Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






2. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






3. Hashing algorithm that results in a 128-bit output.






4. An informed decision to accept the potential for damage to or loss of an IT asset.






5. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






6. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






7. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






8. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






9. Normal scan timing






10. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






11. TCP connect() scan






12. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






13. An attack that combines a brute-force attack with a dictionary attack.






14. A virus that plants itself in a system's boot sector and infects the master boot record.






15. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






16. A social-engineering attack that manipulates the victim into calling the attacker for help.






17. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






18. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






19. A protocol that allows a client computer to request services from a server and the server to return the results.






20. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






21. Polymorphic Virus






22. A defined measure of service within a network system






23. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.






24. ICMP Ping






25. IP Protocol Scan






26. The process of using easily accessible DNS records to map a target network's internal hosts.






27. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






28. The art and science of creating a covert message or image within another message - image - audio - or video file.






29. Version Detection Scan






30. Establish Null Session






31. A data encryption/decryption program often used for e-mail and file storage.






32. Using conversation or some other interaction between people to gather useful information.






33. Hex 14






34. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






35. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






36. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.






37. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






38. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






39. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






40. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






41. Port 389






42. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.






43. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






44. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






45. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






46. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






47. A person or entity indirectly involved in a relationship between two principles.






48. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






49. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






50. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests