Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






2. Any item of value or worth to an organization - whether physical or virtual.






3. An early network application that provides information on users currently logged on to a machine.






4. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






5. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






6. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






7. A string that represents the location of a web resource






8. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






9. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






10. Hex 12






11. Metamorphic Virus






12. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






13. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






14. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






15. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






16. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






17. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






18. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






19. PI and PT Ping






20. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






21. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






22. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






23. The process of embedding information into a digital signal in a way that makes it difficult to remove.






24. Policy stating what users of a system can and cannot do with the organization's assets.






25. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.






26. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






27. Ping Scan






28. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






29. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).






30. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.






31. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






32. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






33. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






34. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






35. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all






36. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






37. TCP Ping






38. Directory Transversal






39. The art and science of creating a covert message or image within another message - image - audio - or video file.






40. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






41. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






42. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






43. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






44. Port 135






45. A group of experts that handles computer security incidents.






46. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






47. ex 02






48. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






49. A file system used by the Mac OS.






50. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.