Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Using conversation or some other interaction between people to gather useful information.






2. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






3. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






4. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






5. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






6. Transmitting one protocol encapsulated inside another protocol.






7. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






8. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






9. ICMP Type/Code 11






10. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






11. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






12. The condition of a resource being ready for use and accessible by authorized users.






13. A string that represents the location of a web resource






14. MAC Flooding






15. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






16. Insane scan timing






17. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






18. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






19. Port 80/81/8080






20. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.






21. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






22. Port 22






23. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






24. Sneaky scan timing






25. Port 31337






26. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






27. Black box test






28. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






29. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






30. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.






31. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






32. Computer software or hardware that can intercept and log traffic passing over a digital network.






33. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






34. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






35. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






36. A file system used by the Mac OS.






37. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






38. Hex 14






39. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






40. Hex 04






41. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






42. Vulnerability Scanning






43. PI and PT Ping






44. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






45. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






46. The change or growth of a project's scope






47. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






48. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






49. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






50. The process of systematically testing each port on a firewall to map rules and determine accessible ports.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests