Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets






2. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






3. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






4. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






5. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






6. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






7. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






8. Vulnerability Scanning






9. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






10. A protocol for exchanging packets over a serial line.






11. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






12. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






13. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






14. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.






15. The ability to trace actions performed on a system to a specific user or system entity.






16. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






17. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






18. Recording the time - normally in a log file - when an event happens or when information is created or modified.






19. A social-engineering attack using computer resources - such as e-mail or IRC.






20. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.






21. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






22. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






23. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






24. A free and popular version of the Unix operating system.






25. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






26. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






27. Port 110






28. Port 135






29. A data encryption/decryption program often used for e-mail and file storage.






30. Port 23






31. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






32. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






33. A wireless networking mode where all clients connect to the wireless network through a central access point.






34. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






35. Aggressive scan timing






36. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






37. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






38. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






39. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






40. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






41. A file system used by the Mac OS.






42. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






43. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






44. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






45. ICMP Type/Code 3






46. Polite scan timing






47. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






48. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






49. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






50. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.