Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Hex 14






2. A point of reference used to mark an initial state in order to manage change.






3. Establish Null Session






4. CAN-SPAM






5. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






6. A virus designed to infect the master boot record.






7. An adapter that provides the physical connection to send and receive data between the computer and the network media.






8. Policy stating what users of a system can and cannot do with the organization's assets.






9. don't ping






10. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






11. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






12. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






13. Controls to detect anomalies or undesirable events occurring on a system.






14. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






15. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






16. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






17. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






18. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






19. A protocol that allows a client computer to request services from a server and the server to return the results.






20. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






21. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.






22. Formal description and evaluation of the vulnerabilities in an information system






23. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.






24. An evaluation conducted to determine the potential for damage to or loss of an IT asset.






25. A defined measure of service within a network system






26. ICMP Type/Code 3






27. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






28. A social-engineering attack that manipulates the victim into calling the attacker for help.






29. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






30. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






31. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.






32. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






33. A device providing temporary - on-demand - point-to-point network access to users.






34. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






35. The process of determining if a network entity (user or service) is legitimate






36. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






37. A program designed to execute at a specific time to release malicious code onto the computer system or network.






38. An early network application that provides information on users currently logged on to a machine.






39. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere






40. A software or hardware application or device that captures user keystrokes.






41. Black box test






42. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






43. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.






44. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






45. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).






46. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






47. Port 31337






48. The combination of all IT assets - resources - components - and systems.






49. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






50. The default network authentication suite of protocols for Windows NT 4.0