SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Directory Transversal
The automated process of proactively identifying vulnerabilities of computing systems present in a network
Acknowledgment (ACK)
-oA
Finding a directory listing and gaining access to a parent or root file for access to other files
2. A computer virus that infects and spreads in multiple ways.
Cold Site
-sU
Multipartite virus
Access Point (AP)
3. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.
Videocipher II Satellite Encryption System
smart card
-oX
proxy server
4. A denial-of-service technique that uses numerous hosts to perform the attack.
inference attack
Timestamping
Distributed DoS (DDoS)
POP 3
5. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
Assessment
Finding a directory listing and gaining access to a parent or root file for access to other files
Level III assessment
Authentication Header (AH)
6. A protocol for exchanging packets over a serial line.
LDAP
Serial Line Internet Protocol (SLIP)
port knocking
Client
7. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.
Competitive Intelligence
Annualized Loss Expectancy (ALE)
stateful packet filtering
Defense in Depth
8. Directing a protocol from one port to another.
Internet Assigned Number Authority (IANA)
packet filtering
port redirection
A
9. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
Overwhelm CAM table to convert switch to hub mode
Pretty Good Privacy (PGP)
Bluejacking
SMB
10. Idlescan
risk avoidance
SOA record
Authentication - Authorization - and Accounting (AAA)
-sI
11. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
Bluejacking
hot site
false rejection rate (FRR)
Bit Flipping
12. A host designed to collect data on suspicious activity.
-PP
honeypot
Exploit
Community String
13. The exploitation of a security vulnerability
Anonymizer
risk avoidance
Echo request
security breach or security incident
14. A record showing which user has accessed a given resource and what operations the user performed during a given period.
Wi-Fi Protected Access (WPA)
Virus Hoax
Audit Trail
shoulder surfing
15. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.
piggybacking
Daisy Chaining
Certificate Authority (CA)
rogue access point
16. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U
DNS
User Datagram Protocol (UDP)
RID Resource identifier
Port Address Translation (PAT)
17. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa
Bug
Worm
Electronic Code Book (ECB)
Asymmetric Algorithm
18. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
Corrective Controls
Algorithm
stream cipher
inference attack
19. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
20. Computer software or hardware that can intercept and log traffic passing over a digital network.
RID Resource identifier
router
Post Office Protocol 3 (POP3)
sniffer
21. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.
HTTP tunneling
Audit Data
Multipartite virus
-sW
22. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).
segment
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
network tap
Multipurpose Internet Mail Extensions (MIME)
23. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
Traceroute
Wi-Fi Protected Access (WPA)
802.11 i
Media Access Control (MAC)
24. nmap
XOR Operation
-oX
Domain Name
--randomize_hosts -O OS fingerprinting
25. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
protocol stack
security defect
802.11
security breach or security incident
26. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra
Certificate Authority (CA)
port scanning
Domain Name System (DNS) lookup
Due Diligence
27. Port 389
secure channel
404EE
Bastion host
LDAP
28. Paranoid scan timing
security kernel
Secure Sockets Layer (SSL)
script kiddie
serial scan & 300 sec wait
29. A software or hardware application or device that captures user keystrokes.
Archive
Internet Protocol Security (IPSec) architecture
keylogger
-oG
30. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
Echo Reply
Confidentiality
Directory Traversal
Warm Site
31. The ability to trace actions performed on a system to a specific user or system entity.
Domain Name System (DNS)
Rijndael
packet
Accountability
32. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.
ISO 17799
Decryption
-sL
NetBus
33. Polymorphic Virus
self encrypting
passive attack
Application Layer
null session
34. The art and science of creating a covert message or image within another message - image - audio - or video file.
steganography
SID
hash
SNMP
35. Port 135
RPC-DCOM
HIDS
Digital Certificate
Packet Internet Groper (ping)
36. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere
source routing
Packet Internet Groper (ping)
security by obscurity
parallel scan
37. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par
role-based access control
Demilitarized Zone (DMZ)
reconnaissance
Extensible Authentication Protocol (EAP)
38. don't ping
firewalking
-P0
Simple Network Management Protocol (SNMP)
network interface card (NIC)
39. A virus written in a macro language and usually embedded in document or spreadsheet files.
False Acceptance Rate (FAR)
stream cipher
404EE
Macro virus
40. Hex 14
-oA
Malware
public key infrastructure (PKI)
A R
41. Incremental Substitution
Replacing numbers in a url to access other files
firewall
S
limitation of liability and remedies
42. List Scan
NetBus
DNS enumeration
-sL
gray box testing
43. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).
pattern matching
Banner Grabbing
MAC filtering
Virus Hoax
44. Formal description and evaluation of the vulnerabilities in an information system
Destination Unreachable
security by obscurity
A S
Vulnerability Assessment
45. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.
inference attack
NOP
-oG
steganography
46. Nmap ml output
Multipartite virus
-oX
Asymmetric Algorithm
Crossover Error Rate (CER)
47. A backlog of packets stored in buffers and waiting to be forwarded over an interface.
R
Finger
Written Authorization
queue
48. The software product or system that is the subject of an evaluation.
Crossover Error Rate (CER)
Target Of Engagement (TOE)
route
out-of-band signaling
49. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information
Cold Site
phishing
Last In First Out (LIFO)
Wide Area Network (WAN)
50. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.
rule-based access control
CNAME record
War Chalking
Domain Name