Test your basic knowledge |

CEH: Certified Ethical Hacker

  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.

2. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can

3. Metamorphic Virus

4. ACK Scan

5. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.

6. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.

7. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.

8. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use

9. Port 137/138/139

10. 18 U.S.C. 1030

11. A defined measure of service within a network system

12. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.

13. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.

14. The act of dialing all numbers within an organization to discover open modems.

15. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.

16. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.

17. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.

18. The art and science of creating a covert message or image within another message - image - audio - or video file.

19. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.

20. The process of embedding information into a digital signal in a way that makes it difficult to remove.

21. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)

22. Nmap grepable output

23. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu

24. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.

25. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.

26. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.

27. nmap

28. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.

29. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.

30. An evaluation conducted to determine the potential for damage to or loss of an IT asset.

31. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.

32. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio

33. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.

34. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.

35. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.

36. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.

37. The potential for damage to or loss of an IT asset

38. The combination of all IT assets - resources - components - and systems.

39. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p

40. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets

41. A data encryption/decryption program often used for e-mail and file storage.

42. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.

43. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss

44. The steps taken to gather evidence and information on the targets you wish to attack.

45. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.

46. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.

47. A file system used by the Mac OS.

48. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is

49. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.

50. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.