Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The potential for damage to or loss of an IT asset






2. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






3. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






4. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






5. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






6. A group of people - gathered together by a business entity - working to address a specific problem or goal.






7. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






8. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






9. Vulnerability Scanning






10. ICMP Type/Code 3-13






11. A string that represents the location of a web resource






12. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door






13. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi






14. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






15. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






16. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






17. The concept of having more than one person required to complete a task






18. Port 53






19. Insane scan timing






20. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






21. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






22. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






23. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






24. Computer software or hardware that can intercept and log traffic passing over a digital network.






25. A protocol used to pass control and error messages between nodes on the Internet.






26. Port 135






27. An adapter that provides the physical connection to send and receive data between the computer and the network media.






28. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






29. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






30. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






31. The exploitation of a security vulnerability






32. A protocol for exchanging packets over a serial line.






33. An Internet routing protocol used to exchange routing information within an autonomous system.






34. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






35. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).






36. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all






37. An attack that exploits the common mistake many people make when installing operating systems






38. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






39. An attack that combines a brute-force attack with a dictionary attack.






40. TCP connect() scan






41. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






42. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






43. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






44. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






45. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






46. Monitoring of telephone or Internet conversations - typically by covert means.






47. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






48. Black hat






49. The Security Accounts Manager file in Windows stores all the password hashes for the system.






50. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.