Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






2. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






3. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






4. 18 U.S.C. 1029






5. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






6. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






7. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






8. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






9. A routing protocol developed to be used within a single organization.






10. Port 23






11. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.






12. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






13. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






14. FIN Scan






15. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






16. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






17. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






18. A string that represents the location of a web resource






19. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






20. A computer process that requests a service from another computer and accepts the server's responses.






21. A Canonical Name record within DNS - used to provide an alias for a domain name.






22. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






23. A list of IP addresses and corresponding MAC addresses stored on a local computer.






24. Paranoid scan timing






25. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






26. Transmitting one protocol encapsulated inside another protocol.






27. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






28. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.






29. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






30. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






31. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






32. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






33. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






34. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


35. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






36. Port 22






37. Monitoring of telephone or Internet conversations - typically by covert means.






38. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






39. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






40. The transmission of digital signals without precise clocking or synchronization.






41. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.






42. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






43. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






44. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






45. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






46. Aggressive scan timing






47. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






48. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






49. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






50. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.