Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






2. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






3. Port 80/81/8080






4. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






5. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






6. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


7. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.






8. A list of IP addresses and corresponding MAC addresses stored on a local computer.






9. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks






10. A protocol that allows a client computer to request services from a server and the server to return the results.






11. The process of embedding information into a digital signal in a way that makes it difficult to remove.






12. RPC Scan






13. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






14. A string that represents the location of a web resource






15. The steps taken to gather evidence and information on the targets you wish to attack.






16. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






17. Nmap grepable output






18. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.






19. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






20. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






21. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






22. Formal description and evaluation of the vulnerabilities in an information system






23. The condition of a resource being ready for use and accessible by authorized users.






24. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






25. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






26. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






27. Any network incident that prompts some kind of log entry or other notification.






28. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






29. PI and PT Ping






30. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.






31. ex 02






32. A document describing information security guidelines - policies - procedures - and standards.






33. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






34. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






35. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






36. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






37. Sneaky scan timing






38. Port 135






39. Cracking Tools






40. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.






41. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere






42. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






43. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






44. Aggressive scan timing






45. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






46. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






47. Evaluation in which testers attempt to penetrate the network.






48. A protocol used for sending and receiving log information for nodes on a network.






49. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






50. A virus designed to infect the master boot record.