Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






2. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






3. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






4. A record showing which user has accessed a given resource and what operations the user performed during a given period.






5. ICMP Type/Code 3






6. The potential for damage to or loss of an IT asset






7. Port 88






8. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






9. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






10. The process of embedding information into a digital signal in a way that makes it difficult to remove.






11. A business - government agency - or educational institution that provides access to the Internet.






12. A software or hardware application or device that captures user keystrokes.






13. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






14. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






15. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






16. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






17. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






18. LM Hash for short passwords (under 7)






19. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door






20. don't ping






21. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.






22. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






23. CAN-SPAM






24. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






25. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






26. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






27. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






28. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






29. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.






30. Ping Scan






31. A social-engineering attack using computer resources - such as e-mail or IRC.






32. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






33. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






34. Access by information systems (or users) communicating from outside the information system security perimeter.






35. ICMP Type/Code 3-13






36. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.






37. A device on a network.






38. The process of determining if a network entity (user or service) is legitimate






39. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






40. Port 80/81/8080






41. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.






42. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






43. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






44. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






45. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






46. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






47. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






48. Shifting responsibility from one party to another






49. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






50. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).