Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






2. Nmap ml output






3. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






4. FIN Scan






5. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.






6. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






7. The combination of all IT assets - resources - components - and systems.






8. nmap all output






9. A business - government agency - or educational institution that provides access to the Internet.






10. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






11. Ping Scan






12. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






13. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






14. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






15. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






16. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






17. An organized collection of data.






18. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.






19. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






20. Phases of an attack






21. An informed decision to accept the potential for damage to or loss of an IT asset.






22. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






23. ICMP Timestamp






24. A virus written in a macro language and usually embedded in document or spreadsheet files.






25. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






26. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






27. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






28. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






29. FTP Bounce Attack






30. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






31. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






32. An attack that exploits the common mistake many people make when installing operating systems






33. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






34. Monitoring of telephone or Internet conversations - typically by covert means.






35. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






36. Insane scan timing






37. A computer file system architecture used in Windows - OS/2 - and most memory cards.






38. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






39. The conveying of official access or legal power to a person or entity.






40. Polymorphic Virus






41. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






42. TCP Ping






43. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.






44. A wireless networking mode where all clients connect to the wireless network through a central access point.






45. ICMP Ping






46. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






47. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






48. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






49. An early network application that provides information on users currently logged on to a machine.






50. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.