Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






2. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






3. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






4. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






5. A software or hardware defect that often results in system vulnerabilities.






6. A Windows-based GUI version of nmap.






7. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






8. An Application layer protocol for sending electronic mail between servers.






9. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






10. A routing protocol developed to be used within a single organization.






11. An attack that combines a brute-force attack with a dictionary attack.






12. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






13. The change or growth of a project's scope






14. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






15. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






16. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






17. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






18. Shifting responsibility from one party to another






19. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






20. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






21. Port 80/81/8080






22. A computer virus that infects and spreads in multiple ways.






23. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






24. A business - government agency - or educational institution that provides access to the Internet.






25. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






26. UDP Scan






27. A free and popular version of the Unix operating system.






28. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.






29. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.






30. ICMP Type/Code 0-0






31. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






32. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






33. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






34. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.






35. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






36. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.






37. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






38. The process of embedding information into a digital signal in a way that makes it difficult to remove.






39. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






40. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






41. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






42. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






43. Injecting traffic into the network to identify the operating system of a device.






44. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






45. Paranoid scan timing






46. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






47. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






48. Cracking Tools






49. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






50. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.