Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Port 23






2. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets






3. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






4. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






5. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






6. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






7. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






8. A virus designed to infect the master boot record.






9. Shifting responsibility from one party to another






10. 18 U.S.C. 1030






11. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






12. ICMP Type/Code 0-0






13. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman






14. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






15. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






16. The process of embedding information into a digital signal in a way that makes it difficult to remove.






17. Black hat






18. Access by information systems (or users) communicating from outside the information system security perimeter.






19. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






20. An Application layer protocol for managing devices on an IP network.






21. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






22. Using conversation or some other interaction between people to gather useful information.






23. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






24. Incremental Substitution






25. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






26. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






27. A person or entity indirectly involved in a relationship between two principles.






28. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






29. Port 88






30. nmap all output






31. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






32. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






33. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






34. Phases of an attack






35. An early network application that provides information on users currently logged on to a machine.






36. The Security Accounts Manager file in Windows stores all the password hashes for the system.






37. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






38. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






39. A software or hardware application or device that captures user keystrokes.






40. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






41. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






42. PI and PT Ping






43. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






44. The process of recording activity on a system for monitoring and later review.






45. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






46. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






47. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






48. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






49. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






50. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.