Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






2. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






3. Insane scan timing






4. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






5. ICMP Type/Code 11






6. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






7. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






8. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






9. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks






10. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






11. Port 23






12. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door






13. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can






14. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






15. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.






16. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






17. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






18. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






19. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






20. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.






21. A device providing temporary - on-demand - point-to-point network access to users.






22. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






23. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






24. Normal scan timing






25. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






26. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






27. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






28. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






29. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.






30. A method of external testing whereby several systems or resources are used together to effect an attack.






31. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






32. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






33. Monitoring of telephone or Internet conversations - typically by covert means.






34. Using conversation or some other interaction between people to gather useful information.






35. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.






36. A device on a network.






37. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






38. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






39. Hex 04






40. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






41. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






42. Idlescan






43. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






44. Attacks on the actual programming code of an application.






45. Any network incident that prompts some kind of log entry or other notification.






46. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






47. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






48. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






49. A protocol defining packets that are able to be routed by a router.






50. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.