Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






2. A routing protocol developed to be used within a single organization.






3. FTP Bounce Attack






4. Port 88






5. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






6. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.






7. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






8. A device providing temporary - on-demand - point-to-point network access to users.






9. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






10. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






11. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






12. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






13. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






14. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






15. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).






16. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






17. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.






18. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






19. An Application layer protocol for managing devices on an IP network.






20. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






21. Another term for firewalking






22. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






23. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






24. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






25. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






26. ICMP Type/Code 8






27. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






28. A document describing information security guidelines - policies - procedures - and standards.






29. Directory Transversal






30. 18 U.S.C. 1029






31. LM Hash for short passwords (under 7)






32. The process of recording activity on a system for monitoring and later review.






33. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






34. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






35. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






36. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






37. CAN-SPAM






38. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






39. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






40. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






41. Describes practices in production and development that promote access to the end product's source materials.






42. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






43. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






44. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.






45. A Windows-based GUI version of nmap.






46. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.






47. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






48. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






49. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






50. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a