Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






2. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






3. The process of determining if a network entity (user or service) is legitimate






4. Incremental Substitution






5. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


6. Port 161/162






7. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






8. A group of people - gathered together by a business entity - working to address a specific problem or goal.






9. The act of dialing all numbers within an organization to discover open modems.






10. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






11. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






12. A storage buffer that transparently stores data so future requests for the same data can be served faster.






13. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






14. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






15. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






16. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






17. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






18. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






19. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






20. Polymorphic Virus






21. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






22. nmap






23. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






24. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






25. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






26. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






27. An organized collection of data.






28. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






29. A computer network confined to a relatively small area - such as a single building or campus.






30. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






31. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.






32. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






33. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






34. Directory Transversal






35. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






36. Microsoft SID 500






37. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






38. ACK Scan






39. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.






40. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






41. A wireless networking mode where all clients connect to the wireless network through a central access point.






42. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






43. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).






44. Port 110






45. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






46. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






47. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






48. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






49. Port 31337






50. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.