Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Access by information systems (or users) communicating from outside the information system security perimeter.






2. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.






3. A string that represents the location of a web resource






4. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






5. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






6. don't ping






7. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






8. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






9. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






10. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






11. The level of importance assigned to an IT asset






12. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






13. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






14. A protocol used to pass control and error messages between nodes on the Internet.






15. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






16. The lack of clocking (imposed time ordering) on a bit stream.






17. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






18. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






19. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






20. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






21. Port 53






22. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.






23. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.






24. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






25. Nmap normal output






26. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






27. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






28. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks






29. Recording the time - normally in a log file - when an event happens or when information is created or modified.






30. A host designed to collect data on suspicious activity.






31. Window Scan






32. ICMP Ping






33. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






34. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






35. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






36. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






37. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.






38. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






39. A group of experts that handles computer security incidents.






40. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






41. ICMP Netmask






42. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






43. A person or entity indirectly involved in a relationship between two principles.






44. Any item of value or worth to an organization - whether physical or virtual.






45. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






46. A file system used by the Mac OS.






47. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






48. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






49. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






50. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur