Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Port 23






2. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






3. nmap






4. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






5. Port 110






6. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






7. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






8. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






9. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






10. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






11. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






12. A storage buffer that transparently stores data so future requests for the same data can be served faster.






13. The combination of all IT assets - resources - components - and systems.






14. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






15. A small Trojan program that listens on port 777.






16. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






17. FIN Scan






18. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.






19. A file system used by the Mac OS.






20. A routing protocol developed to be used within a single organization.






21. UDP Scan






22. A free and popular version of the Unix operating system.






23. A communications protocol used for browsing the Internet.






24. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






25. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






26. ex 02






27. A business - government agency - or educational institution that provides access to the Internet.






28. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






29. NSA






30. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






31. The steps taken to gather evidence and information on the targets you wish to attack.






32. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






33. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






34. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






35. Port 135






36. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






37. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






38. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).






39. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






40. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






41. Port 389






42. The level of importance assigned to an IT asset






43. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






44. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






45. CAN-SPAM






46. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






47. Controls to detect anomalies or undesirable events occurring on a system.






48. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






49. TCP SYN Scan






50. A data encryption/decryption program often used for e-mail and file storage.