Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






2. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






3. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






4. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






5. An Application layer protocol for sending electronic mail between servers.






6. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






7. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






8. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






9. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






10. Port 53






11. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






12. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






13. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.






14. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






15. The condition of a resource being ready for use and accessible by authorized users.






16. MAC Flooding






17. Incremental Substitution






18. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






19. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






20. Network Scanning






21. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






22. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






23. nmap all output






24. The change or growth of a project's scope






25. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






26. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






27. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






28. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






29. A wireless networking mode where all clients connect to the wireless network through a central access point.






30. The process of using easily accessible DNS records to map a target network's internal hosts.






31. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






32. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






33. Hashing algorithm that results in a 128-bit output.






34. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






35. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






36. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






37. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






38. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






39. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






40. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






41. Cracking Tools






42. Black box test






43. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






44. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






45. A defined measure of service within a network system






46. Black hat






47. A tool that helps a company to compare its actual performance with its potential performance.






48. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






49. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






50. Looking over an authorized user's shoulder in order to steal information (such as authentication information).