Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






2. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






3. A software or hardware application or device that captures user keystrokes.






4. A free and popular version of the Unix operating system.






5. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






6. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






7. A device providing temporary - on-demand - point-to-point network access to users.






8. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






9. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.






10. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






11. Port 88






12. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






13. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






14. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






15. The process of using easily accessible DNS records to map a target network's internal hosts.






16. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






17. Port 389






18. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






19. Port 161/162






20. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






21. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






22. A Windows-based GUI version of nmap.






23. Port 80/81/8080






24. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col






25. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






26. A protocol that allows a client computer to request services from a server and the server to return the results.






27. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






28. ICMP Type/Code 8






29. A group of people - gathered together by a business entity - working to address a specific problem or goal.






30. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






31. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






32. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






33. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






34. A document describing information security guidelines - policies - procedures - and standards.






35. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






36. UDP Scan






37. Port 31337






38. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






39. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






40. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






41. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






42. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






43. 18 U.S.C. 1029






44. RPC Scan






45. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






46. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






47. Directing a protocol from one port to another.






48. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






49. A social-engineering attack using computer resources - such as e-mail or IRC.






50. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests