SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A computer network confined to a relatively small area - such as a single building or campus.
Redundant Array of Independent Disks (RAID)
GET
local area network (LAN)
Common Internet File System/Server Message Block
2. Hex 12
limitation of liability and remedies
ping sweep
MD5
A S
3. Shifting responsibility from one party to another
security by obscurity
risk transference
honeypot
Internet Assigned Number Authority (IANA)
4. ACK Scan
-PI
network operations center (NOC)
-sA
Cloning
5. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
Antivirus (AV) software
footprinting
Port Address Translation (PAT)
initial sequence number (ISN)
6. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
firewall
Network Basic Input/Output System (NetBIOS)
Hypertext Transfer Protocol (HTTP)
out-of-band signaling
7. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.
packet
Serial Line Internet Protocol (SLIP)
SYN flood attack
Defense in Depth
8. An Application layer protocol for managing devices on an IP network.
Simple Network Management Protocol (SNMP)
Zenmap
Malware
Fraud and related activity in connection with computers
9. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
Hacks with permission
symmetric algorithm
Level II assessment
firewall
10. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
remote access
Banner Grabbing
Hacks without permission
site survey
11. Ports 20/21
Fiber Distributed Data Interface (FDDI)
FTP
Common Internet File System/Server Message Block
Due Diligence
12. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat
Simple Mail Transfer Protocol (SMTP)
-sV
Baseline
protocol
13. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
14. nmap
Ciphertext
-p <port ranges>
hardware keystroke logger
Bug
15. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.
Challenge Handshake Authentication Protocol (CHAP)
Information Technology (IT) asset valuation
serialize scans & 0.4 sec wait
rootkit
16. A protocol defining packets that are able to be routed by a router.
routed protocol
-sW
Secure Sockets Layer (SSL)
Echo Reply
17. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.
Information Technology (IT) infrastructure
File Allocation Table (FAT)
security kernel
net use \[target ip]IPC$ '' /user:''
18. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori
Ciphertext
session hijacking
Digital Certificate
Contingency Plan
19. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
War Driving
network tap
Information Technology Security Evaluation Criteria (ITSEC)
gateway
20. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.
CIA triangle
War Driving
DNS enumeration
Due Diligence
21. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
asynchronous transmission
Ciphertext
Address Resolution Protocol (ARP) table
encapsulation
22. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.
RID Resource identifier
service level agreements (SLAs)
steganography
Application-Level Attacks
23. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
Accountability
intrusion prevention system (IPS)
hot site
Open System Interconnection (OSI) Reference Model
24. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
Wired Equivalent Privacy (WEP)
Blowfish
War Driving
Smurf attack
25. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
ad hoc mode
Worm
Warm Site
Minimum acceptable level of risk
26. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
gray box testing
-PT
spam
NetBus
27. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
CNAME record
Bluetooth
Contingency Plan
Videocipher II Satellite Encryption System
28. The conveying of official access or legal power to a person or entity.
Real application encompassing Trojan
Authorization
Hacks with permission
Electronic Code Book (ECB)
29. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks
-PT
Dumpster Diving
integrity
routed protocol
30. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.
Exploit
Written Authorization
security incident response team (SIRT)
sheepdip
31. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.
network operations center (NOC)
personal identification number (PIN)
footprinting
-PS
32. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr
gateway
Internal access to the network
inference attack
Wired Equivalent Privacy (WEP)
33. Monitoring of telephone or Internet conversations - typically by covert means.
Wiretapping
Threat
Daisy Chaining
private key
34. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
shoulder surfing
pattern matching
Competitive Intelligence
Exposure Factor
35. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Extensible Authentication Protocol (EAP)
Media Access Control (MAC)
Bit Flipping
Unicode
36. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
Vulnerability
parallel scan & 75 sec timeout & 0.3 sec/probe
segment
TACACS
37. Ping Scan
-sP
Blowfish
quantitative risk assessment
Malware
38. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).
quality of service (QoS)
Information Technology (IT) security architecture and framework
False Acceptance Rate (FAR)
-PM
39. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
A R
Vulnerability Assessment
security kernel
Network Address Translation (NAT)
40. A command used in HTTP and FTP to retrieve a file from a server.
polymorphic virus
phishing
Wiretapping
GET
41. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.
Certificate Authority (CA)
Tiger Team
Simple Object Access Protocol (SOAP)
Videocipher II Satellite Encryption System
42. A free and popular version of the Unix operating system.
Fast Ethernet
FreeBSD
Trusted Computer Base (TCB)
A S
43. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi
port redirection
false negative
Tunnel
Vulnerability Assessment
44. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
footprinting
network operations center (NOC)
Unicode
piggybacking
45. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
Time To Live (TTL)
Banner Grabbing
parallel scan
Vulnerability Assessment
46. TCP Ping
-PT
Virus Hoax
Worm
Videocipher II Satellite Encryption System
47. Sneaky scan timing
serialize scans & 15 sec wait
rootkit
Information Technology (IT) security architecture and framework
Denial of Service (DoS)
48. A protocol used for sending and receiving log information for nodes on a network.
Due Diligence
Syslog
Media Access Control (MAC)
Digital Watermarking
49. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.
Man-in-the-middle attack
iris scanner
public key
node
50. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
Internet Protocol (IP)
Overwhelm CAM table to convert switch to hub mode
scope creep
Black Box Testing