SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
Filter
role-based access control
Data Link layer
War Dialing
2. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
segment
queue
SYN attack
infrastructure mode
3. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
nslookup
reverse social engineering
Point-to-Point Protocol (PPP)
intranet
4. A Windows-based GUI version of nmap.
War Chalking
Zenmap
Port Address Translation (PAT)
Serial Line Internet Protocol (SLIP)
5. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.
Redundant Array of Independent Disks (RAID)
FreeBSD
Time exceeded
Temporal Key Integrity Protocol (TKIP)
6. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
intranet
Network Basic Input/Output System (NetBIOS)
sidejacking
RxBoot
7. Another term for firewalking
nslookup
Temporal Key Integrity Protocol (TKIP)
Multipartite virus
port knocking
8. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO
qualitative analysis
Decryption
hardware keystroke logger
Annualized Loss Expectancy (ALE)
9. Port 137/138/139
-sW
Echo Reply
Malicious code
SMB
10. A virus written in a macro language and usually embedded in document or spreadsheet files.
Macro virus
Cloning
Timestamping
firewall
11. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).
risk transference
Zone transfer
Baseline
packet filtering
12. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.
integrity
Asynchronous
Zenmap
protocol
13. A protocol defining packets that are able to be routed by a router.
firewall
Hierarchical File System (HFS)
identity theft
routed protocol
14. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
payload
false rejection rate (FRR)
Real application encompassing Trojan
out-of-band signaling
15. Hex 04
impersonation
Unicode
Baseline
R
16. Port 88
Mandatory access control (MAC)
-sR
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
Kerberos
17. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).
source routing
port scanning
Ciphertext
Back orifice
18. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory
404EE
RxBoot
Bluejacking
Domain Name System (DNS)
19. TCP Ping
-PT
Interior Gateway Protocol (IGP)
Multipartite virus
false negative
20. A storage buffer that transparently stores data so future requests for the same data can be served faster.
Active Fingerprinting
Cache
SNMP
private network address
21. A device providing temporary - on-demand - point-to-point network access to users.
Asynchronous
rootkit
Algorithm
network access server
22. Phases of an attack
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
smart card
parallel scan & 75 sec timeout & 0.3 sec/probe
Tini
23. A software or hardware application or device that captures user keystrokes.
signature scanning
Information Technology (IT) security architecture and framework
keylogger
RxBoot
24. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.
iris scanner
Due Diligence
local area network (LAN)
Accountability
25. A point of reference used to mark an initial state in order to manage change.
Domain Name System (DNS) lookup
War Dialing
Bluetooth
Baseline
26. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
Minimum acceptable level of risk
Unicode
Audit Data
Syslog
27. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
Routing Information Protocol (RIP)
HTTP
Worm
SYN flood attack
28. Black hat
Cloning
gray hat
network interface card (NIC)
Hacks without permission
29. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
serialize scans & 15 sec wait
Application Layer
fully qualified domain name (FQDN)
ring topology
30. The ability to trace actions performed on a system to a specific user or system entity.
FreeBSD
Sign in Seal
Accountability
Telnet
31. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi
Mandatory access control (MAC)
Hierarchical File System (HFS)
Authentication
ECHO reply
32. An early network application that provides information on users currently logged on to a machine.
Self Replicating
HIDS
Backdoor
Finger
33. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
Assessment
-sA
Accountability
Secure Multipurpose Mail Extension (S/MIME)
34. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
Authentication - Authorization - and Accounting (AAA)
-sU
Bastion host
Man-in-the-middle attack
35. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.
private network address
Decryption
protocol stack
Google hacking
36. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
security kernel
parallel scan & 300 sec timeout & 1.25 sec/probe
Eavesdropping
private key
37. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
38. A string that represents the location of a web resource
Wide Area Network (WAN)
Uniform Resource Locator (URL)
Internet Protocol (IP)
Destination Unreachable
39. A communications protocol used for browsing the Internet.
Secure Multipurpose Mail Extension (S/MIME)
nslookup
Hypertext Transfer Protocol (HTTP)
Tiger Team
40. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.
risk avoidance
site survey
pattern matching
TACACS
41. The process of determining if a network entity (user or service) is legitimate
Domain Name System (DNS) cache poisoning
POST
A procedure for identifying active hosts on a network.
Authentication
42. Aggressive scan timing
-oA
Time exceeded
Adware
parallel scan & 300 sec timeout & 1.25 sec/probe
43. nmap all output
Warm Site
Information Technology (IT) asset valuation
-oA
risk transference
44. The level of importance assigned to an IT asset
Information Technology (IT) asset criticality
honeypot
Countermeasures
Access Point (AP)
45. A wireless networking mode where all clients connect to the wireless network through a central access point.
Application Layer
flood
Echo request
infrastructure mode
46. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
Computer Emergency Response Team (CERT)
Bit Flipping
security defect
router
47. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
-PT
Daisy Chaining
SOA record
private network address
48. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.
Information Technology Security Evaluation Criteria (ITSEC)
Ethernet
rogue access point
Active Directory (AD)
49. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
Finger
End User Licensing Agreement (EULA)
social engineering
security kernel
50. Polite scan timing
serialize scans & 0.4 sec wait
Digital Watermarking
Detective Controls
limitation of liability and remedies
