Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Aggressive scan timing






2. A file system used by the Mac OS.






3. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






4. ex 02






5. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






6. An early network application that provides information on users currently logged on to a machine.






7. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






8. Formal description and evaluation of the vulnerabilities in an information system






9. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






10. UDP Scan






11. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






12. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






13. Port 22






14. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






15. A tool that helps a company to compare its actual performance with its potential performance.






16. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






17. The level of importance assigned to an IT asset






18. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






19. Port 23






20. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.






21. A program designed to execute at a specific time to release malicious code onto the computer system or network.






22. A computer virus that infects and spreads in multiple ways.






23. An Application layer protocol for managing devices on an IP network.






24. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.






25. MAC Flooding






26. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.






27. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






28. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






29. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






30. Incremental Substitution






31. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col






32. A portion of memory used to temporarily store output or input data.






33. Shifting responsibility from one party to another






34. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






35. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






36. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






37. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






38. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.






39. The software product or system that is the subject of an evaluation.






40. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






41. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






42. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






43. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






44. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






45. Port 53






46. The act of dialing all numbers within an organization to discover open modems.






47. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






48. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






49. The lack of clocking (imposed time ordering) on a bit stream.






50. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio