Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






2. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






3. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






4. List Scan






5. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






6. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






7. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






8. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






9. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






10. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






11. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






12. A virus designed to infect the master boot record.






13. Attacks on the actual programming code of an application.






14. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






15. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.






16. A portion of memory used to temporarily store output or input data.






17. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman






18. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






19. Metamorphic Virus






20. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






21. Paranoid scan timing






22. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






23. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






24. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






25. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






26. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.






27. Port 53






28. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






29. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






30. The process of embedding information into a digital signal in a way that makes it difficult to remove.






31. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






32. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






33. An attack that exploits the common mistake many people make when installing operating systems






34. The combination of all IT assets - resources - components - and systems.






35. Polymorphic Virus






36. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






37. The concept of having more than one person required to complete a task






38. An organized collection of data.






39. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






40. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






41. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






42. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






43. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






44. ICMP Type/Code 3-13






45. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.






46. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






47. Xmas Tree scan






48. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






49. ICMP Type/Code 3






50. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.