Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






2. An early network application that provides information on users currently logged on to a machine.






3. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






4. Port 137/138/139






5. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






6. Black hat






7. Idlescan






8. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






9. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






10. Injecting traffic into the network to identify the operating system of a device.






11. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






12. The process of recording activity on a system for monitoring and later review.






13. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).






14. The lack of clocking (imposed time ordering) on a bit stream.






15. Port 88






16. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






17. A group of experts that handles computer security incidents.






18. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






19. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






20. 18 U.S.C. 1029






21. The condition of a resource being ready for use and accessible by authorized users.






22. Port 135






23. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






24. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






25. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






26. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






27. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






28. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






29. A person or entity indirectly involved in a relationship between two principles.






30. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






31. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






32. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere






33. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






34. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t






35. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






36. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks






37. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






38. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






39. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






40. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






41. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






42. Hex 29






43. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






44. The transmission of digital signals without precise clocking or synchronization.






45. Version Detection Scan






46. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






47. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






48. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






49. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






50. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.