Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The art and science of creating a covert message or image within another message - image - audio - or video file.






2. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






3. Computer software or hardware that can intercept and log traffic passing over a digital network.






4. A small Trojan program that listens on port 777.






5. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






6. A record showing which user has accessed a given resource and what operations the user performed during a given period.






7. FTP Bounce Attack






8. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






9. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






10. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






11. The act of dialing all numbers within an organization to discover open modems.






12. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






13. Any item of value or worth to an organization - whether physical or virtual.






14. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






15. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






16. PI and PT Ping






17. A file system used by the Mac OS.






18. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






19. Black box test






20. Two or more LANs connected by a high-speed line across a large geographical area.






21. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.






22. NSA






23. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






24. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






25. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






26. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.






27. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






28. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






29. A string that represents the location of a web resource






30. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






31. A method of external testing whereby several systems or resources are used together to effect an attack.






32. Monitoring of telephone or Internet conversations - typically by covert means.






33. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






34. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






35. Port 135






36. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






37. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






38. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






39. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






40. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






41. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






42. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.






43. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






44. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






45. A software or hardware defect that often results in system vulnerabilities.






46. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






47. SYN Ping






48. Port 80/81/8080






49. The condition of a resource being ready for use and accessible by authorized users.






50. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.