Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






2. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






3. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






4. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets






5. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it






6. A file system used by the Mac OS.






7. The transmission of digital signals without precise clocking or synchronization.






8. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can






9. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






10. The steps taken to gather evidence and information on the targets you wish to attack.






11. Access by information systems (or users) communicating from outside the information system security perimeter.






12. A systematic process for the assessment of security vulnerabilities.






13. A virus written in a macro language and usually embedded in document or spreadsheet files.






14. Establish Null Session






15. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






16. A computer virus that infects and spreads in multiple ways.






17. A protocol for exchanging packets over a serial line.






18. The monetary value assigned to an IT asset.






19. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






20. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).






21. Nmap ml output






22. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






23. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






24. nmap






25. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






26. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






27. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






28. Polite scan timing






29. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






30. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






31. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






32. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.






33. The lack of clocking (imposed time ordering) on a bit stream.






34. A documented process for a procedure designed to be consistent - repeatable - and accountable.






35. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






36. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






37. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






38. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






39. A protocol used for sending and receiving log information for nodes on a network.






40. nmap






41. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






42. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






43. A defined measure of service within a network system






44. White box test






45. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






46. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






47. The act of dialing all numbers within an organization to discover open modems.






48. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






49. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






50. A command used in HTTP and FTP to retrieve a file from a server.