SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A protocol defining packets that are able to be routed by a router.
Whois
Copyright
routed protocol
Cold Site
2. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.
Telnet
Active Directory (AD)
Trusted Computer System Evaluation Criteria (TCSEC)
Console Port
3. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive
Data Link layer
GET
Wrapper
Internal access to the network
4. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
-sO
Crossover Error Rate (CER)
Daisy Chaining
Written Authorization
5. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory
RxBoot
logic bomb
Bug
Bluetooth
6. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
Cloning
Daisy Chaining
role-based access control
Internet Protocol (IP)
7. Insane scan timing
parallel scan & 75 sec timeout & 0.3 sec/probe
Due Care
limitation of liability and remedies
segment
8. A virus designed to infect the master boot record.
Port Address Translation (PAT)
Cache
Master boot record infector
risk
9. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
ISO 17799
phishing
nslookup
EDGAR database
10. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi
gray hat
Institute of Electrical and Electronics Engineers (IEEE)
OpenBSD
Covert Channel
11. A software or hardware application or device that captures user keystrokes.
keylogger
replay attack
Application Layer
Algorithm
12. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
-PS
Vulnerability
secure channel
Banner Grabbing
13. A string that represents the location of a web resource
Traceroute
-PB
personal identification number (PIN)
Uniform Resource Locator (URL)
14. Vulnerability Scanning
The automated process of proactively identifying vulnerabilities of computing systems present in a network
-sU
social engineering
intranet
15. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
Asynchronous
session hijacking
Competitive Intelligence
signature scanning
16. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
halo effect
SID
Fast Ethernet
patch
17. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
limitation of liability and remedies
Traceroute
gateway
session hijacking
18. An early network application that provides information on users currently logged on to a machine.
patch
Finger
Third Party
Audit Data
19. Port 389
Zenmap
FTP
LDAP
NOP
20. A communications path - such as the Internet - authorized for data transmission within a computer system or network.
piggybacking
overt channel
Kerberos
parallel scan & 75 sec timeout & 0.3 sec/probe
21. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.
signature scanning
No previous knowledge of the network
site survey
Covert Channel
22. The process of using easily accessible DNS records to map a target network's internal hosts.
A
risk avoidance
firewalking
DNS enumeration
23. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
24. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
Possession of access devices
Access Creep
Backdoor
ECHO reply
25. Phases of an attack
parallel scan & 300 sec timeout & 1.25 sec/probe
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
integrity
TACACS
26. UDP Scan
inference attack
Methodology
-sU
reverse social engineering
27. ICMP Netmask
serial scan & 300 sec wait
-PM
Echo Reply
Wrapper
28. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
Wi-Fi Protected Access (WPA)
A R
packet filtering
quality of service (QoS)
29. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
parameter tampering
hash
Level I assessment
Directory Traversal
30. A communications protocol used for browsing the Internet.
INFOSEC Assessment Methodology (IAM)
forwarding
packet filtering
Hypertext Transfer Protocol (HTTP)
31. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
router
sheepdip
ring topology
out-of-band signaling
32. Computer software or hardware that can intercept and log traffic passing over a digital network.
Three-Way (TCP) Handshake
sniffer
Network Address Translation (NAT)
Secure Multipurpose Mail Extension (S/MIME)
33. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
EDGAR database
Wired Equivalent Privacy (WEP)
parallel scan & 75 sec timeout & 0.3 sec/probe
National Security Agency
34. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Malware
Replacing numbers in a url to access other files
firewalking
Detective Controls
35. An adapter that provides the physical connection to send and receive data between the computer and the network media.
Tunnel
network interface card (NIC)
Smurf attack
steganography
36. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.
risk transference
Asynchronous
Administratively Prohibited
Ciphertext
37. Looking over an authorized user's shoulder in order to steal information (such as authentication information).
Port Address Translation (PAT)
Contingency Plan
packet filtering
shoulder surfing
38. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
Vulnerability Assessment
fully qualified domain name (FQDN)
risk avoidance
human-based social engineering
39. A list of IP addresses and corresponding MAC addresses stored on a local computer.
net use \[target ip]IPC$ '' /user:''
Ciphertext
router
Address Resolution Protocol (ARP) table
40. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.
Blowfish
security incident response team (SIRT)
Telnet
Asset
41. A routing protocol developed to be used within a single organization.
Directory Traversal
Cracker
Data Link layer
Interior Gateway Protocol (IGP)
42. List Scan
session splicing
-PM
-oG
-sL
43. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
reverse lookup; reverse DNS lookup
Computer-Based Attack
key exchange protocol
Authorization
44. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
Time To Live (TTL)
Audit Data
gray box testing
No previous knowledge of the network
45. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
penetration testing
Uniform Resource Locator (URL)
Block Cipher
-P0
46. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
spam
smart card
Simple Network Management Protocol (SNMP)
Covert Channel
47. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
Copyright
ad hoc mode
Wrapper
honeypot
48. ICMP Type/Code 8
International Organization for Standardization (ISO)
Overwhelm CAM table to convert switch to hub mode
Application Layer
Echo request
49. A software or hardware defect that often results in system vulnerabilities.
identity theft
protocol stack
Fast Ethernet
Bug
50. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.
ad hoc mode
symmetric algorithm
operating system attack
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks