SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
2. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.
Wi-Fi Protected Access (WPA)
Cracker
Kerberos
Password Authentication Protocol (PAP)
3. ACK Scan
fragmentation
replay attack
-sA
Common Internet File System/Server Message Block
4. An organized collection of data.
Presentation layer
Vulnerability
Database
War Dialing
5. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.
session hijacking
signature scanning
iris scanner
human-based social engineering
6. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
Finger
identity theft
Bit Flipping
private network address
7. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.
Exposure Factor
Last In First Out (LIFO)
hacktivism
CAM table
8. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
Biometrics
Bluejacking
rootkit
Macro virus
9. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
initial sequence number (ISN)
Videocipher II Satellite Encryption System
Copyright
RPC-DCOM
10. List Scan
shrink-wrap code attacks
-sL
local area network (LAN)
fully qualified domain name (FQDN)
11. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.
infrastructure mode
overt channel
Tunneling Virus
Exposure Factor
12. The Security Accounts Manager file in Windows stores all the password hashes for the system.
Wireless Local Area Network (WLAN)
Ciphertext
SAM
smart card
13. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
Cracker
Media Access Control (MAC)
Access Control List (ACL)
Challenge Handshake Authentication Protocol (CHAP)
14. A social-engineering attack that manipulates the victim into calling the attacker for help.
Challenge Handshake Authentication Protocol (CHAP)
Vulnerability Scanning
reverse social engineering
Packet Internet Groper (ping)
15. An adapter that provides the physical connection to send and receive data between the computer and the network media.
network interface card (NIC)
source routing
integrity
Three-Way (TCP) Handshake
16. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
Crossover Error Rate (CER)
security kernel
Block Cipher
enumeration
17. Polite scan timing
serialize scans & 0.4 sec wait
802.11
S
port redirection
18. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.
non-repudiation
Kerberos
XOR Operation
File Transfer Protocol (FTP)
19. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
Presentation layer
separation of duties
Collision Domain
File Allocation Table (FAT)
20. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.
quantitative risk assessment
Collision
Database
intrusion detection system (IDS)
21. A type of encryption where the same key is used to encrypt and decrypt the message.
security breach or security incident
symmetric encryption
R
Ethical Hacker
22. Policy stating what users of a system can and cannot do with the organization's assets.
limitation of liability and remedies
Internet Assigned Number Authority (IANA)
Acceptable Use Policy (AUP)
Boot Sector Virus
23. A communications path - such as the Internet - authorized for data transmission within a computer system or network.
Uniform Resource Locator (URL)
Back orifice
Echo request
overt channel
24. Port 110
Bluesnarfing
POP 3
Media Access Control (MAC)
private network address
25. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)
single loss expectancy (SLE)
Cache
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Domain Name System (DNS)
26. The steps taken to gather evidence and information on the targets you wish to attack.
-PM
reconnaissance
Back orifice
Due Care
27. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.
parameter tampering
Daemon
Minimum acceptable level of risk
Virtual Local Area Network (VLAN)
28. A software or hardware application or device that captures user keystrokes.
Copyright
Buffer Overflow
Minimum acceptable level of risk
keylogger
29. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private
No previous knowledge of the network
Internet Protocol Security (IPSec) architecture
Secure Sockets Layer (SSL)
Eavesdropping
30. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
Internet service provider (ISP)
Biometrics
enumeration
Exploit
31. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.
parameter tampering
stateful packet filtering
-sU
Domain Name System (DNS) cache poisoning
32. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
XOR Operation
remote procedure call (RPC)
payload
Directory Traversal
33. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
gray box testing
Target Of Engagement (TOE)
Time exceeded
Secure Multipurpose Mail Extension (S/MIME)
34. Black box test
hot site
Local Administrator
No previous knowledge of the network
Asymmetric Algorithm
35. A list of IP addresses and corresponding MAC addresses stored on a local computer.
Address Resolution Protocol (ARP) table
EDGAR database
Transmission Control Protocol (TCP)
Decryption
36. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Time Bomb
Asymmetric
A
segment
37. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.
patch
Whois
Domain Name System (DNS) cache poisoning
red team
38. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory
RxBoot
Ciphertext
integrity
Decryption
39. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
Database
Black Hat
S
Simple Object Access Protocol (SOAP)
40. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio
security controls
Internet Protocol Security (IPSec) architecture
War Driving
security by obscurity
41. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
-p <port ranges>
reverse lookup; reverse DNS lookup
POP 3
limitation of liability and remedies
42. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.
impersonation
network tap
symmetric algorithm
hardware keystroke logger
43. NSA
National Security Agency
separation of duties
Overwhelm CAM table to convert switch to hub mode
role-based access control
44. ICMP Type/Code 11
Time exceeded
Banner Grabbing
-oA
Internal access to the network
45. Port 31337
Man-in-the-middle attack
Discretionary Access Control (DAC)
Demilitarized Zone (DMZ)
Back orifice
46. A storage buffer that transparently stores data so future requests for the same data can be served faster.
Discretionary Access Control (DAC)
CNAME record
NOP
Cache
47. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
Adware
A procedure for identifying active hosts on a network.
Digital Certificate
false negative
48. Safeguards or countermeasures to avoid - counteract - or minimize security risks.
NOP
Target Of Engagement (TOE)
security controls
International Organization for Standardization (ISO)
49. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
pattern matching
Droppers
Exploit
gray box testing
50. Transmitting one protocol encapsulated inside another protocol.
risk assessment
passive attack
security bulletins
Tunneling