Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. MAC Flooding






2. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






3. Port 161/162






4. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






5. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






6. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






7. ICMP Type/Code 3






8. List Scan






9. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






10. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






11. Port 110






12. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






13. FTP Bounce Attack






14. Port 31337






15. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






16. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






17. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






18. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






19. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






20. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






21. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






22. A Canonical Name record within DNS - used to provide an alias for a domain name.






23. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






24. A free and popular version of the Unix operating system.






25. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






26. Nmap ml output






27. A virus written in a macro language and usually embedded in document or spreadsheet files.






28. Another term for firewalking






29. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






30. Hex 14






31. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






32. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






33. A type of malware that covertly collects information about a user.






34. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






35. A protocol defining packets that are able to be routed by a router.






36. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






37. The software product or system that is the subject of an evaluation.






38. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






39. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






40. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






41. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






42. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






43. Directing a protocol from one port to another.






44. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






45. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






46. A virus designed to infect the master boot record.






47. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






48. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






49. Wrapper or Binder






50. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.