42. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






43. ICMP Type/Code 8






44. FTP Bounce Attack






45. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






46. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






47. TCP Ping






48. Monitoring of telephone or Internet conversations - typically by covert means.






49. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


50. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.