Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






2. A method of external testing whereby several systems or resources are used together to effect an attack.






3. nmap






4. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






5. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






6. Hex 10






7. Version Detection Scan






8. Shifting responsibility from one party to another






9. Injecting traffic into the network to identify the operating system of a device.






10. Recording the time - normally in a log file - when an event happens or when information is created or modified.






11. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






12. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






13. LM Hash for short passwords (under 7)






14. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.






15. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






16. A documented process for a procedure designed to be consistent - repeatable - and accountable.






17. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






18. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






19. nmap all output






20. Paranoid scan timing






21. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.






22. CAN-SPAM






23. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






24. Port 31337






25. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






26. A systematic process for the assessment of security vulnerabilities.






27. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






28. A social-engineering attack that manipulates the victim into calling the attacker for help.






29. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere






30. A computer virus that infects and spreads in multiple ways.






31. Hashing algorithm that results in a 128-bit output.






32. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






33. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






34. Policy stating what users of a system can and cannot do with the organization's assets.






35. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.






36. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






37. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






38. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






39. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.






40. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






41. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






42. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






43. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






44. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






45. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






46. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






47. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






48. The default network authentication suite of protocols for Windows NT 4.0






49. Vulnerability Scanning






50. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr