Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






2. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption






3. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






4. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






5. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






6. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






7. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






8. Port 23






9. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.






10. An Internet routing protocol used to exchange routing information within an autonomous system.






11. Hex 10






12. Hashing algorithm that results in a 128-bit output.






13. An Application layer protocol for sending electronic mail between servers.






14. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.






15. The software product or system that is the subject of an evaluation.






16. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






17. Port 22






18. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






19. A protocol used to pass control and error messages between nodes on the Internet.






20. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all






21. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






22. Port 135






23. Transmitting one protocol encapsulated inside another protocol.






24. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






25. A computer virus that infects and spreads in multiple ways.






26. ICMP Type/Code 0-0






27. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






28. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






29. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






30. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






31. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






32. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






33. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






34. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






35. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






36. Cracking Tools






37. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






38. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






39. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






40. Recording the time - normally in a log file - when an event happens or when information is created or modified.






41. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






42. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).






43. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






44. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






45. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






46. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






47. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






48. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






49. A social-engineering attack using computer resources - such as e-mail or IRC.






50. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.