Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.






2. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






3. Computer software or hardware that can intercept and log traffic passing over a digital network.






4. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






5. The process of recording activity on a system for monitoring and later review.






6. Sneaky scan timing






7. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






8. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






9. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






10. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






11. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






12. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






13. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






14. Attacks on the actual programming code of an application.






15. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






16. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






17. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






18. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






19. A software or hardware defect that often results in system vulnerabilities.






20. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






21. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






22. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






23. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






24. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






25. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






26. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






27. Port 389






28. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






29. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






30. Hex 12






31. A virus written in a macro language and usually embedded in document or spreadsheet files.






32. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






33. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






34. The transmission of digital signals without precise clocking or synchronization.






35. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






36. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.






37. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






38. A computer process that requests a service from another computer and accepts the server's responses.






39. ICMP Type/Code 11






40. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






41. The exploitation of a security vulnerability






42. SYN Ping






43. A protocol used to pass control and error messages between nodes on the Internet.






44. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






45. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






46. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






47. A type of malware that covertly collects information about a user.






48. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






49. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






50. A type of encryption where the same key is used to encrypt and decrypt the message.