Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






2. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.






3. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






4. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






5. A person or entity indirectly involved in a relationship between two principles.






6. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






7. UDP Scan






8. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






9. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






10. Cracking Tools






11. Aggressive scan timing






12. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






13. TCP SYN Scan






14. Nmap grepable output






15. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






16. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






17. A protocol that allows a client computer to request services from a server and the server to return the results.






18. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.






19. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






20. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






21. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






22. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets






23. The act of dialing all numbers within an organization to discover open modems.






24. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






25. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






26. Describes practices in production and development that promote access to the end product's source materials.






27. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






28. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






29. ICMP Type/Code 11






30. A list of IP addresses and corresponding MAC addresses stored on a local computer.






31. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






32. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






33. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.






34. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






35. Establish Null Session






36. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






37. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






38. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






39. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






40. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






41. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






42. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






43. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






44. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






45. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






46. A routing protocol developed to be used within a single organization.






47. A document describing information security guidelines - policies - procedures - and standards.






48. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






49. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






50. NSA