Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






2. Nmap normal output






3. Cracking Tools






4. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






5. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






6. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.






7. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






8. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






9. ACK Scan






10. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






11. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






12. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






13. A documented process for a procedure designed to be consistent - repeatable - and accountable.






14. Controls to detect anomalies or undesirable events occurring on a system.






15. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






16. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






17. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






18. A file system used by the Mac OS.






19. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






20. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






21. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






22. A free and popular version of the Unix operating system.






23. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






24. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






25. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






26. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






27. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






28. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.






29. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






30. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






31. Recording the time - normally in a log file - when an event happens or when information is created or modified.






32. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.






33. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






34. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






35. The process of using easily accessible DNS records to map a target network's internal hosts.






36. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a






37. Hex 29






38. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






39. A tool that helps a company to compare its actual performance with its potential performance.






40. A person or entity indirectly involved in a relationship between two principles.






41. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






42. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






43. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






44. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






45. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






46. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






47. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






48. A social-engineering attack that manipulates the victim into calling the attacker for help.






49. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






50. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.