Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






2. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






3. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






4. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






5. Ping Scan






6. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






7. Any network incident that prompts some kind of log entry or other notification.






8. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






9. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






10. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






11. FTP Bounce Attack






12. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






13. A storage buffer that transparently stores data so future requests for the same data can be served faster.






14. Hex 10






15. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






16. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






17. Black hat






18. Computer software or hardware that can intercept and log traffic passing over a digital network.






19. Using conversation or some other interaction between people to gather useful information.






20. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






21. Describes practices in production and development that promote access to the end product's source materials.






22. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






23. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






24. Vulnerability Scanning






25. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






26. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






27. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






28. A denial-of-service technique that uses numerous hosts to perform the attack.






29. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






30. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






31. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






32. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






33. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






34. Normal scan timing






35. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






36. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






37. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






38. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






39. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






40. The combination of all IT assets - resources - components - and systems.






41. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






42. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






43. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.






44. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






45. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






46. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






47. White box test






48. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






49. A record showing which user has accessed a given resource and what operations the user performed during a given period.






50. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.