Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A portion of memory used to temporarily store output or input data.






2. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






3. A protocol for exchanging packets over a serial line.






4. The process of using easily accessible DNS records to map a target network's internal hosts.






5. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






6. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






7. SYN Ping






8. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






9. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






10. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






11. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






12. Version Detection Scan






13. The transmission of digital signals without precise clocking or synchronization.






14. NSA






15. ICMP Type/Code 3-13






16. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






17. A virus written in a macro language and usually embedded in document or spreadsheet files.






18. The concept of having more than one person required to complete a task






19. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






20. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






21. A business - government agency - or educational institution that provides access to the Internet.






22. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






23. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






24. A person or entity indirectly involved in a relationship between two principles.






25. Monitoring of telephone or Internet conversations - typically by covert means.






26. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






27. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






28. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door






29. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






30. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.






31. The combination of all IT assets - resources - components - and systems.






32. nmap






33. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.






34. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.






35. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






36. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






37. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






38. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






39. A small Trojan program that listens on port 777.






40. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






41. Name given to expert groups that handle computer security incidents.






42. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






43. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman






44. Injecting traffic into the network to identify the operating system of a device.






45. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






46. A record showing which user has accessed a given resource and what operations the user performed during a given period.






47. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






48. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






49. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






50. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.