SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
security kernel
Fraud and related activity in connection with computers
Application Layer
Hypertext Transfer Protocol Secure (HTTPS)
2. Port 53
HTTP tunneling
session splicing
Hypertext Transfer Protocol (HTTP)
DNS
3. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Threat
Console Port
POST
local area network (LAN)
4. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi
-oG
parallel scan
risk assessment
Tunnel
5. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.
Ethical Hacker
Banner Grabbing
Level I assessment
A procedure for identifying active hosts on a network.
6. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.
Vulnerability Management
site survey
Trojan Horse
initial sequence number (ISN)
7. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.
Daemon
Domain Name System (DNS)
Fast Ethernet
encapsulation
8. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.
operating system attack
ECHO reply
Common Internet File System/Server Message Block
port scanning
9. Hex 04
limitation of liability and remedies
serial scan & 300 sec wait
R
intrusion prevention system (IPS)
10. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.
honeynet
Fiber Distributed Data Interface (FDDI)
inference attack
network access server
11. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points
International Organization for Standardization (ISO)
Domain Name System (DNS) cache poisoning
steganography
stateful packet filtering
12. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman
LDAP
Internet Assigned Number Authority (IANA)
Console Port
security controls
13. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP
Block Cipher
ping sweep
packet
Trojan Horse
14. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
rootkit
A procedure for identifying active hosts on a network.
Active Fingerprinting
Due Diligence
15. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.
Time To Live (TTL)
Cloning
open source
physical security
16. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.
Back orifice
Interior Gateway Protocol (IGP)
Lightweight Directory Access Protocol (LDAP)
logic bomb
17. Paranoid scan timing
Fraud and related activity in connection with computers
serial scan & 300 sec wait
Antivirus (AV) software
Digital Certificate
18. don't ping
-P0
End User Licensing Agreement (EULA)
RPC-DCOM
Copyright
19. Port 137/138/139
SMB
replay attack
Post Office Protocol 3 (POP3)
CNAME record
20. A person or entity indirectly involved in a relationship between two principles.
Third Party
Zenmap
Discretionary Access Control (DAC)
Post Office Protocol 3 (POP3)
21. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.
SYN attack
Asymmetric Algorithm
Due Diligence
Vulnerability Scanning
22. LM Hash for short passwords (under 7)
404EE
Tiger Team
parallel scan & 300 sec timeout & 1.25 sec/probe
Packet Internet Groper (ping)
23. Port 389
LDAP
Wrapper
Hypertext Transfer Protocol Secure (HTTPS)
Discretionary Access Control (DAC)
24. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.
Block Cipher
Client
FreeBSD
Unicode
25. White box test
Internal access to the network
NetBus
separation of duties
Eavesdropping
26. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.
spam
Overwhelm CAM table to convert switch to hub mode
risk assessment
Exposure Factor
27. ex 02
logic bomb
Three-Way (TCP) Handshake
infrastructure mode
S
28. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.
hybrid attack
Zero Subnet
Bluetooth
Corrective Controls
29. A document describing information security guidelines - policies - procedures - and standards.
SNMP
Competitive Intelligence
Information Technology (IT) security architecture and framework
Access Control List (ACL)
30. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
DNS
S
parallel scan & 75 sec timeout & 0.3 sec/probe
CIA triangle
31. The process of systematically testing each port on a firewall to map rules and determine accessible ports.
hot site
firewalking
Level II assessment
Asset
32. 18 U.S.C. 1029
Cryptography
Kerberos
Possession of access devices
War Driving
33. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.
Syslog
asynchronous transmission
Countermeasures
audit
34. Access by information systems (or users) communicating from outside the information system security perimeter.
promiscuous mode
remote access
impersonation
Wired Equivalent Privacy (WEP)
35. A device on a network.
Time exceeded
node
-PT
Timestamping
36. A tool that helps a company to compare its actual performance with its potential performance.
Zone transfer
Wide Area Network (WAN)
gap analysis
separation of duties
37. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
Warm Site
Tunnel
Wi-Fi Protected Access (WPA)
Point-to-Point Tunneling Protocol (PPTP)
38. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
Routing Information Protocol (RIP)
SOA record
Anonymizer
User Datagram Protocol (UDP)
39. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
Cryptography
Bluejacking
CAM table
Simple Object Access Protocol (SOAP)
40. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can
-sA
A procedure for identifying active hosts on a network.
Defines legal email marketing
route
41. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.
Archive
Transmission Control Protocol (TCP)
Open System Interconnection (OSI) Reference Model
self encrypting
42. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
social engineering
War Dialing
pattern matching
spam
43. A protocol for exchanging packets over a serial line.
encapsulation
Serial Line Internet Protocol (SLIP)
network access server
reverse social engineering
44. A file system used by the Mac OS.
Defense in Depth
Database
Blowfish
Hierarchical File System (HFS)
45. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
46. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.
firewall
Black Box Testing
Zenmap
SID
47. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.
Web Spider
Active Fingerprinting
private key
TACACS
48. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
Password Authentication Protocol (PAP)
Transmission Control Protocol (TCP)
Domain Name
security controls
49. TCP SYN Scan
-sS
protocol
GET
Access Point (AP)
50. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
Boot Sector Virus
self encrypting
Vulnerability
encryption