SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A file system used by the Mac OS.
Covert Channel
Vulnerability
Hierarchical File System (HFS)
Black Hat
2. Xmas Tree scan
Authorization
-sX
End User Licensing Agreement (EULA)
symmetric algorithm
3. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
4. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action
nslookup
Timestamping
-sU
risk avoidance
5. Microsoft SID 500
spoofing
Local Administrator
Malware
Packet Internet Groper (ping)
6. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main
security defect
A
Cold Site
polymorphic virus
7. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
CNAME record
Anonymizer
Audit Data
Authentication
8. A software or hardware defect that often results in system vulnerabilities.
audit
Bug
Self Replicating
ECHO reply
9. RPC Scan
segment
Directory Traversal
-sR
Computer-Based Attack
10. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
hashing algorithm
Internet service provider (ISP)
session hijacking
End User Licensing Agreement (EULA)
11. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.
stateful packet filtering
initial sequence number (ISN)
CAM table
-sL
12. A virus written in a macro language and usually embedded in document or spreadsheet files.
network operations center (NOC)
FTP
Sign in Seal
Macro virus
13. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.
Point-to-Point Tunneling Protocol (PPTP)
hash
parallel scan & 300 sec timeout & 1.25 sec/probe
Wide Area Network (WAN)
14. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory
RxBoot
Multipartite virus
LDAP
CNAME record
15. Hex 10
Computer-Based Attack
Local Administrator
A
fragmentation
16. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.
TACACS
802.11
GET
Institute of Electrical and Electronics Engineers (IEEE)
17. Policy stating what users of a system can and cannot do with the organization's assets.
Multipartite virus
shrink-wrap code attacks
Acceptable Use Policy (AUP)
Syslog
18. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.
piggybacking
node
Hypertext Transfer Protocol Secure (HTTPS)
packet
19. Nmap normal output
honeynet
-oN
Due Care
spam
20. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
Crossover Error Rate (CER)
script kiddie
SMB
Written Authorization
21. 18 U.S.C. 1029
Possession of access devices
A S
reverse social engineering
OpenBSD
22. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Trusted Computer Base (TCB)
Collision Domain
Event
gray box testing
23. ICMP Type/Code 11
-PB
integrity
Time exceeded
Threat
24. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.
Lightweight Directory Access Protocol (LDAP)
End User Licensing Agreement (EULA)
null session
Point-to-Point Tunneling Protocol (PPTP)
25. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
qualitative analysis
Real application encompassing Trojan
File Allocation Table (FAT)
queue
26. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.
Trusted Computer Base (TCB)
Active Attack
War Driving
-sR
27. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
ISO 17799
CAM table
public key infrastructure (PKI)
White Box Testing
28. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).
802.11
session splicing
Community String
NOP
29. Evaluation in which testers attempt to penetrate the network.
security defect
null session
Level III assessment
piggybacking
30. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.
Hypertext Transfer Protocol (HTTP)
Bit Flipping
Internet Protocol Security (IPSec) architecture
Authentication
31. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Internet Protocol Security (IPSec) architecture
Ethernet
SYN flood attack
router
32. Aggressive scan timing
parallel scan & 300 sec timeout & 1.25 sec/probe
User Datagram Protocol (UDP)
parallel scan & 75 sec timeout & 0.3 sec/probe
Filter
33. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.
session splicing
Possession of access devices
Copyright
Password Authentication Protocol (PAP)
34. The process of determining if a network entity (user or service) is legitimate
public key
Ciphertext
Authentication
Fiber Distributed Data Interface (FDDI)
35. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.
Level II assessment
Audit Trail
War Chalking
Packet Internet Groper (ping)
36. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.
Timestamping
enumeration
Confidentiality
Vulnerability
37. Normal scan timing
Routing Information Protocol (RIP)
Timestamping
parallel scan
Request for Comments (RFC)
38. Polymorphic Virus
segment
-sP
self encrypting
File Transfer Protocol (FTP)
39. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
Macro virus
social engineering
Ethical Hacker
Trojan Horse
40. Name given to expert groups that handle computer security incidents.
Computer Emergency Response Team (CERT)
Countermeasures
Block Cipher
-sU
41. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
NetBSD
private network address
gap analysis
limitation of liability and remedies
42. The art and science of creating a covert message or image within another message - image - audio - or video file.
stateful packet filtering
Wireless Local Area Network (WLAN)
steganography
R
43. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
Computer-Based Attack
Network Basic Input/Output System (NetBIOS)
initial sequence number (ISN)
overt channel
44. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.
security incident response team (SIRT)
Collision
Sign in Seal
Cracker
45. Port 80/81/8080
self encrypting
Network Address Translation (NAT)
-sO
HTTP
46. A type of malware that covertly collects information about a user.
quality of service (QoS)
spyware
Common Internet File System/Server Message Block
-PT
47. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.
Directory Traversal
private network address
Domain Name System (DNS)
spam
48. Version Detection Scan
Domain Name
Secure Multipurpose Mail Extension (S/MIME)
Adware
-sV
49. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
shrink-wrap code attacks
sidejacking
serialize scans & 0.4 sec wait
802.11 i
50. Insane scan timing
Tumbling
non-repudiation
parallel scan & 75 sec timeout & 0.3 sec/probe
null session
