Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.






2. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






3. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






4. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






5. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






6. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






7. A social-engineering attack that manipulates the victim into calling the attacker for help.






8. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






9. A computer network confined to a relatively small area - such as a single building or campus.






10. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






11. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col






12. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






13. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






14. The monetary value assigned to an IT asset.






15. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






16. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






17. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






18. 18 U.S.C. 1030






19. Establish Null Session






20. The process of using easily accessible DNS records to map a target network's internal hosts.






21. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






22. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






23. A protocol used for sending and receiving log information for nodes on a network.






24. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






25. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






26. ICMP Ping






27. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






28. A list of IP addresses and corresponding MAC addresses stored on a local computer.






29. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.






30. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).






31. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it






32. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






33. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






34. A person or entity indirectly involved in a relationship between two principles.






35. Hex 10






36. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






37. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






38. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






39. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






40. A document describing information security guidelines - policies - procedures - and standards.






41. ACK Scan






42. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






43. IP Protocol Scan






44. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






45. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






46. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






47. The potential for damage to or loss of an IT asset






48. Another term for firewalking






49. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






50. An Internet routing protocol used to exchange routing information within an autonomous system.