Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






2. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.






3. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






4. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






5. Any network incident that prompts some kind of log entry or other notification.






6. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






7. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.






8. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.






9. Vulnerability Scanning






10. The potential for damage to or loss of an IT asset






11. A person or entity indirectly involved in a relationship between two principles.






12. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






13. ICMP Type/Code 0-0






14. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






15. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






16. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






17. Window Scan






18. An attack that exploits the common mistake many people make when installing operating systems






19. A Canonical Name record within DNS - used to provide an alias for a domain name.






20. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






21. Phases of an attack






22. A documented process for a procedure designed to be consistent - repeatable - and accountable.






23. A host designed to collect data on suspicious activity.






24. A group of people - gathered together by a business entity - working to address a specific problem or goal.






25. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






26. A portion of memory used to temporarily store output or input data.






27. Another term for firewalking






28. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






29. The change or growth of a project's scope






30. An organized collection of data.






31. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






32. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






33. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






34. A small Trojan program that listens on port 777.






35. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






36. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






37. ACK Scan






38. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






39. A social-engineering attack that manipulates the victim into calling the attacker for help.






40. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).






41. An informed decision to accept the potential for damage to or loss of an IT asset.






42. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






43. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






44. A computer virus that infects and spreads in multiple ways.






45. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






46. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






47. A device providing temporary - on-demand - point-to-point network access to users.






48. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






49. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






50. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.