Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






2. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






3. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






4. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.






5. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






6. Hex 12






7. A virus that plants itself in a system's boot sector and infects the master boot record.






8. Port 389






9. Any item of value or worth to an organization - whether physical or virtual.






10. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






11. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






12. Version Detection Scan






13. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






14. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






15. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






16. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






17. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






18. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






19. Window Scan






20. A free and popular version of the Unix operating system.






21. NSA






22. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






23. A protocol that allows a client computer to request services from a server and the server to return the results.






24. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






25. Vulnerability Scanning






26. ICMP Netmask






27. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).






28. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






29. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






30. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






31. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






32. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.






33. Port 135






34. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


35. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






36. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






37. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.






38. A host designed to collect data on suspicious activity.






39. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






40. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






41. A software or hardware defect that often results in system vulnerabilities.






42. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






43. A social-engineering attack that manipulates the victim into calling the attacker for help.






44. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






45. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






46. The steps taken to gather evidence and information on the targets you wish to attack.






47. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






48. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






49. Idlescan






50. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U