Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A file system used by the Mac OS.






2. Xmas Tree scan






3. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


4. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






5. Microsoft SID 500






6. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






7. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






8. A software or hardware defect that often results in system vulnerabilities.






9. RPC Scan






10. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






11. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






12. A virus written in a macro language and usually embedded in document or spreadsheet files.






13. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






14. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






15. Hex 10






16. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






17. Policy stating what users of a system can and cannot do with the organization's assets.






18. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






19. Nmap normal output






20. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






21. 18 U.S.C. 1029






22. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






23. ICMP Type/Code 11






24. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






25. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






26. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.






27. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






28. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






29. Evaluation in which testers attempt to penetrate the network.






30. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






31. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






32. Aggressive scan timing






33. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






34. The process of determining if a network entity (user or service) is legitimate






35. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






36. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






37. Normal scan timing






38. Polymorphic Virus






39. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.






40. Name given to expert groups that handle computer security incidents.






41. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






42. The art and science of creating a covert message or image within another message - image - audio - or video file.






43. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






44. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






45. Port 80/81/8080






46. A type of malware that covertly collects information about a user.






47. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






48. Version Detection Scan






49. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






50. Insane scan timing