Test your basic knowledge |

CEH: Certified Ethical Hacker

  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.

2. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.

3. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc

4. ICMP Type/Code 3

5. ex 02

6. Any network incident that prompts some kind of log entry or other notification.

7. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.

8. A document describing information security guidelines - policies - procedures - and standards.

9. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets

10. The condition of a resource being ready for use and accessible by authorized users.

11. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.

12. Port 31337

13. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.

14. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.

15. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.

16. Normal scan timing

17. An attack that exploits the common mistake many people make when installing operating systems

18. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.

19. A device on a network.

20. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.

21. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.

22. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.

23. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.

24. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely

25. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.

26. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.

27. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.

28. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.

29. List Scan

30. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.

31. Network Scanning

32. Hashing algorithm that results in a 128-bit output.

33. 18 U.S.C. 1029

34. The act of dialing all numbers within an organization to discover open modems.

35. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa

36. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.

37. A program designed to execute at a specific time to release malicious code onto the computer system or network.

38. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.

39. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.

40. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).

41. nmap

42. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.

43. A denial-of-service technique that uses numerous hosts to perform the attack.

44. Port 22

45. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points

46. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.

47. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.

48. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.

49. The combination of all IT assets - resources - components - and systems.

50. An adapter that provides the physical connection to send and receive data between the computer and the network media.