Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






2. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.






3. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






4. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






5. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






6. A free and popular version of the Unix operating system.






7. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






8. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






9. CAN-SPAM






10. A point of reference used to mark an initial state in order to manage change.






11. The change or growth of a project's scope






12. A Canonical Name record within DNS - used to provide an alias for a domain name.






13. LM Hash for short passwords (under 7)






14. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






15. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






16. nmap






17. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






18. Port Scanning

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


19. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






20. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






21. Transmitting one protocol encapsulated inside another protocol.






22. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






23. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






24. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






25. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.






26. A documented process for a procedure designed to be consistent - repeatable - and accountable.






27. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






28. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






29. Two or more LANs connected by a high-speed line across a large geographical area.






30. ICMP Type/Code 3-13






31. The conveying of official access or legal power to a person or entity.






32. A tool that helps a company to compare its actual performance with its potential performance.






33. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






34. ICMP Type/Code 8






35. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






36. Policy stating what users of a system can and cannot do with the organization's assets.






37. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






38. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






39. The act of dialing all numbers within an organization to discover open modems.






40. The process of recording activity on a system for monitoring and later review.






41. A business - government agency - or educational institution that provides access to the Internet.






42. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






43. ICMP Type/Code 3






44. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






45. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






46. The process of embedding information into a digital signal in a way that makes it difficult to remove.






47. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






48. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






49. Describes practices in production and development that promote access to the end product's source materials.






50. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests