Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Directory Transversal






2. nmap all output






3. An organized collection of data.






4. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






5. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






6. A command used in HTTP and FTP to retrieve a file from a server.






7. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






8. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.






9. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






10. Port 88






11. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






12. Any network incident that prompts some kind of log entry or other notification.






13. SYN Ping






14. Cracking Tools






15. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






16. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.






17. A systematic process for the assessment of security vulnerabilities.






18. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






19. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






20. Sneaky scan timing






21. Access by information systems (or users) communicating from outside the information system security perimeter.






22. Directing a protocol from one port to another.






23. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






24. Port 137/138/139






25. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






26. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






27. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






28. A software or hardware defect that often results in system vulnerabilities.






29. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






30. A communications protocol used for browsing the Internet.






31. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






32. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






33. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






34. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






35. The concept of having more than one person required to complete a task






36. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.






37. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.






38. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






39. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






40. PI and PT Ping






41. A denial-of-service technique that uses numerous hosts to perform the attack.






42. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






43. Port 23






44. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






45. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






46. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






47. Insane scan timing






48. The transmission of digital signals without precise clocking or synchronization.






49. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






50. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.