Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






2. A program designed to execute at a specific time to release malicious code onto the computer system or network.






3. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






4. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






5. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






6. Window Scan






7. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






8. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






9. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






10. Port 80/81/8080






11. A device on a network.






12. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






13. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






14. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






15. Injecting traffic into the network to identify the operating system of a device.






16. The level of importance assigned to an IT asset






17. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






18. Nmap ml output






19. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






20. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






21. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






22. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






23. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






24. Two or more LANs connected by a high-speed line across a large geographical area.






25. Paranoid scan timing






26. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






27. A person or entity indirectly involved in a relationship between two principles.






28. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






29. Hex 04






30. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






31. Computer software or hardware that can intercept and log traffic passing over a digital network.






32. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






33. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






34. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






35. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it






36. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






37. Directing a protocol from one port to another.






38. Recording the time - normally in a log file - when an event happens or when information is created or modified.






39. A group of people - gathered together by a business entity - working to address a specific problem or goal.






40. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






41. The transmission of digital signals without precise clocking or synchronization.






42. The process of determining if a network entity (user or service) is legitimate






43. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






44. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).






45. Port 22






46. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






47. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






48. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






49. A free and popular version of the Unix operating system.






50. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.