Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






2. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






3. The act of dialing all numbers within an organization to discover open modems.






4. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.






5. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






6. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






7. Version Detection Scan






8. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.






9. Window Scan






10. An Application layer protocol for sending electronic mail between servers.






11. ICMP Netmask






12. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






13. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.






14. Recording the time - normally in a log file - when an event happens or when information is created or modified.






15. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






16. A file system used by the Mac OS.






17. Hex 29






18. A tool that helps a company to compare its actual performance with its potential performance.






19. An attack that combines a brute-force attack with a dictionary attack.






20. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi






21. Hex 14






22. Polymorphic Virus






23. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






24. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.






25. FTP Bounce Attack






26. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






27. Controls to detect anomalies or undesirable events occurring on a system.






28. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






29. 18 U.S.C. 1030






30. Black hat






31. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.






32. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.






33. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






34. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






35. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






36. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






37. A protocol for exchanging packets over a serial line.






38. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






39. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






40. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






41. An adapter that provides the physical connection to send and receive data between the computer and the network media.






42. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






43. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






44. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






45. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






46. A program designed to execute at a specific time to release malicious code onto the computer system or network.






47. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






48. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






49. A computer process that requests a service from another computer and accepts the server's responses.






50. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.