Test your basic knowledge |

CEH: Certified Ethical Hacker

Subjects : certifications, ceh, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. IP Protocol Scan
-sO
SYN flood attack
Administratively Prohibited
gray hat

2. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
personal identification number (PIN)
Accountability
open source
Copyright

3. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
Pretty Good Privacy (PGP)
intrusion detection system (IDS)
asynchronous transmission
NetBus

4. A point of reference used to mark an initial state in order to manage change.
Real application encompassing Trojan
Exposure Factor
Baseline
FreeBSD

5. CAN-SPAM
EDGAR database
Accountability
parameter tampering
Defines legal email marketing

6. The concept of having more than one person required to complete a task
separation of duties
Virtual Private Network (VPN)
honeypot
Macro virus

7. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
Audit Data
Detective Controls
sheepdip
Digital Signature

8. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.
fully qualified domain name (FQDN)
segment
Secure Sockets Layer (SSL)
Detective Controls

9. TCP Ping
Auditing
NT LAN Manager (NTLM)
-PT
pattern matching

10. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
Redundant Array of Independent Disks (RAID)
suicide hacker
Unicode
network operations center (NOC)

11. A defined measure of service within a network system
Master boot record infector
Domain Name
public key infrastructure (PKI)
quality of service (QoS)

12. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
queue
A R
Domain Name System (DNS) lookup
Zero Subnet

13. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
Asymmetric Algorithm
inference attack
rule-based access control
-oA

14. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.
Request for Comments (RFC)
Active Directory (AD)
Directory Traversal
Telnet

15. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.
Zero Subnet
overt channel
security controls
-sP

16. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman
A
packet filtering
Console Port
Presentation layer

17. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.
encapsulation
encryption
Web Spider
Time To Live (TTL)

18. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
risk assessment
Target Of Engagement (TOE)
intrusion prevention system (IPS)
rootkit

19. ICMP Netmask
-PM
Simple Network Management Protocol (SNMP)
-p <port ranges>
impersonation

20. Wrapper or Binder
Real application encompassing Trojan
-sA
Level I assessment
Domain Name System (DNS) lookup

21. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.
sniffer
Traceroute
Secure Sockets Layer (SSL)
-sV

22. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g
Digital Signature
session hijacking
Destination Unreachable
rogue access point

23. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
Exploit
audit
Asymmetric Algorithm
intrusion prevention system (IPS)

24. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
NetBSD
Access Creep
Minimum acceptable level of risk
risk acceptance

25. Polymorphic Virus
halo effect
Exploit
self encrypting
Pretty Good Privacy (PGP)

26. Nmap normal output
-PB
human-based social engineering
-oN
enumeration

27. List Scan
-oN
-oA
-sL
script kiddie

28. ICMP Timestamp
-PP
Level III assessment
Vulnerability Assessment
Client

29. Computer software or hardware that can intercept and log traffic passing over a digital network.
Videocipher II Satellite Encryption System
Sign in Seal
-PB
sniffer

30. The process of using easily accessible DNS records to map a target network's internal hosts.
Possession of access devices
Bluesnarfing
DNS enumeration
null session

31. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc
Lightweight Directory Access Protocol (LDAP)
Active Directory (AD)
Trusted Computer Base (TCB)
-oA

32. Cracking Tools
port scanning
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
integrity
Cold Site

33. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

34. A computer process that requests a service from another computer and accepts the server's responses.
suicide hacker
hot site
Redundant Array of Independent Disks (RAID)
Client

35. An early network application that provides information on users currently logged on to a machine.
parameter tampering
steganography
integrity
Finger

36. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.
false rejection rate (FRR)
Common Internet File System/Server Message Block
-oA
Active Fingerprinting

37. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
R
SAM
false negative
Threat

38. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
Wiretapping
-sP
Point-to-Point Tunneling Protocol (PPTP)
script kiddie

39. PI and PT Ping
intranet
-PB
Computer-Based Attack
-sA

40. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.
Third Party
-sF
fragmentation
No previous knowledge of the network

41. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o
Domain Name
Auditing
stream cipher
piggybacking

42. Malware designed to install some sort of virus - backdoor - and so on - on a target system.
Digital Signature
Simple Object Access Protocol (SOAP)
Droppers
network interface card (NIC)

43. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
S
intrusion detection system (IDS)
Wi-Fi Protected Access (WPA)
RPC-DCOM

44. A type of malware that covertly collects information about a user.
honeypot
Finding a directory listing and gaining access to a parent or root file for access to other files
spyware
Simple Mail Transfer Protocol (SMTP)

45. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.
Syslog
DNS enumeration
Antivirus (AV) software
Media Access Control (MAC)

46. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.
shrink-wrap code attacks
Access Point (AP)
firewall
Auditing

47. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).
False Acceptance Rate (FAR)
Rijndael
identity theft
Zombie

48. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.
Anonymizer
R
Bug
false rejection rate (FRR)

49. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.
Institute of Electrical and Electronics Engineers (IEEE)
piggybacking
personal identification number (PIN)
reverse social engineering

50. Hex 10
NOP
A
Open System Interconnection (OSI) Reference Model
Cracker