Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






2. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






3. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






4. nmap






5. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.






6. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






7. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






8. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






9. SYN Ping






10. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






11. A social-engineering attack that manipulates the victim into calling the attacker for help.






12. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






13. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






14. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






15. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






16. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






17. Black box test






18. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






19. Using conversation or some other interaction between people to gather useful information.






20. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






21. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






22. The process of using easily accessible DNS records to map a target network's internal hosts.






23. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






24. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






25. Any item of value or worth to an organization - whether physical or virtual.






26. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






27. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






28. Idlescan






29. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






30. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






31. Ports 20/21






32. Metamorphic Virus






33. A computer file system architecture used in Windows - OS/2 - and most memory cards.






34. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






35. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






36. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






37. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






38. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






39. A group of people - gathered together by a business entity - working to address a specific problem or goal.






40. Port 22






41. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






42. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






43. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






44. Port 110






45. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






46. Hex 29






47. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






48. Hex 10






49. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






50. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.