SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. MAC Flooding
Secure Multipurpose Mail Extension (S/MIME)
Simple Network Management Protocol (SNMP)
Overwhelm CAM table to convert switch to hub mode
Daisy Chaining
2. Port 23
Telnet
Three-Way (TCP) Handshake
Access Control List (ACL)
replay attack
3. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response
SYN flood attack
private network address
Bluejacking
Trusted Computer Base (TCB)
4. Port 110
Extensible Authentication Protocol (EAP)
Block Cipher
POP 3
Telnet
5. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
DNS
HTTP tunneling
security incident response team (SIRT)
Whois
6. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
7. A wireless networking mode where all clients connect to the wireless network through a central access point.
GET
infrastructure mode
Whois
Discretionary Access Control (DAC)
8. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
Access Point (AP)
Unicode
Information Technology (IT) asset criticality
risk avoidance
9. The transmission of digital signals without precise clocking or synchronization.
role-based access control
asynchronous transmission
Multipartite virus
Annualized Loss Expectancy (ALE)
10. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.
Annualized Loss Expectancy (ALE)
impersonation
Threat
User Datagram Protocol (UDP)
11. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
A S
Corrective Controls
Vulnerability Assessment
National Security Agency
12. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu
risk transference
private network address
reverse social engineering
intrusion prevention system (IPS)
13. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.
Tunneling
Availability
reverse lookup; reverse DNS lookup
Common Internet File System/Server Message Block
14. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.
Level I assessment
Master boot record infector
Media Access Control (MAC)
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
15. A small Trojan program that listens on port 777.
gray box testing
Tini
Syslog
Baseline
16. A program designed to execute at a specific time to release malicious code onto the computer system or network.
Time Bomb
Network Basic Input/Output System (NetBIOS)
ring topology
Cache
17. An attack that combines a brute-force attack with a dictionary attack.
Bug
Challenge Handshake Authentication Protocol (CHAP)
-sI
hybrid attack
18. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
EDGAR database
spyware
Virus Hoax
Cryptography
19. The process of embedding information into a digital signal in a way that makes it difficult to remove.
Digital Watermarking
node
Defines legal email marketing
Authentication Header (AH)
20. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.
Domain Name System (DNS)
red team
encapsulation
fragmentation
21. Directing a protocol from one port to another.
port redirection
XOR Operation
Wireless Local Area Network (WLAN)
CIA triangle
22. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.
shoulder surfing
Trojan Horse
halo effect
Lightweight Directory Access Protocol (LDAP)
23. Hex 14
Competitive Intelligence
iris scanner
A R
rogue access point
24. ACK Scan
GET
-PS
Cookie
-sA
25. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
Crossover Error Rate (CER)
reverse lookup; reverse DNS lookup
Assessment
Droppers
26. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.
Annualized Loss Expectancy (ALE)
Open System Interconnection (OSI) Reference Model
Level II assessment
802.11
27. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.
suicide hacker
Due Diligence
Authentication - Authorization - and Accounting (AAA)
Active Fingerprinting
28. Computer software or hardware that can intercept and log traffic passing over a digital network.
Request for Comments (RFC)
sniffer
phishing
Data Link layer
29. An attack that exploits the common mistake many people make when installing operating systems
infrastructure mode
remote access
operating system attack
parallel scan
30. Version Detection Scan
network tap
Port Address Translation (PAT)
-sV
Media Access Control (MAC)
31. Window Scan
-sW
Wrapper
Ethernet
Simple Network Management Protocol (SNMP)
32. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
Overwhelm CAM table to convert switch to hub mode
ring topology
Replacing numbers in a url to access other files
Console Port
33. Hex 04
Target Of Engagement (TOE)
R
Trusted Computer System Evaluation Criteria (TCSEC)
ping sweep
34. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
spoofing
A R
ping sweep
Virtual Private Network (VPN)
35. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.
Virtual Local Area Network (VLAN)
remote access
Zero Subnet
null session
36. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
session hijacking
Written Authorization
sheepdip
identity theft
37. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.
Bit Flipping
Copyright
Worm
Serial Line Internet Protocol (SLIP)
38. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.
Access Point (AP)
NetBus
Community String
Ethical Hacker
39. Name given to expert groups that handle computer security incidents.
reverse lookup; reverse DNS lookup
Computer Emergency Response Team (CERT)
port knocking
Authentication - Authorization - and Accounting (AAA)
40. A protocol that allows a client computer to request services from a server and the server to return the results.
remote procedure call (RPC)
heuristic scanning
Bluejacking
Virus Hoax
41. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
Filter
Confidentiality
Media Access Control (MAC)
proxy server
42. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.
Denial of Service (DoS)
Common Internet File System/Server Message Block
out-of-band signaling
shoulder surfing
43. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.
RID Resource identifier
quantitative risk assessment
proxy server
-sI
44. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points
heuristic scanning
Domain Name System (DNS) cache poisoning
Network Address Translation (NAT)
secure channel
45. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
integrity
Last In First Out (LIFO)
stateful packet filtering
SYN flood attack
46. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.
-sS
SID
Covert Channel
DNS
47. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.
nslookup
Service Set Identifier (SSID)
INFOSEC Assessment Methodology (IAM)
Internet Protocol (IP)
48. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
security defect
Buffer
Simple Mail Transfer Protocol (SMTP)
Authentication Header (AH)
49. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption
forwarding
footprinting
intrusion prevention system (IPS)
Community String
50. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.
Post Office Protocol 3 (POP3)
User Datagram Protocol (UDP)
key exchange protocol
security bulletins