Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The change or growth of a project's scope






2. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






3. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






4. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






5. A person or entity indirectly involved in a relationship between two principles.






6. TCP SYN Scan






7. Nmap ml output






8. An Application layer protocol for sending electronic mail between servers.






9. An evaluation conducted to determine the potential for damage to or loss of an IT asset.






10. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






11. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).






12. The level of importance assigned to an IT asset






13. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






14. Establish Null Session






15. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






16. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






17. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






18. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






19. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






20. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






21. NSA






22. List Scan






23. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






24. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






25. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






26. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






27. nmap






28. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






29. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






30. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






31. A computer virus that infects and spreads in multiple ways.






32. Network Scanning






33. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






34. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






35. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






36. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






37. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






38. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all






39. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






40. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






41. The process of recording activity on a system for monitoring and later review.






42. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






43. A type of malware that covertly collects information about a user.






44. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






45. A defined measure of service within a network system






46. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).






47. Access by information systems (or users) communicating from outside the information system security perimeter.






48. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






49. Port 23






50. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.