Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






2. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






3. An evaluation conducted to determine the potential for damage to or loss of an IT asset.






4. An attack that combines a brute-force attack with a dictionary attack.






5. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






6. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






7. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






8. A protocol for exchanging packets over a serial line.






9. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






10. The art and science of creating a covert message or image within another message - image - audio - or video file.






11. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






12. The condition of a resource being ready for use and accessible by authorized users.






13. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






14. A file system used by the Mac OS.






15. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






16. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






17. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






18. Metamorphic Virus






19. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






20. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






21. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






22. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






23. A computer network confined to a relatively small area - such as a single building or campus.






24. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






25. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






26. A Windows-based GUI version of nmap.






27. A Canonical Name record within DNS - used to provide an alias for a domain name.






28. NSA






29. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






30. A documented process for a procedure designed to be consistent - repeatable - and accountable.






31. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






32. The potential for damage to or loss of an IT asset






33. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






34. Phases of an attack






35. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






36. Normal scan timing






37. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






38. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman






39. Paranoid scan timing






40. Port 53






41. Two or more LANs connected by a high-speed line across a large geographical area.






42. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.






43. Describes practices in production and development that promote access to the end product's source materials.






44. A document describing information security guidelines - policies - procedures - and standards.






45. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






46. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






47. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col






48. A small Trojan program that listens on port 777.






49. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






50. Transmitting one protocol encapsulated inside another protocol.