Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The monetary value assigned to an IT asset.






2. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






3. A social-engineering attack using computer resources - such as e-mail or IRC.






4. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






5. A routing protocol developed to be used within a single organization.






6. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






7. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






8. The combination of all IT assets - resources - components - and systems.






9. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






10. The act of dialing all numbers within an organization to discover open modems.






11. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






12. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






13. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






14. Port 110






15. A program designed to execute at a specific time to release malicious code onto the computer system or network.






16. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






17. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






18. The software product or system that is the subject of an evaluation.






19. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






20. The process of recording activity on a system for monitoring and later review.






21. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.






22. Port 137/138/139






23. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






24. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






25. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






26. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






27. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






28. The process of embedding information into a digital signal in a way that makes it difficult to remove.






29. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






30. White box test






31. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets






32. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






33. The exploitation of a security vulnerability






34. An Internet routing protocol used to exchange routing information within an autonomous system.






35. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






36. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.






37. Nmap ml output






38. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).






39. A Windows-based GUI version of nmap.






40. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






41. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






42. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






43. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






44. The change or growth of a project's scope






45. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






46. A defined measure of service within a network system






47. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






48. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.






49. SYN Ping






50. A document describing information security guidelines - policies - procedures - and standards.