SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ICMP Type/Code 8
-sA
Echo request
Internet Control Message Protocol (ICMP)
Tini
2. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
smart card
Data Encryption Standard (DES)
POP 3
packet
3. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
risk avoidance
U P F
Time exceeded
Access Creep
4. Black hat
router
Daisy Chaining
Wi-Fi Protected Access (WPA)
Hacks without permission
5. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
Computer-Based Attack
Information Technology (IT) security architecture and framework
routed protocol
Information Technology Security Evaluation Criteria (ITSEC)
6. Policy stating what users of a system can and cannot do with the organization's assets.
Detective Controls
-sT
Acceptable Use Policy (AUP)
firewalking
7. Cracking Tools
802.11 i
Community String
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Computer Emergency Response Team (CERT)
8. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
Extensible Authentication Protocol (EAP)
Bluetooth
node
Information Technology (IT) asset criticality
9. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
gray hat
FTP
operating system attack
Denial of Service (DoS)
10. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
Vulnerability
identity theft
segment
Application Layer
11. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t
sheepdip
Master boot record infector
Confidentiality
Brute-Force Password Attack
12. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.
POST
spyware
risk transference
-sS
13. An Application layer protocol for managing devices on an IP network.
Simple Network Management Protocol (SNMP)
Trapdoor Function
Smurf attack
spam
14. Hex 10
Echo request
public key infrastructure (PKI)
Audit Trail
A
15. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
Echo Reply
-b
patch
CAM table
16. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
physical security
Active Attack
-oX
Access Creep
17. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).
single loss expectancy (SLE)
Collision Domain
Fast Ethernet
NOP
18. Port 31337
Google hacking
Finding a directory listing and gaining access to a parent or root file for access to other files
Domain Name
Back orifice
19. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
human-based social engineering
Request for Comments (RFC)
Secure Sockets Layer (SSL)
payload
20. Name given to expert groups that handle computer security incidents.
Computer Emergency Response Team (CERT)
ad hoc mode
LDAP
Telnet
21. An early network application that provides information on users currently logged on to a machine.
Challenge Handshake Authentication Protocol (CHAP)
Finger
-PM
private key
22. A program designed to execute at a specific time to release malicious code onto the computer system or network.
Contingency Plan
Kerberos
risk acceptance
Time Bomb
23. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door
sheepdip
Domain Name System (DNS) lookup
Level II assessment
Mantrap
24. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.
Wrapper
Information Technology (IT) asset valuation
Address Resolution Protocol (ARP)
Trusted Computer Base (TCB)
25. The process of determining if a network entity (user or service) is legitimate
segment
-sU
Authentication
key exchange protocol
26. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a
Back orifice
Wi-Fi Protected Access (WPA)
gray hat
Demilitarized Zone (DMZ)
27. SYN Ping
-PS
firewall
RxBoot
Worm
28. Port 389
404EE
nslookup
heuristic scanning
LDAP
29. ex 02
packet
quantitative risk assessment
Institute of Electrical and Electronics Engineers (IEEE)
S
30. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
sidejacking
Common Internet File System/Server Message Block
Third Party
public key infrastructure (PKI)
31. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.
Sign in Seal
SOA record
Contingency Plan
port scanning
32. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.
Domain Name System (DNS)
Buffer Overflow
remote access
intrusion prevention system (IPS)
33. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
Boot Sector Virus
Certificate Authority (CA)
Acceptable Use Policy (AUP)
pattern matching
34. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
Network Address Translation (NAT)
passive attack
User Datagram Protocol (UDP)
Collision Domain
35. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.
Three-Way (TCP) Handshake
Third Party
-sS
ECHO reply
36. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
Droppers
passive attack
packet
Ethical Hacker
37. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
symmetric encryption
role-based access control
Denial of Service (DoS)
Archive
38. White box test
Internal access to the network
Wide Area Network (WAN)
segment
Post Office Protocol 3 (POP3)
39. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
gateway
hash
Database
ISO 17799
40. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.
Time exceeded
forwarding
parallel scan
Asynchronous
41. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.
Wi-Fi Protected Access (WPA)
Digital Watermarking
network operations center (NOC)
public key infrastructure (PKI)
42. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi
Destination Unreachable
Sign in Seal
CNAME record
gray hat
43. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
Authorization
Boot Sector Virus
Network Basic Input/Output System (NetBIOS)
White Box Testing
44. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
Media Access Control (MAC)
HTTP tunneling
Whois
risk
45. A computer process that requests a service from another computer and accepts the server's responses.
-oA
Internal access to the network
Client
Defense in Depth
46. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
47. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
stream cipher
hot site
Buffer Overflow
Access Point (AP)
48. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
RPC-DCOM
File Allocation Table (FAT)
Internet Assigned Number Authority (IANA)
shoulder surfing
49. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
FTP
Directory Traversal
halo effect
Droppers
50. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
Bluetooth
RID Resource identifier
SOA record
initial sequence number (ISN)