Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






2. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






3. SYN Ping






4. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






5. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






6. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






7. Hex 14






8. A group of experts that handles computer security incidents.






9. Name given to expert groups that handle computer security incidents.






10. The process of determining if a network entity (user or service) is legitimate






11. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






12. A command used in HTTP and FTP to retrieve a file from a server.






13. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






14. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






15. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






16. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets






17. The conveying of official access or legal power to a person or entity.






18. Monitoring of telephone or Internet conversations - typically by covert means.






19. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






20. A portion of memory used to temporarily store output or input data.






21. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






22. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






23. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






24. A type of encryption where the same key is used to encrypt and decrypt the message.






25. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






26. Microsoft SID 500






27. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






28. Directing a protocol from one port to another.






29. Port 110






30. The combination of all IT assets - resources - components - and systems.






31. A program designed to execute at a specific time to release malicious code onto the computer system or network.






32. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






33. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






34. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






35. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






36. Xmas Tree scan






37. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.






38. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






39. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






40. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






41. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col






42. The ability to trace actions performed on a system to a specific user or system entity.






43. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






44. Evaluation in which testers attempt to penetrate the network.






45. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






46. Port 137/138/139






47. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption






48. Hashing algorithm that results in a 128-bit output.






49. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






50. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.