Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






2. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






3. Recording the time - normally in a log file - when an event happens or when information is created or modified.






4. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






5. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






6. A virus designed to infect the master boot record.






7. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






8. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






9. A data encryption/decryption program often used for e-mail and file storage.






10. The process of embedding information into a digital signal in a way that makes it difficult to remove.






11. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






12. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






13. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






14. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






15. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






16. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






17. UDP Scan






18. Port 88






19. Nmap ml output






20. Window Scan






21. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






22. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






23. Controls to detect anomalies or undesirable events occurring on a system.






24. Ports 20/21






25. Using conversation or some other interaction between people to gather useful information.






26. Port 23






27. A computer process that requests a service from another computer and accepts the server's responses.






28. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






29. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.






30. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






31. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






32. nmap






33. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






34. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






35. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






36. Name given to expert groups that handle computer security incidents.






37. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






38. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






39. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






40. A list of IP addresses and corresponding MAC addresses stored on a local computer.






41. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






42. A command used in HTTP and FTP to retrieve a file from a server.






43. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






44. A routing protocol developed to be used within a single organization.






45. The steps taken to gather evidence and information on the targets you wish to attack.






46. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






47. A documented process for a procedure designed to be consistent - repeatable - and accountable.






48. LM Hash for short passwords (under 7)






49. A protocol used to pass control and error messages between nodes on the Internet.






50. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.