SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
FTP
Access Creep
Tiger Team
route
2. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
port scanning
-PB
audit
security breach or security incident
3. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere
-sF
gray box testing
ISO 17799
security by obscurity
4. A computer virus that infects and spreads in multiple ways.
Level III assessment
Collision Domain
intranet
Multipartite virus
5. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.
Master boot record infector
Directory Traversal
CNAME record
Routing Protocol
6. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.
Decryption
security kernel
Service Set Identifier (SSID)
Wiretapping
7. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.
spoofing
MAC filtering
gray box testing
Crossover Error Rate (CER)
8. Computer software or hardware that can intercept and log traffic passing over a digital network.
sniffer
Copyright
Trojan Horse
rootkit
9. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.
Syslog
hardware keystroke logger
CIA triangle
MAC filtering
10. ICMP Type/Code 3-13
ISO 17799
Droppers
Serial Line Internet Protocol (SLIP)
Administratively Prohibited
11. Port 22
802.11
secure channel
Target Of Engagement (TOE)
SSH
12. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.
Level III assessment
Exploit
Macro virus
Hacks with permission
13. The combination of all IT assets - resources - components - and systems.
Information Technology (IT) infrastructure
serial scan & 300 sec wait
War Chalking
White Box Testing
14. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.
DNS
payload
Internet service provider (ISP)
Possession of access devices
15. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).
Rijndael
Telnet
sniffer
remote procedure call (RPC)
16. TCP SYN Scan
Point-to-Point Protocol (PPP)
serial scan & 300 sec wait
Vulnerability Assessment
-sS
17. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.
Competitive Intelligence
Cloning
Algorithm
Cache
18. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
-oG
ECHO reply
ring topology
firewall
19. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Destination Unreachable
Last In First Out (LIFO)
shoulder surfing
network operations center (NOC)
20. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
Transport Layer Security (TLS)
Whois
risk acceptance
ISO 17799
21. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
reconnaissance
Trusted Computer Base (TCB)
gateway
Trusted Computer System Evaluation Criteria (TCSEC)
22. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
23. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.
script kiddie
-sO
Uniform Resource Locator (URL)
HTTP
24. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.
Internet Control Message Protocol (ICMP)
queue
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
Vulnerability Scanning
25. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Covert Channel
Third Party
Zone transfer
Malware
26. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.
No previous knowledge of the network
sidejacking
Fiber Distributed Data Interface (FDDI)
promiscuous mode
27. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.
intranet
Time exceeded
smart card
network tap
28. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.
Filter
NetBus
Multipartite virus
SAM
29. The software product or system that is the subject of an evaluation.
Target Of Engagement (TOE)
phishing
Authentication - Authorization - and Accounting (AAA)
Time Bomb
30. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)
Malware
forwarding
personal identification number (PIN)
single loss expectancy (SLE)
31. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
Certificate
Backdoor
routed protocol
Simple Mail Transfer Protocol (SMTP)
32. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.
File Allocation Table (FAT)
Unicode
Tiger Team
SYN attack
33. The condition of a resource being ready for use and accessible by authorized users.
-PM
Availability
Data Link layer
A procedure for identifying active hosts on a network.
34. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with
SYN attack
rogue access point
ISO 17799
Domain Name System (DNS) lookup
35. Aggressive scan timing
Eavesdropping
Access Control List (ACL)
parallel scan & 300 sec timeout & 1.25 sec/probe
Corrective Controls
36. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
risk avoidance
-sX
nslookup
gray box testing
37. Cracking Tools
Secure Multipurpose Mail Extension (S/MIME)
NetBus
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Target Of Engagement (TOE)
38. The potential for damage to or loss of an IT asset
-sF
risk
Multipurpose Internet Mail Extensions (MIME)
ISO 17799
39. Phases of an attack
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
R
Password Authentication Protocol (PAP)
Wide Area Network (WAN)
40. A protocol used for sending and receiving log information for nodes on a network.
Syslog
National Security Agency
port scanning
Digital Certificate
41. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.
CAM table
MAC filtering
ad hoc mode
Copyright
42. A data encryption/decryption program often used for e-mail and file storage.
-oN
Cryptography
Pretty Good Privacy (PGP)
Service Set Identifier (SSID)
43. ACK Scan
-sA
gray hat
SNMP
serialize scans & 15 sec wait
44. The conveying of official access or legal power to a person or entity.
Audit Data
Malicious code
Authorization
Annualized Loss Expectancy (ALE)
45. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).
Virus
-P0
The automated process of proactively identifying vulnerabilities of computing systems present in a network
port scanning
46. TCP Ping
port redirection
-sX
-PT
infrastructure mode
47. The process of determining if a network entity (user or service) is legitimate
Cache
User Datagram Protocol (UDP)
Cookie
Authentication
48. Polymorphic Virus
Active Fingerprinting
Echo request
footprinting
self encrypting
49. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.
intrusion detection system (IDS)
replay attack
heuristic scanning
Droppers
50. A software or hardware application or device that captures user keystrokes.
Asynchronous
keylogger
Address Resolution Protocol (ARP)
A S
