Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ICMP Type/Code 8






2. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






3. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






4. Black hat






5. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






6. Policy stating what users of a system can and cannot do with the organization's assets.






7. Cracking Tools






8. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






9. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






10. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






11. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t






12. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






13. An Application layer protocol for managing devices on an IP network.






14. Hex 10






15. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






16. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






17. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






18. Port 31337






19. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






20. Name given to expert groups that handle computer security incidents.






21. An early network application that provides information on users currently logged on to a machine.






22. A program designed to execute at a specific time to release malicious code onto the computer system or network.






23. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door






24. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






25. The process of determining if a network entity (user or service) is legitimate






26. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a






27. SYN Ping






28. Port 389






29. ex 02






30. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






31. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






32. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.






33. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






34. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






35. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






36. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






37. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






38. White box test






39. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






40. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






41. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






42. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






43. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






44. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






45. A computer process that requests a service from another computer and accepts the server's responses.






46. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


47. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






48. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






49. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






50. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.