Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






2. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






3. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






4. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






5. Hex 14






6. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






7. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






8. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






9. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






10. FTP Bounce Attack






11. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






12. TCP Ping






13. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






14. Wrapper or Binder






15. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






16. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






17. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






18. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.






19. Using conversation or some other interaction between people to gather useful information.






20. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






21. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






22. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






23. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






24. The condition of a resource being ready for use and accessible by authorized users.






25. The conveying of official access or legal power to a person or entity.






26. The process of determining if a network entity (user or service) is legitimate






27. The act of dialing all numbers within an organization to discover open modems.






28. A Windows-based GUI version of nmap.






29. NSA






30. MAC Flooding






31. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






32. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).






33. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






34. A protocol used to pass control and error messages between nodes on the Internet.






35. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






36. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






37. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






38. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






39. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.






40. 18 U.S.C. 1029






41. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.






42. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






43. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






44. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.






45. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






46. A host designed to collect data on suspicious activity.






47. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.






48. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






49. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.






50. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.