Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






2. The software product or system that is the subject of an evaluation.






3. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.






4. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






5. Port 80/81/8080






6. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






7. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






8. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.






9. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






10. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






11. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






12. ICMP Netmask






13. Wrapper or Binder






14. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






15. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






16. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






17. nmap






18. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






19. A documented process for a procedure designed to be consistent - repeatable - and accountable.






20. An organized collection of data.






21. An attack that exploits the common mistake many people make when installing operating systems






22. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






23. A computer virus that infects and spreads in multiple ways.






24. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.






25. Name given to expert groups that handle computer security incidents.






26. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






27. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






28. ICMP Type/Code 3-13






29. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






30. An adapter that provides the physical connection to send and receive data between the computer and the network media.






31. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






32. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






33. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






34. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






35. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






36. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






37. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






38. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






39. A device providing temporary - on-demand - point-to-point network access to users.






40. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






41. Nmap grepable output






42. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






43. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






44. Hex 14






45. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






46. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






47. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






48. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






49. 18 U.S.C. 1029






50. Hex 04