Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A computer network confined to a relatively small area - such as a single building or campus.






2. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






3. Version Detection Scan






4. don't ping






5. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






6. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






7. ICMP Timestamp






8. Access by information systems (or users) communicating from outside the information system security perimeter.






9. ICMP Type/Code 0-0






10. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






11. A virus that plants itself in a system's boot sector and infects the master boot record.






12. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.






13. Cracking Tools






14. Aggressive scan timing






15. Hex 04






16. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






17. White box test






18. nmap all output






19. A tool that helps a company to compare its actual performance with its potential performance.






20. Incremental Substitution






21. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






22. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






23. A protocol for exchanging packets over a serial line.






24. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






25. A defined measure of service within a network system






26. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






27. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






28. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






29. Wrapper or Binder






30. Port 161/162






31. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






32. Nmap normal output






33. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






34. Using conversation or some other interaction between people to gather useful information.






35. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.






36. The condition of a resource being ready for use and accessible by authorized users.






37. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






38. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






39. Nmap grepable output






40. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






41. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






42. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






43. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






44. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






45. An attack that exploits the common mistake many people make when installing operating systems






46. Evaluation in which testers attempt to penetrate the network.






47. A communications protocol used for browsing the Internet.






48. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






49. The Security Accounts Manager file in Windows stores all the password hashes for the system.






50. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.