Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.






2. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






3. Shifting responsibility from one party to another






4. ICMP Type/Code 3






5. A group of people - gathered together by a business entity - working to address a specific problem or goal.






6. A computer process that requests a service from another computer and accepts the server's responses.






7. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.






8. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






9. A computer network confined to a relatively small area - such as a single building or campus.






10. Port 23






11. Hex 14






12. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






13. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






14. Access by information systems (or users) communicating from outside the information system security perimeter.






15. An early network application that provides information on users currently logged on to a machine.






16. A group of experts that handles computer security incidents.






17. The concept of having more than one person required to complete a task






18. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.






19. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






20. The potential for damage to or loss of an IT asset






21. A social-engineering attack that manipulates the victim into calling the attacker for help.






22. Policy stating what users of a system can and cannot do with the organization's assets.






23. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






24. The Security Accounts Manager file in Windows stores all the password hashes for the system.






25. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






26. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






27. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






28. Port 53






29. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






30. Vulnerability Scanning






31. Establish Null Session






32. Directory Transversal






33. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






34. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






35. 18 U.S.C. 1029






36. Port 110






37. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






38. A Windows-based GUI version of nmap.






39. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






40. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






41. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






42. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






43. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






44. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






45. Paranoid scan timing






46. Transmitting one protocol encapsulated inside another protocol.






47. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






48. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






49. A document describing information security guidelines - policies - procedures - and standards.






50. Monitoring of telephone or Internet conversations - typically by covert means.