Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. TCP connect() scan






2. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






3. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






4. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






5. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.






6. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






7. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






8. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






9. A group of experts that handles computer security incidents.






10. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






11. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






12. ICMP Timestamp






13. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






14. Hex 14






15. Sneaky scan timing






16. An adapter that provides the physical connection to send and receive data between the computer and the network media.






17. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






18. The default network authentication suite of protocols for Windows NT 4.0






19. The change or growth of a project's scope






20. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






21. Another term for firewalking






22. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






23. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






24. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






25. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






26. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






27. Ports 20/21






28. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks






29. Port 31337






30. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






31. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






32. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






33. A free and popular version of the Unix operating system.






34. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






35. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






36. A business - government agency - or educational institution that provides access to the Internet.






37. IP Protocol Scan






38. Nmap grepable output






39. Port 110






40. Paranoid scan timing






41. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






42. An organized collection of data.






43. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.






44. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






45. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






46. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






47. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets






48. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






49. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






50. Port 53