Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.






2. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






3. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






4. A portion of memory used to temporarily store output or input data.






5. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






6. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






7. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.






8. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






9. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






10. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door






11. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






12. Controls to detect anomalies or undesirable events occurring on a system.






13. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






14. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






15. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






16. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






17. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi






18. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






19. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






20. Port 110






21. LM Hash for short passwords (under 7)






22. Port 80/81/8080






23. Idlescan






24. A protocol that allows a client computer to request services from a server and the server to return the results.






25. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






26. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






27. A type of encryption where the same key is used to encrypt and decrypt the message.






28. ICMP Type/Code 8






29. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.






30. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






31. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.






32. ICMP Ping






33. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






34. UDP Scan






35. NSA






36. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






37. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






38. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets






39. The process of embedding information into a digital signal in a way that makes it difficult to remove.






40. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






41. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.






42. A protocol for exchanging packets over a serial line.






43. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






44. 18 U.S.C. 1029






45. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






46. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






47. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






48. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






49. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






50. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.