Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. MAC Flooding






2. Port 23






3. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






4. Port 110






5. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






6. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


7. A wireless networking mode where all clients connect to the wireless network through a central access point.






8. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.






9. The transmission of digital signals without precise clocking or synchronization.






10. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






11. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






12. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






13. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






14. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






15. A small Trojan program that listens on port 777.






16. A program designed to execute at a specific time to release malicious code onto the computer system or network.






17. An attack that combines a brute-force attack with a dictionary attack.






18. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






19. The process of embedding information into a digital signal in a way that makes it difficult to remove.






20. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.






21. Directing a protocol from one port to another.






22. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






23. Hex 14






24. ACK Scan






25. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






26. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.






27. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






28. Computer software or hardware that can intercept and log traffic passing over a digital network.






29. An attack that exploits the common mistake many people make when installing operating systems






30. Version Detection Scan






31. Window Scan






32. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






33. Hex 04






34. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






35. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.






36. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






37. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






38. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.






39. Name given to expert groups that handle computer security incidents.






40. A protocol that allows a client computer to request services from a server and the server to return the results.






41. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






42. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






43. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






44. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






45. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






46. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.






47. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






48. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






49. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption






50. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.