Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ex 02






2. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






3. ICMP Type/Code 3-13






4. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






5. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






6. The potential for damage to or loss of an IT asset






7. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






8. nmap






9. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






10. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






11. Hex 04






12. Injecting traffic into the network to identify the operating system of a device.






13. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.






14. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






15. The act of dialing all numbers within an organization to discover open modems.






16. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






17. The combination of all IT assets - resources - components - and systems.






18. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






19. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






20. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






21. Black hat






22. A device providing temporary - on-demand - point-to-point network access to users.






23. Name given to expert groups that handle computer security incidents.






24. Network Scanning






25. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






26. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col






27. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






28. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






29. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






30. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






31. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






32. The transmission of digital signals without precise clocking or synchronization.






33. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






34. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.






35. Port 23






36. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






37. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






38. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






39. An evaluation conducted to determine the potential for damage to or loss of an IT asset.






40. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






41. A type of malware that covertly collects information about a user.






42. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.






43. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






44. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.






45. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






46. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






47. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






48. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






49. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






50. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi