Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






2. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






3. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






4. The art and science of creating a covert message or image within another message - image - audio - or video file.






5. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.






6. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






7. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






8. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






9. A storage buffer that transparently stores data so future requests for the same data can be served faster.






10. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


11. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






12. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






13. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






14. Establish Null Session






15. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






16. Injecting traffic into the network to identify the operating system of a device.






17. Normal scan timing






18. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






19. CAN-SPAM






20. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






21. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






22. A group of experts that handles computer security incidents.






23. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






24. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






25. An informed decision to accept the potential for damage to or loss of an IT asset.






26. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






27. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






28. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






29. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






30. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






31. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






32. MAC Flooding






33. A denial-of-service technique that uses numerous hosts to perform the attack.






34. Policy stating what users of a system can and cannot do with the organization's assets.






35. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






36. Any item of value or worth to an organization - whether physical or virtual.






37. Hex 29






38. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






39. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






40. A protocol for exchanging packets over a serial line.






41. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






42. A string that represents the location of a web resource






43. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






44. A wireless networking mode where all clients connect to the wireless network through a central access point.






45. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






46. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






47. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.






48. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






49. A list of IP addresses and corresponding MAC addresses stored on a local computer.






50. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.