Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Nmap normal output






2. Cracking Tools






3. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


4. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can






5. A device on a network.






6. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






7. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






8. 18 U.S.C. 1030






9. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






10. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.






11. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).






12. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






13. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






14. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






15. ICMP Timestamp






16. nmap all output






17. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






18. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






19. A wireless networking mode where all clients connect to the wireless network through a central access point.






20. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






21. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






22. Port 23






23. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






24. A virus written in a macro language and usually embedded in document or spreadsheet files.






25. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






26. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






27. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






28. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






29. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






30. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.






31. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.






32. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






33. The transmission of digital signals without precise clocking or synchronization.






34. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






35. nmap






36. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






37. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






38. A virus designed to infect the master boot record.






39. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






40. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption






41. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






42. Hex 14






43. A protocol used to pass control and error messages between nodes on the Internet.






44. ICMP Type/Code 3-13






45. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






46. The monetary value assigned to an IT asset.






47. The lack of clocking (imposed time ordering) on a bit stream.






48. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






49. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






50. Network Scanning