Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.






2. Port 31337






3. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






4. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






5. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






6. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






7. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






8. CAN-SPAM






9. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






10. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






11. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






12. Port 80/81/8080






13. Ping Scan






14. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.






15. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






16. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






17. A social-engineering attack that manipulates the victim into calling the attacker for help.






18. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






19. A group of experts that handles computer security incidents.






20. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






21. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.






22. Hex 10






23. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






24. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






25. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






26. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).






27. Version Detection Scan






28. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






29. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






30. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






31. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






32. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






33. NSA






34. The process of recording activity on a system for monitoring and later review.






35. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






36. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






37. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






38. Hashing algorithm that results in a 128-bit output.






39. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






40. A storage buffer that transparently stores data so future requests for the same data can be served faster.






41. Establish Null Session






42. A computer virus that infects and spreads in multiple ways.






43. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






44. A protocol used for sending and receiving log information for nodes on a network.






45. A computer file system architecture used in Windows - OS/2 - and most memory cards.






46. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






47. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






48. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






49. TCP SYN Scan






50. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.