Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






2. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






3. White box test






4. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






5. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






6. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






7. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






8. NSA






9. Aggressive scan timing






10. A wireless networking mode where all clients connect to the wireless network through a central access point.






11. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a






12. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






13. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






14. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






15. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






16. A social-engineering attack that manipulates the victim into calling the attacker for help.






17. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






18. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere






19. TCP connect() scan






20. nmap






21. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






22. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






23. Port 135






24. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






25. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.






26. The potential for damage to or loss of an IT asset






27. Nmap grepable output






28. List Scan






29. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






30. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






31. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






32. The conveying of official access or legal power to a person or entity.






33. A program designed to execute at a specific time to release malicious code onto the computer system or network.






34. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






35. A host designed to collect data on suspicious activity.






36. The default network authentication suite of protocols for Windows NT 4.0






37. An Application layer protocol for sending electronic mail between servers.






38. A systematic process for the assessment of security vulnerabilities.






39. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






40. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






41. LM Hash for short passwords (under 7)






42. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






43. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






44. Hex 14






45. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






46. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can






47. MAC Flooding






48. Name given to expert groups that handle computer security incidents.






49. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






50. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests