SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CEH: Certified Ethical Hacker
Start Test
Study First
Subjects
:
certifications
,
ceh
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)
Adware
hash
ECHO reply
NT LAN Manager (NTLM)
2. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.
Smurf attack
Information Technology Security Evaluation Criteria (ITSEC)
Corrective Controls
Transmission Control Protocol (TCP)
3. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.
gray box testing
Warm Site
footprinting
script kiddie
4. Port 110
POP 3
NOP
White Box Testing
keylogger
5. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.
ring topology
Boot Sector Virus
qualitative analysis
War Driving
6. TCP connect() scan
Kerberos
private key
open source
-sT
7. Port 23
Wireless Local Area Network (WLAN)
Brute-Force Password Attack
Denial of Service (DoS)
Telnet
8. The condition of a resource being ready for use and accessible by authorized users.
Console Port
Availability
Transport Layer Security (TLS)
Digital Certificate
9. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are
Network Address Translation (NAT)
Three-Way (TCP) Handshake
-sV
Request for Comments (RFC)
10. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
Trusted Computer Base (TCB)
Trusted Computer System Evaluation Criteria (TCSEC)
single loss expectancy (SLE)
Rijndael
11. The change or growth of a project's scope
security kernel
scope creep
Macro virus
parameter tampering
12. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely
pattern matching
Virtual Private Network (VPN)
footprinting
Serial Line Internet Protocol (SLIP)
13. Normal scan timing
pattern matching
XOR Operation
parallel scan
signature scanning
14. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is
Annualized Loss Expectancy (ALE)
flood
Pretty Good Privacy (PGP)
Level II assessment
15. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.
Wiretapping
non-repudiation
Unicode
Banner Grabbing
16. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.
National Security Agency
qualitative analysis
Self Replicating
rogue access point
17. A protocol used to pass control and error messages between nodes on the Internet.
sheepdip
Internet Control Message Protocol (ICMP)
intranet
MAC filtering
18. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.
Methodology
-sS
penetration testing
non-repudiation
19. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.
Zone transfer
Traceroute
remote access
patch
20. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.
Computer-Based Attack
Point-to-Point Protocol (PPP)
Packet Internet Groper (ping)
-PM
21. A virus designed to infect the master boot record.
spoofing
Timestamping
Master boot record infector
Port Address Translation (PAT)
22. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.
Warm Site
net use \[target ip]IPC$ '' /user:''
Wiretapping
stateful packet filtering
23. Another term for firewalking
security kernel
port knocking
SOA record
Secure Multipurpose Mail Extension (S/MIME)
24. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.
protocol stack
Kerberos
physical security
Tunneling
25. The process of recording activity on a system for monitoring and later review.
Auditing
gray box testing
Last In First Out (LIFO)
Computer-Based Attack
26. Port Scanning
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
27. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t
-sI
Brute-Force Password Attack
promiscuous mode
File Transfer Protocol (FTP)
28. A group of people - gathered together by a business entity - working to address a specific problem or goal.
penetration testing
Transmission Control Protocol (TCP)
Tiger Team
Antivirus (AV) software
29. Describes practices in production and development that promote access to the end product's source materials.
File Transfer Protocol (FTP)
open source
public key infrastructure (PKI)
Transmission Control Protocol (TCP)
30. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere
Computer-Based Attack
security by obscurity
Network Basic Input/Output System (NetBIOS)
scope creep
31. ICMP Netmask
Denial of Service (DoS)
risk transference
-PM
802.11
32. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.
Serial Line Internet Protocol (SLIP)
A S
End User Licensing Agreement (EULA)
packet filtering
33. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.
Acceptable Use Policy (AUP)
SOA record
TACACS
Packet Internet Groper (ping)
34. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.
Address Resolution Protocol (ARP)
Virus Hoax
Due Care
-oG
35. A social-engineering attack using computer resources - such as e-mail or IRC.
Vulnerability Assessment
Computer-Based Attack
proxy server
port knocking
36. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.
Address Resolution Protocol (ARP) table
Trojan Horse
asynchronous transmission
Last In First Out (LIFO)
37. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -
MAC filtering
Minimum acceptable level of risk
Event
Malware
38. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.
RPC-DCOM
Cloning
-oX
Back orifice
39. An unknown deficiency in software or some other product that results in a security vulnerability being identified.
security defect
Defense in Depth
-oG
A S
40. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.
HIDS
steganography
Vulnerability Assessment
Post Office Protocol 3 (POP3)
41. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.
Assessment
risk assessment
Access Creep
Sign in Seal
42. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.
social engineering
HTTP
Due Care
Electronic serial number
43. FTP Bounce Attack
Defense in Depth
shrink-wrap code attacks
The automated process of proactively identifying vulnerabilities of computing systems present in a network
-b
44. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.
serial scan & 300 sec wait
hot site
Client
Videocipher II Satellite Encryption System
45. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.
Internet Assigned Number Authority (IANA)
null session
red team
Bug
46. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.
Network Basic Input/Output System (NetBIOS)
Level II assessment
Community String
SYN attack
47. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.
Tumbling
A
Cloning
Corrective Controls
48. ICMP Type/Code 0-0
-sF
replay attack
Authentication
Echo Reply
49. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.
audit
Client
firewalking
Distributed DoS (DDoS)
50. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi
Tunnel
Accountability
parallel scan
Cryptography