Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A documented process for a procedure designed to be consistent - repeatable - and accountable.






2. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






3. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






4. Port 31337






5. Paranoid scan timing






6. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






7. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






8. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






9. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






10. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






11. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






12. A list of IP addresses and corresponding MAC addresses stored on a local computer.






13. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






14. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






15. Using conversation or some other interaction between people to gather useful information.






16. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






17. PI and PT Ping






18. A type of malware that covertly collects information about a user.






19. Hashing algorithm that results in a 128-bit output.






20. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






21. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






22. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.






23. A communications protocol used for browsing the Internet.






24. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






25. The change or growth of a project's scope






26. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






27. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






28. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






29. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks






30. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






31. Insane scan timing






32. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman






33. Port 137/138/139






34. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






35. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door






36. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






37. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






38. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.






39. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






40. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






41. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






42. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






43. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






44. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.






45. An adapter that provides the physical connection to send and receive data between the computer and the network media.






46. Hex 10






47. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






48. A command used in HTTP and FTP to retrieve a file from a server.






49. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).






50. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.