Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






2. Monitoring of telephone or Internet conversations - typically by covert means.






3. The conveying of official access or legal power to a person or entity.






4. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






5. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






6. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






7. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






8. A documented process for a procedure designed to be consistent - repeatable - and accountable.






9. A computer process that requests a service from another computer and accepts the server's responses.






10. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






11. White box test






12. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






13. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






14. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






15. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






16. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






17. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.






18. A software or hardware defect that often results in system vulnerabilities.






19. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






20. MAC Flooding






21. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






22. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






23. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






24. Recording the time - normally in a log file - when an event happens or when information is created or modified.






25. An evaluation conducted to determine the potential for damage to or loss of an IT asset.






26. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






27. Hex 10






28. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






29. ICMP Type/Code 8






30. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






31. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.






32. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






33. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






34. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






35. Transmitting one protocol encapsulated inside another protocol.






36. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






37. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi






38. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






39. A computer network confined to a relatively small area - such as a single building or campus.






40. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






41. Two or more LANs connected by a high-speed line across a large geographical area.






42. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






43. nmap all output






44. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






45. A wireless networking mode where all clients connect to the wireless network through a central access point.






46. SYN Ping






47. Port 110






48. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






49. A social-engineering attack that manipulates the victim into calling the attacker for help.






50. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra