Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Metamorphic Virus






2. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






3. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






4. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






5. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.






6. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.






7. Nmap normal output






8. MAC Flooding






9. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






10. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






11. An evaluation conducted to determine the potential for damage to or loss of an IT asset.






12. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






13. List Scan






14. Computer software or hardware that can intercept and log traffic passing over a digital network.






15. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






16. SYN Ping






17. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






18. A device providing temporary - on-demand - point-to-point network access to users.






19. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






20. A string that represents the location of a web resource






21. Phases of an attack






22. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






23. A social-engineering attack that manipulates the victim into calling the attacker for help.






24. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






25. The default network authentication suite of protocols for Windows NT 4.0






26. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






27. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






28. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






29. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






30. Directing a protocol from one port to another.






31. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






32. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






33. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






34. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






35. ICMP Type/Code 11






36. Establish Null Session






37. An attack that exploits the common mistake many people make when installing operating systems






38. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere






39. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






40. ICMP Type/Code 0-0






41. An early network application that provides information on users currently logged on to a machine.






42. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.






43. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






44. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






45. A documented process for a procedure designed to be consistent - repeatable - and accountable.






46. Version Detection Scan






47. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






48. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






49. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






50. Sneaky scan timing






Can you answer 50 questions in 15 minutes?



Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests