Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






2. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






3. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






4. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






5. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






6. A point of reference used to mark an initial state in order to manage change.






7. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






8. PI and PT Ping






9. Phases of an attack






10. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






11. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






12. A list of IP addresses and corresponding MAC addresses stored on a local computer.






13. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






14. ICMP Type/Code 3-13






15. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






16. FIN Scan






17. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






18. CAN-SPAM






19. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door






20. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






21. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






22. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






23. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






24. A communications protocol used for browsing the Internet.






25. Vulnerability Scanning






26. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






27. A social-engineering attack that manipulates the victim into calling the attacker for help.






28. The software product or system that is the subject of an evaluation.






29. A small Trojan program that listens on port 777.






30. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






31. Recording the time - normally in a log file - when an event happens or when information is created or modified.






32. Name given to expert groups that handle computer security incidents.






33. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.






34. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






35. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






36. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






37. A computer network confined to a relatively small area - such as a single building or campus.






38. The steps taken to gather evidence and information on the targets you wish to attack.






39. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.






40. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






41. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






42. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






43. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






44. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.






45. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






46. The process of embedding information into a digital signal in a way that makes it difficult to remove.






47. A command used in HTTP and FTP to retrieve a file from a server.






48. A documented process for a procedure designed to be consistent - repeatable - and accountable.






49. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.






50. A program designed to execute at a specific time to release malicious code onto the computer system or network.