Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Directory Transversal






2. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t






3. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






4. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






5. Polite scan timing






6. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






7. An adapter that provides the physical connection to send and receive data between the computer and the network media.






8. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






9. The default network authentication suite of protocols for Windows NT 4.0






10. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






11. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






12. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






13. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






14. A list of IP addresses and corresponding MAC addresses stored on a local computer.






15. A record showing which user has accessed a given resource and what operations the user performed during a given period.






16. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






17. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






18. A command used in HTTP and FTP to retrieve a file from a server.






19. PI and PT Ping






20. A type of malware that covertly collects information about a user.






21. Establish Null Session






22. White hat






23. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






24. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






25. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






26. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.






27. UDP Scan






28. The condition of a resource being ready for use and accessible by authorized users.






29. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






30. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






31. The level of importance assigned to an IT asset






32. The process of determining if a network entity (user or service) is legitimate






33. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).






34. A virus written in a macro language and usually embedded in document or spreadsheet files.






35. The software product or system that is the subject of an evaluation.






36. A portion of memory used to temporarily store output or input data.






37. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






38. A documented process for a procedure designed to be consistent - repeatable - and accountable.






39. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.






40. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






41. TCP Ping






42. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






43. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






44. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






45. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






46. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






47. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


48. Policy stating what users of a system can and cannot do with the organization's assets.






49. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






50. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.