Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






2. The change or growth of a project's scope






3. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






4. Port 161/162






5. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






6. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






7. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






8. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






9. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.






10. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






11. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






12. A file system used by the Mac OS.






13. Any item of value or worth to an organization - whether physical or virtual.






14. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






15. don't ping






16. A wireless networking mode where all clients connect to the wireless network through a central access point.






17. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






18. An Application layer protocol for sending electronic mail between servers.






19. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi






20. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






21. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.






22. ICMP Type/Code 0-0






23. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






24. A host designed to collect data on suspicious activity.






25. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






26. A software or hardware defect that often results in system vulnerabilities.






27. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






28. A protocol defining packets that are able to be routed by a router.






29. Idlescan






30. Any network incident that prompts some kind of log entry or other notification.






31. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






32. Black box test






33. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






34. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






35. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






36. Port 110






37. A Windows-based GUI version of nmap.






38. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






39. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it






40. Normal scan timing






41. nmap






42. The Security Accounts Manager file in Windows stores all the password hashes for the system.






43. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






44. Formal description and evaluation of the vulnerabilities in an information system






45. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.






46. A tool that helps a company to compare its actual performance with its potential performance.






47. A virus written in a macro language and usually embedded in document or spreadsheet files.






48. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






49. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






50. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur