Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






2. A file system used by the Mac OS.






3. Metamorphic Virus






4. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






5. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






6. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






7. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






8. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






9. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






10. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






11. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






12. A business - government agency - or educational institution that provides access to the Internet.






13. Port 23






14. Computer software or hardware that can intercept and log traffic passing over a digital network.






15. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






16. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.






17. Xmas Tree scan






18. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






19. A list of IP addresses and corresponding MAC addresses stored on a local computer.






20. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






21. Injecting traffic into the network to identify the operating system of a device.






22. The conveying of official access or legal power to a person or entity.






23. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






24. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






25. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a






26. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






27. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.






28. ICMP Ping






29. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






30. An adapter that provides the physical connection to send and receive data between the computer and the network media.






31. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






32. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






33. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.






34. Hex 12






35. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






36. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






37. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






38. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






39. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






40. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






41. A point of reference used to mark an initial state in order to manage change.






42. A protocol defining packets that are able to be routed by a router.






43. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






44. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






45. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






46. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






47. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






48. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






49. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






50. A host designed to collect data on suspicious activity.