Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An Internet routing protocol used to exchange routing information within an autonomous system.






2. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






3. The process of using easily accessible DNS records to map a target network's internal hosts.






4. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






5. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






6. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






7. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






8. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






9. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






10. A device providing temporary - on-demand - point-to-point network access to users.






11. The exploitation of a security vulnerability






12. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






13. A program designed to execute at a specific time to release malicious code onto the computer system or network.






14. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






15. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






16. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






17. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






18. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






19. Port 22






20. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






21. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






22. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






23. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






24. Nmap grepable output






25. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






26. CAN-SPAM






27. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






28. Idlescan






29. UDP Scan






30. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






31. The transmission of digital signals without precise clocking or synchronization.






32. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






33. The steps taken to gather evidence and information on the targets you wish to attack.






34. Computer software or hardware that can intercept and log traffic passing over a digital network.






35. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






36. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






37. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






38. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






39. An attack that combines a brute-force attack with a dictionary attack.






40. A computer file system architecture used in Windows - OS/2 - and most memory cards.






41. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






42. A software or hardware defect that often results in system vulnerabilities.






43. Monitoring of telephone or Internet conversations - typically by covert means.






44. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






45. A small Trojan program that listens on port 777.






46. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.






47. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






48. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






49. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.






50. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr