Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The conveying of official access or legal power to a person or entity.






2. CAN-SPAM






3. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.






4. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






5. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






6. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






7. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.






8. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






9. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






10. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






11. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






12. A command used in HTTP and FTP to retrieve a file from a server.






13. Hex 12






14. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






15. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






16. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






17. Port 137/138/139






18. Port 53






19. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






20. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






21. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






22. Nmap grepable output






23. The software product or system that is the subject of an evaluation.






24. 18 U.S.C. 1030






25. An evaluation conducted to determine the potential for damage to or loss of an IT asset.






26. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






27. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






28. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






29. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






30. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






31. ACK Scan






32. RPC Scan






33. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






34. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






35. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






36. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






37. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






38. A tool that helps a company to compare its actual performance with its potential performance.






39. The level of importance assigned to an IT asset






40. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






41. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






42. A small Trojan program that listens on port 777.






43. Controls to detect anomalies or undesirable events occurring on a system.






44. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






45. An Application layer protocol for sending electronic mail between servers.






46. A point of reference used to mark an initial state in order to manage change.






47. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






48. Hex 14






49. The act of dialing all numbers within an organization to discover open modems.






50. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.