Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






2. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






3. The process of using easily accessible DNS records to map a target network's internal hosts.






4. Recording the time - normally in a log file - when an event happens or when information is created or modified.






5. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).






6. Port 23






7. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






8. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






9. Describes practices in production and development that promote access to the end product's source materials.






10. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






11. Shifting responsibility from one party to another






12. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.






13. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






14. Any item of value or worth to an organization - whether physical or virtual.






15. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






16. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.






17. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






18. A free and popular version of the Unix operating system.






19. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






20. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






21. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






22. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






23. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






24. ICMP Timestamp






25. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






26. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






27. A communications protocol used for browsing the Internet.






28. A business - government agency - or educational institution that provides access to the Internet.






29. Version Detection Scan






30. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






31. Directing a protocol from one port to another.






32. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.






33. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






34. Xmas Tree scan






35. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






36. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






37. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






38. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






39. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






40. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






41. Paranoid scan timing






42. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.






43. Window Scan






44. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






45. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






46. Injecting traffic into the network to identify the operating system of a device.






47. Hex 14






48. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






49. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






50. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.