Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






2. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






3. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






4. Port 110






5. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






6. TCP connect() scan






7. Port 23






8. The condition of a resource being ready for use and accessible by authorized users.






9. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






10. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






11. The change or growth of a project's scope






12. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






13. Normal scan timing






14. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






15. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.






16. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






17. A protocol used to pass control and error messages between nodes on the Internet.






18. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






19. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






20. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






21. A virus designed to infect the master boot record.






22. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.






23. Another term for firewalking






24. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






25. The process of recording activity on a system for monitoring and later review.






26. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


27. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t






28. A group of people - gathered together by a business entity - working to address a specific problem or goal.






29. Describes practices in production and development that promote access to the end product's source materials.






30. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere






31. ICMP Netmask






32. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






33. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






34. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.






35. A social-engineering attack using computer resources - such as e-mail or IRC.






36. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






37. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






38. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






39. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






40. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






41. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






42. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






43. FTP Bounce Attack






44. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






45. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






46. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






47. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






48. ICMP Type/Code 0-0






49. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.






50. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi