SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.
session hijacking
Active Fingerprinting
-sA
Zone transfer
2. ICMP Timestamp
Auditing
port scanning
Antivirus (AV) software
-PP
3. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.
Defense in Depth
reverse lookup; reverse DNS lookup
TACACS
Ethernet
4. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or
Google hacking
Exposure Factor
Threat
impersonation
5. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.
encapsulation
HIDS
queue
Cracker
6. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.
Wi-Fi Protected Access (WPA)
Community String
Level I assessment
Self Replicating
7. A device on a network.
Virtual Private Network (VPN)
node
Digital Watermarking
Application-Level Attacks
8. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.
Directory Traversal
Warm Site
piggybacking
Pretty Good Privacy (PGP)
9. PI and PT Ping
-PB
Man-in-the-middle attack
pattern matching
Time Bomb
10. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.
Demilitarized Zone (DMZ)
Web Spider
Wrapper
Virtual Local Area Network (VLAN)
11. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.
reverse social engineering
Bastion host
rule-based access control
proxy server
12. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.
TACACS
Address Resolution Protocol (ARP) table
White Box Testing
Replacing numbers in a url to access other files
13. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.
Trapdoor Function
nslookup
Malware
Internet Protocol (IP)
14. A record showing which user has accessed a given resource and what operations the user performed during a given period.
Trusted Computer System Evaluation Criteria (TCSEC)
Audit Trail
Distributed DoS (DDoS)
forwarding
15. A denial-of-service technique that uses numerous hosts to perform the attack.
Access Point (AP)
Distributed DoS (DDoS)
proxy server
-PP
16. ICMP Ping
-PM
Access Control List (ACL)
gray hat
-PI
17. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.
Domain Name
security kernel
spam
network operations center (NOC)
18. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.
Client
Virtual Local Area Network (VLAN)
network access server
Asymmetric
19. Hex 04
service level agreements (SLAs)
R
Service Set Identifier (SSID)
Network Address Translation (NAT)
20. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.
payload
Directory Traversal
A procedure for identifying active hosts on a network.
Authentication Header (AH)
21. SYN Ping
Destination Unreachable
-PS
Adware
John the Ripper - LOphtcrack - Ophtcrack - Cain and Abel
22. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.
Request for Comments (RFC)
Secure Sockets Layer (SSL)
net use \[target ip]IPC$ '' /user:''
secure channel
23. nmap
-p <port ranges>
Bastion host
security controls
-sI
24. IP Protocol Scan
Virus
gray hat
-sO
Trusted Computer System Evaluation Criteria (TCSEC)
25. Port 31337
non-repudiation
Back orifice
Cracker
Acknowledgment (ACK)
26. A social-engineering attack using computer resources - such as e-mail or IRC.
serialize scans & 0.4 sec wait
Challenge Handshake Authentication Protocol (CHAP)
Computer-Based Attack
GET
27. Metamorphic Virus
Self Replicating
impersonation
DNS enumeration
flood
28. ex 02
S
Unicode
Wired Equivalent Privacy (WEP)
Echo Reply
29. Used for exchanging structured information - such as XML-based messages - in the implementation of web services
Simple Object Access Protocol (SOAP)
Confidentiality
hash
Droppers
30. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.
Due Diligence
limitation of liability and remedies
-sX
-sT
31. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points
Packet Internet Groper (ping)
Domain Name System (DNS) cache poisoning
SAM
operating system attack
32. TCP Ping
-PT
A series of messages sent by someone attempting to break into a computer to learn about the computer's network services.
-p <port ranges>
Information Technology Security Evaluation Criteria (ITSEC)
33. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
34. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.
patch
Virtual Private Network (VPN)
R
null session
35. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
Malware
personal identification number (PIN)
ISO 17799
R
36. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
-sF
false rejection rate (FRR)
Trusted Computer Base (TCB)
session hijacking
37. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.
CAM table
port redirection
Bluejacking
Sign in Seal
38. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss
remote access
EDGAR database
Contingency Plan
Virus Hoax
39. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
-p <port ranges>
Unicode
Cloning
Droppers
40. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.
Echo request
Wi-Fi
honeynet
Cracker
41. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.
Internet Assigned Number Authority (IANA)
Covert Channel
Interior Gateway Protocol (IGP)
Collision Domain
42. 18 U.S.C. 1030
Fraud and related activity in connection with computers
Buffer Overflow
Wrapper
-PS
43. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.
Biometrics
role-based access control
RxBoot
remote procedure call (RPC)
44. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.
Kerberos
Bluesnarfing
Distributed DoS (DDoS)
Access Creep
45. A defined measure of service within a network system
Man-in-the-middle attack
network operations center (NOC)
quality of service (QoS)
router
46. The concept of having more than one person required to complete a task
Internet Protocol Security (IPSec) architecture
separation of duties
reverse lookup; reverse DNS lookup
Wi-Fi Protected Access (WPA)
47. An early network application that provides information on users currently logged on to a machine.
Finger
-PB
SMB
hot site
48. Sneaky scan timing
serialize scans & 15 sec wait
Active Directory (AD)
Internal access to the network
remote procedure call (RPC)
49. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.
spyware
Interior Gateway Protocol (IGP)
Authorization
Application Layer
50. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.
Smurf attack
-sO
No previous knowledge of the network
hashing algorithm