Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






2. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






3. A software or hardware defect that often results in system vulnerabilities.






4. Using conversation or some other interaction between people to gather useful information.






5. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






6. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






7. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






8. Port 161/162






9. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


10. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






11. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






12. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






13. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.






14. An adapter that provides the physical connection to send and receive data between the computer and the network media.






15. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






16. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






17. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






18. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






19. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






20. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






21. The change or growth of a project's scope






22. White box test






23. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






24. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






25. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






26. Port 80/81/8080






27. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






28. Ping Scan






29. 18 U.S.C. 1029






30. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






31. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






32. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






33. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption






34. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






35. Attacks on the actual programming code of an application.






36. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






37. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






38. TCP connect() scan






39. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






40. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






41. The software product or system that is the subject of an evaluation.






42. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






43. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






44. Name given to expert groups that handle computer security incidents.






45. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.






46. The ability to trace actions performed on a system to a specific user or system entity.






47. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






48. TCP Ping






49. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






50. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.