Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






2. The lack of clocking (imposed time ordering) on a bit stream.






3. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.






4. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






5. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






6. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






7. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






8. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






9. A communications protocol used for browsing the Internet.






10. A list of IP addresses and corresponding MAC addresses stored on a local computer.






11. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






12. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






13. Recording the time - normally in a log file - when an event happens or when information is created or modified.






14. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






15. A data encryption/decryption program often used for e-mail and file storage.






16. Sneaky scan timing






17. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






18. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.






19. Port 53






20. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






21. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






22. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






23. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.






24. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






25. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






26. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






27. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






28. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






29. TCP SYN Scan






30. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.






31. An attack that combines a brute-force attack with a dictionary attack.






32. PI and PT Ping






33. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






34. Normal scan timing






35. Injecting traffic into the network to identify the operating system of a device.






36. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






37. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






38. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






39. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






40. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






41. Window Scan






42. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






43. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






44. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






45. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






46. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






47. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.






48. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






49. A computer file system architecture used in Windows - OS/2 - and most memory cards.






50. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.