Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






2. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.






3. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






4. A business - government agency - or educational institution that provides access to the Internet.






5. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






6. Port 22






7. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






8. Polite scan timing






9. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






10. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






11. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






12. The software product or system that is the subject of an evaluation.






13. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






14. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






15. Formal description and evaluation of the vulnerabilities in an information system






16. A group of people - gathered together by a business entity - working to address a specific problem or goal.






17. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






18. A Canonical Name record within DNS - used to provide an alias for a domain name.






19. Cracking Tools






20. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






21. A free and popular version of the Unix operating system.






22. 18 U.S.C. 1029






23. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






24. A computer network confined to a relatively small area - such as a single building or campus.






25. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door






26. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






27. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






28. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






29. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






30. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






31. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






32. A string that represents the location of a web resource






33. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






34. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






35. The level of importance assigned to an IT asset






36. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






37. Hex 10






38. A communications protocol used for browsing the Internet.






39. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






40. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






41. 18 U.S.C. 1030






42. A host designed to collect data on suspicious activity.






43. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






44. ICMP Type/Code 0-0






45. A social-engineering attack that manipulates the victim into calling the attacker for help.






46. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






47. A defined measure of service within a network system






48. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






49. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).






50. nmap







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests