SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Directory Transversal
Point-to-Point Tunneling Protocol (PPTP)
National Security Agency
public key infrastructure (PKI)
Finding a directory listing and gaining access to a parent or root file for access to other files
2. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t
Brute-Force Password Attack
Written Authorization
Virtual Private Network (VPN)
symmetric algorithm
3. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
SMB
Asset
Point-to-Point Protocol (PPP)
POST
4. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.
Cloning
Authentication - Authorization - and Accounting (AAA)
gateway
Database
5. Polite scan timing
Zone transfer
security breach or security incident
Kerberos
serialize scans & 0.4 sec wait
6. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.
local area network (LAN)
Vulnerability Assessment
Transmission Control Protocol (TCP)
enumeration
7. An adapter that provides the physical connection to send and receive data between the computer and the network media.
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Authentication
network interface card (NIC)
-sF
8. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.
symmetric encryption
-PP
identity theft
Telnet
9. The default network authentication suite of protocols for Windows NT 4.0
NT LAN Manager (NTLM)
Trapdoor Function
Post Office Protocol 3 (POP3)
remote procedure call (RPC)
10. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.
Client
HIDS
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
Fast Ethernet
11. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
Accountability
secure channel
Digital Signature
limitation of liability and remedies
12. A section or subset of the network. Often a router or other routing device provides the end point of the segment.
payload
Post Office Protocol 3 (POP3)
-sA
segment
13. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.
Archive
-sO
limitation of liability and remedies
ping sweep
14. A list of IP addresses and corresponding MAC addresses stored on a local computer.
Address Resolution Protocol (ARP) table
End User Licensing Agreement (EULA)
intrusion detection system (IDS)
Information Technology (IT) asset criticality
15. A record showing which user has accessed a given resource and what operations the user performed during a given period.
Audit Trail
Interior Gateway Protocol (IGP)
NetBSD
Finding a directory listing and gaining access to a parent or root file for access to other files
16. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.
Brute-Force Password Attack
Cryptography
social engineering
Password Authentication Protocol (PAP)
17. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.
Transport Layer Security (TLS)
File Allocation Table (FAT)
security kernel
Extensible Authentication Protocol (EAP)
18. A command used in HTTP and FTP to retrieve a file from a server.
GET
War Dialing
false negative
Rijndael
19. PI and PT Ping
Corrective Controls
-PB
Threat
Mantrap
20. A type of malware that covertly collects information about a user.
Ethernet
spyware
halo effect
Port Address Translation (PAT)
21. Establish Null Session
net use \[target ip]IPC$ '' /user:''
Audit Data
-sI
Ethical Hacker
22. White hat
Brute-Force Password Attack
Asynchronous
Bastion host
Hacks with permission
23. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
Tunnel
-sF
EDGAR database
Level II assessment
24. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
War Driving
Vulnerability Assessment
-sV
Last In First Out (LIFO)
25. A communications path - such as the Internet - authorized for data transmission within a computer system or network.
ring topology
overt channel
hacktivism
-sO
26. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.
A R
Bastion host
No previous knowledge of the network
802.11
27. UDP Scan
remote access
-sU
A procedure for identifying active hosts on a network.
Collision Domain
28. The condition of a resource being ready for use and accessible by authorized users.
Availability
Packet Internet Groper (ping)
rogue access point
keylogger
29. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.
CAM table
Client
Block Cipher
Domain Name
30. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.
Time To Live (TTL)
Transport Layer Security (TLS)
promiscuous mode
CIA triangle
31. The level of importance assigned to an IT asset
Electronic Code Book (ECB)
single loss expectancy (SLE)
Information Technology (IT) asset criticality
Asymmetric Algorithm
32. The process of determining if a network entity (user or service) is legitimate
overt channel
Authentication
Crossover Error Rate (CER)
Multipurpose Internet Mail Extensions (MIME)
33. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).
Tini
reverse lookup; reverse DNS lookup
Access Control List (ACL)
key exchange protocol
34. A virus written in a macro language and usually embedded in document or spreadsheet files.
Confidentiality
Macro virus
Electronic Code Book (ECB)
Fraud and related activity in connection with computers
35. The software product or system that is the subject of an evaluation.
Internet Protocol (IP)
physical security
Target Of Engagement (TOE)
End User Licensing Agreement (EULA)
36. A portion of memory used to temporarily store output or input data.
Warm Site
-oX
Buffer
Third Party
37. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.
security breach or security incident
Wireless Local Area Network (WLAN)
SYN attack
Tumbling
38. A documented process for a procedure designed to be consistent - repeatable - and accountable.
Methodology
GET
risk assessment
heuristic scanning
39. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.
Antivirus (AV) software
Cryptographic Key
port redirection
Access Point (AP)
40. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.
Black Hat
inference attack
-PB
Daemon
41. TCP Ping
Trusted Computer Base (TCB)
Antivirus (AV) software
-PT
Timestamping
42. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
Bit Flipping
Asymmetric
rootkit
Information Technology Security Evaluation Criteria (ITSEC)
43. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.
spam
fully qualified domain name (FQDN)
Due Diligence
logic bomb
44. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
encryption
Network Basic Input/Output System (NetBIOS)
session hijacking
hacktivism
45. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
RID Resource identifier
intranet
Application Layer
Tunnel
46. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
out-of-band signaling
Internet Protocol (IP)
shoulder surfing
Directory Traversal
47. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. Policy stating what users of a system can and cannot do with the organization's assets.
MAC filtering
Acceptable Use Policy (AUP)
802.11 i
ECHO reply
49. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.
Access Point (AP)
replay attack
-sR
Defense in Depth
50. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.
open source
Bastion host
Community String
Time To Live (TTL)