Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






2. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






3. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






4. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets






5. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






6. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






7. A device on a network.






8. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






9. A list of IP addresses and corresponding MAC addresses stored on a local computer.






10. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.






11. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.






12. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






13. A computer virus that infects and spreads in multiple ways.






14. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






15. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






16. The change or growth of a project's scope






17. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






18. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






19. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






20. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






21. The conveying of official access or legal power to a person or entity.






22. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






23. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.






24. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






25. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






26. A group of people - gathered together by a business entity - working to address a specific problem or goal.






27. SYN Ping






28. NSA






29. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






30. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






31. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






32. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






33. The monetary value assigned to an IT asset.






34. The steps taken to gather evidence and information on the targets you wish to attack.






35. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






36. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






37. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






38. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






39. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






40. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






41. A type of encryption where the same key is used to encrypt and decrypt the message.






42. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






43. Normal scan timing






44. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






45. Polite scan timing






46. The default network authentication suite of protocols for Windows NT 4.0






47. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






48. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






49. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






50. Directing a protocol from one port to another.