Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






2. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






3. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






4. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






5. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






6. Attacks on the actual programming code of an application.






7. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






8. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






9. Port 88






10. A free and popular version of the Unix operating system.






11. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col






12. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






13. The condition of a resource being ready for use and accessible by authorized users.






14. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






15. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


16. ICMP Timestamp






17. UDP Scan






18. don't ping






19. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






20. FIN Scan






21. Polymorphic Virus






22. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






23. The process of embedding information into a digital signal in a way that makes it difficult to remove.






24. Injecting traffic into the network to identify the operating system of a device.






25. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






26. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






27. A computer virus that infects and spreads in multiple ways.






28. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






29. The transmission of digital signals without precise clocking or synchronization.






30. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






31. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






32. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






33. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






34. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






35. Port 137/138/139






36. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






37. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






38. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.






39. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






40. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a






41. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






42. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






43. 18 U.S.C. 1030






44. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






45. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






46. Hex 10






47. Polite scan timing






48. The act of dialing all numbers within an organization to discover open modems.






49. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






50. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or