SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.
Time exceeded
gray box testing
Level III assessment
Tiger Team
2. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Trusted Computer Base (TCB)
Bug
CNAME record
-sA
3. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.
symmetric algorithm
Transport Layer Security (TLS)
MAC filtering
operating system attack
4. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
Acknowledgment (ACK)
Information Technology (IT) asset valuation
Worm
Bluetooth
5. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
NetBSD
Virus
Assessment
Digital Watermarking
6. Attacks on the actual programming code of an application.
key exchange protocol
enumeration
Application-Level Attacks
Methodology
7. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.
User Datagram Protocol (UDP)
Password Authentication Protocol (PAP)
Interior Gateway Protocol (IGP)
Internet Assigned Number Authority (IANA)
8. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
segment
penetration testing
Blowfish
Vulnerability
9. Port 88
router
Kerberos
Bluetooth
Virus Hoax
10. A free and popular version of the Unix operating system.
forwarding
Corrective Controls
FreeBSD
audit
11. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col
Collision Domain
-sF
route
Backdoor
12. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.
Client
SOA record
Anonymizer
hash
13. The condition of a resource being ready for use and accessible by authorized users.
Availability
proxy server
risk transference
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
14. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.
Internet Protocol Security (IPSec) architecture
ISO 17799
spoofing
polymorphic virus
15. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
16. ICMP Timestamp
segment
risk avoidance
-PP
service level agreements (SLAs)
17. UDP Scan
-sU
impersonation
RxBoot
Discretionary Access Control (DAC)
18. don't ping
-P0
session splicing
-PI
Reconnaissance - Scanning - Gaining Access - Maintaining Access - Covering Tracks
19. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
personal identification number (PIN)
Fiber Distributed Data Interface (FDDI)
War Chalking
inference attack
20. FIN Scan
Internet service provider (ISP)
Third Party
Target Of Engagement (TOE)
-sF
21. Polymorphic Virus
self encrypting
White Box Testing
Detective Controls
risk avoidance
22. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)
Defense in Depth
protocol stack
Tunneling
qualitative analysis
23. The process of embedding information into a digital signal in a way that makes it difficult to remove.
Digital Watermarking
symmetric algorithm
-oN
remote access
24. Injecting traffic into the network to identify the operating system of a device.
Kerberos
Access Control List (ACL)
Active Fingerprinting
SAM
25. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
Mantrap
Electronic Code Book (ECB)
hashing algorithm
null session
26. A section or subset of the network. Often a router or other routing device provides the end point of the segment.
segment
Written Authorization
TACACS
serialize scans & 15 sec wait
27. A computer virus that infects and spreads in multiple ways.
Multipurpose Internet Mail Extensions (MIME)
Adware
Telnet
Multipartite virus
28. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Bluetooth
Internet service provider (ISP)
-sU
Asymmetric
29. The transmission of digital signals without precise clocking or synchronization.
asynchronous transmission
single loss expectancy (SLE)
SNMP
The automated process of proactively identifying vulnerabilities of computing systems present in a network
30. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator
Echo Reply
remote access
802.11
rootkit
31. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.
Multipartite virus
sidejacking
NetBSD
Ciphertext
32. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.
-oG
Videocipher II Satellite Encryption System
Serial Line Internet Protocol (SLIP)
risk acceptance
33. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
security defect
Filter
-PM
Fiber Distributed Data Interface (FDDI)
34. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.
Authentication Header (AH)
Information Technology Security Evaluation Criteria (ITSEC)
session splicing
Daemon
35. Port 137/138/139
SMB
Network Basic Input/Output System (NetBIOS)
gray hat
Bastion host
36. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c
Crossover Error Rate (CER)
Cold Site
Buffer Overflow
CIA triangle
37. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.
Address Resolution Protocol (ARP) table
Multipartite virus
spam
false rejection rate (FRR)
38. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.
Trojan Horse
Virtual Local Area Network (VLAN)
social engineering
quality of service (QoS)
39. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.
RxBoot
self encrypting
White Box Testing
Denial of Service (DoS)
40. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a
Demilitarized Zone (DMZ)
-p <port ranges>
honeypot
site survey
41. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the
Crossover Error Rate (CER)
intrusion prevention system (IPS)
Internet service provider (ISP)
queue
42. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.
Man-in-the-middle attack
Digital Watermarking
Virus Hoax
Institute of Electrical and Electronics Engineers (IEEE)
43. 18 U.S.C. 1030
-P0
Secure Sockets Layer (SSL)
Fraud and related activity in connection with computers
Administratively Prohibited
44. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.
false negative
HIDS
identity theft
Bug
45. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.
gap analysis
Tunneling
Secure Multipurpose Mail Extension (S/MIME)
ping sweep
46. Hex 10
A
Level III assessment
Acknowledgment (ACK)
Auditing
47. Polite scan timing
Domain Name System (DNS) lookup
Archive
serialize scans & 0.4 sec wait
DNS enumeration
48. The act of dialing all numbers within an organization to discover open modems.
Algorithm
Google hacking
War Dialing
segment
49. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur
RxBoot
Authorization
Minimum acceptable level of risk
Tunneling Virus
50. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Internet Assigned Number Authority (IANA)
Threat
quantitative risk assessment
Tini