SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
payload
Malware
LDAP
out-of-band signaling
2. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
Telnet
-sV
Blowfish
Trusted Computer Base (TCB)
3. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
Exposure Factor
shoulder surfing
intrusion prevention system (IPS)
Domain Name System (DNS) lookup
4. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.
Acknowledgment (ACK)
Active Attack
parallel scan
penetration testing
5. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.
Bug
risk acceptance
Block Cipher
MD5
6. Hex 12
User Datagram Protocol (UDP)
A S
hybrid attack
LDAP
7. A virus that plants itself in a system's boot sector and infects the master boot record.
hot site
port knocking
Transport Layer Security (TLS)
Boot Sector Virus
8. Port 389
802.11 i
public key infrastructure (PKI)
packet filtering
LDAP
9. Any item of value or worth to an organization - whether physical or virtual.
Information Technology (IT) infrastructure
quality of service (QoS)
hardware keystroke logger
Asset
10. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
Eavesdropping
fragmentation
Fraud and related activity in connection with computers
-sV
11. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.
Black Hat
Traceroute
Asynchronous
LDAP
12. Version Detection Scan
-sV
Fraud and related activity in connection with computers
CAM table
spoofing
13. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.
A R
Buffer
Echo Reply
Wireless Local Area Network (WLAN)
14. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).
footprinting
Community String
Black Box Testing
Buffer
15. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
proxy server
Last In First Out (LIFO)
logic bomb
Trapdoor Function
16. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
End User Licensing Agreement (EULA)
802.11 i
node
Worm
17. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Bit Flipping
private network address
network interface card (NIC)
site survey
18. A communications path - such as the Internet - authorized for data transmission within a computer system or network.
-PB
overt channel
asynchronous transmission
human-based social engineering
19. Window Scan
-sW
security by obscurity
gray box testing
Secure Multipurpose Mail Extension (S/MIME)
20. A free and popular version of the Unix operating system.
FreeBSD
Virtual Local Area Network (VLAN)
Anonymizer
National Security Agency
21. NSA
National Security Agency
Anonymizer
Media Access Control (MAC)
Bastion host
22. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
Vulnerability
Web Spider
Routing Protocol
Information Technology (IT) infrastructure
23. A protocol that allows a client computer to request services from a server and the server to return the results.
remote procedure call (RPC)
script kiddie
security controls
LDAP
24. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Threat
Last In First Out (LIFO)
Cookie
Copyright
25. Vulnerability Scanning
The automated process of proactively identifying vulnerabilities of computing systems present in a network
false rejection rate (FRR)
Malware
SYN attack
26. ICMP Netmask
infrastructure mode
audit
-PM
Distributed DoS (DDoS)
27. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).
Domain Name
Finding a directory listing and gaining access to a parent or root file for access to other files
Pretty Good Privacy (PGP)
False Acceptance Rate (FAR)
28. A section or subset of the network. Often a router or other routing device provides the end point of the segment.
segment
Secure Multipurpose Mail Extension (S/MIME)
keylogger
ring topology
29. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.
halo effect
Wi-Fi Protected Access (WPA)
service level agreements (SLAs)
social engineering
30. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.
risk assessment
public key
-sU
Defense in Depth
31. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.
Digital Signature
shrink-wrap code attacks
false rejection rate (FRR)
Archive
32. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.
Event
Last In First Out (LIFO)
fully qualified domain name (FQDN)
sheepdip
33. Port 135
White Box Testing
RPC-DCOM
Back orifice
out-of-band signaling
34. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
35. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
Secure Multipurpose Mail Extension (S/MIME)
-sP
footprinting
Possession of access devices
36. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive
Data Link layer
Replacing numbers in a url to access other files
False Acceptance Rate (FAR)
Master boot record infector
37. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.
Archive
Availability
hardware keystroke logger
Routing Information Protocol (RIP)
38. A host designed to collect data on suspicious activity.
Virus
honeypot
Level III assessment
security by obscurity
39. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO
protocol
overt channel
Extensible Authentication Protocol (EAP)
Annualized Loss Expectancy (ALE)
40. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.
shoulder surfing
Zone transfer
Biometrics
Cryptographic Key
41. A software or hardware defect that often results in system vulnerabilities.
Transmission Control Protocol (TCP)
encapsulation
False Acceptance Rate (FAR)
Bug
42. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.
non-repudiation
identity theft
risk avoidance
port redirection
43. A social-engineering attack that manipulates the victim into calling the attacker for help.
Discretionary Access Control (DAC)
NetBus
reverse social engineering
Level I assessment
44. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
-PM
End User Licensing Agreement (EULA)
iris scanner
protocol stack
45. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
-PS
Active Attack
ping sweep
End User Licensing Agreement (EULA)
46. The steps taken to gather evidence and information on the targets you wish to attack.
POP 3
hash
reconnaissance
Crossover Error Rate (CER)
47. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
Internet Protocol Security (IPSec) architecture
penetration testing
integrity
Active Attack
48. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
symmetric algorithm
Copyright
Information Technology (IT) asset criticality
Internet Protocol (IP)
49. Idlescan
-P0
-sA
Black Hat
-sI
50. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
personal identification number (PIN)
EDGAR database
heuristic scanning
Port Address Translation (PAT)