SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A portion of memory used to temporarily store output or input data.
security controls
Authentication
A procedure for identifying active hosts on a network.
Buffer
2. The level of importance assigned to an IT asset
Service Set Identifier (SSID)
Packet Internet Groper (ping)
Information Technology (IT) asset criticality
gray hat
3. A virus designed to infect the master boot record.
Master boot record infector
Antivirus (AV) software
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Vulnerability
4. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
Tunneling Virus
Cold Site
remote procedure call (RPC)
Routing Information Protocol (RIP)
5. An attack that exploits the common mistake many people make when installing operating systems
firewall
Macro virus
Pretty Good Privacy (PGP)
operating system attack
6. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.
initial sequence number (ISN)
Information Technology (IT) asset valuation
Challenge Handshake Authentication Protocol (CHAP)
logic bomb
7. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
risk acceptance
public key infrastructure (PKI)
penetration testing
Virtual Private Network (VPN)
8. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.
operating system attack
Backdoor
Countermeasures
Auditing
9. The monetary value assigned to an IT asset.
SYN flood attack
Audit Trail
Information Technology (IT) asset valuation
SID
10. An early network application that provides information on users currently logged on to a machine.
Finger
stream cipher
Filter
HIDS
11. A method of external testing whereby several systems or resources are used together to effect an attack.
Internet service provider (ISP)
intrusion detection system (IDS)
security controls
Daisy Chaining
12. Ping Scan
Trusted Computer Base (TCB)
-sP
Bluetooth
Network Basic Input/Output System (NetBIOS)
13. The process of determining if a network entity (user or service) is legitimate
Finding a directory listing and gaining access to a parent or root file for access to other files
ad hoc mode
Authentication
Trojan Horse
14. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.
stateful packet filtering
Tunneling Virus
Virtual Local Area Network (VLAN)
smart card
15. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.
White Box Testing
parallel scan
MAC filtering
Simple Mail Transfer Protocol (SMTP)
16. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.
Bluesnarfing
risk transference
-P0
Internet Control Message Protocol (ICMP)
17. A type of encryption where the same key is used to encrypt and decrypt the message.
Assessment
Level III assessment
private key
symmetric encryption
18. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
-sX
Trusted Computer Base (TCB)
Demilitarized Zone (DMZ)
parallel scan
19. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
Macro virus
-oG
intrusion prevention system (IPS)
RID Resource identifier
20. Window Scan
-sW
risk acceptance
Interior Gateway Protocol (IGP)
Common Internet File System/Server Message Block
21. Using conversation or some other interaction between people to gather useful information.
Dumpster Diving
Internet service provider (ISP)
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
human-based social engineering
22. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo
secure channel
Data Encryption Standard (DES)
Digital Signature
-P0
23. PI and PT Ping
-PB
Level I assessment
phishing
Brute-Force Password Attack
24. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use
enumeration
Discretionary Access Control (DAC)
-PP
-sI
25. A group of experts that handles computer security incidents.
security incident response team (SIRT)
rule-based access control
Fiber Distributed Data Interface (FDDI)
802.11
26. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.
Zero Subnet
Daisy Chaining
ad hoc mode
Hypertext Transfer Protocol Secure (HTTPS)
27. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
scope creep
sniffer
Asset
Asymmetric
28. A wireless networking mode where all clients connect to the wireless network through a central access point.
infrastructure mode
Interior Gateway Protocol (IGP)
R
Electronic Code Book (ECB)
29. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
A R
-sP
Level II assessment
fully qualified domain name (FQDN)
30. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
Cryptographic Key
Warm Site
Serial Line Internet Protocol (SLIP)
stream cipher
31. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
forwarding
Computer-Based Attack
NetBSD
Trojan Horse
32. Xmas Tree scan
A S
Filter
false negative
-sX
33. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
Open System Interconnection (OSI) Reference Model
Unicode
audit
port redirection
34. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.
HIDS
audit
Confidentiality
risk acceptance
35. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.
sniffer
Authentication
-sT
CIA triangle
36. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.
Common Internet File System/Server Message Block
service level agreements (SLAs)
Authentication - Authorization - and Accounting (AAA)
SOA record
37. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr
Password Authentication Protocol (PAP)
Client
site survey
Redundant Array of Independent Disks (RAID)
38. An Application layer protocol for managing devices on an IP network.
Digital Certificate
Simple Network Management Protocol (SNMP)
Demilitarized Zone (DMZ)
R
39. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.
Cryptographic Key
End User Licensing Agreement (EULA)
Vulnerability
public key
40. Directing a protocol from one port to another.
port redirection
Hacks with permission
segment
Assessment
41. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
42. The combination of all IT assets - resources - components - and systems.
polymorphic virus
Wi-Fi Protected Access (WPA)
Information Technology (IT) infrastructure
Telnet
43. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.
A
penetration testing
iris scanner
Fast Ethernet
44. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman
FTP
public key
Console Port
Internet Protocol (IP)
45. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.
Bastion host
Trapdoor Function
Computer Emergency Response Team (CERT)
session splicing
46. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.
iris scanner
human-based social engineering
Simple Mail Transfer Protocol (SMTP)
null session
47. A routing protocol developed to be used within a single organization.
Electronic Code Book (ECB)
Digital Watermarking
Droppers
Interior Gateway Protocol (IGP)
48. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
-sF
security by obscurity
Banner Grabbing
A R
49. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.
router
Buffer
Accountability
steganography
50. A program designed to execute at a specific time to release malicious code onto the computer system or network.
A S
infrastructure mode
Time Bomb
Defines legal email marketing