Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The ability to trace actions performed on a system to a specific user or system entity.






2. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






3. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






4. don't ping






5. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






6. The potential for damage to or loss of an IT asset






7. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






8. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






9. Polite scan timing






10. A systematic process for the assessment of security vulnerabilities.






11. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






12. Port 88






13. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






14. White box test






15. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






16. 18 U.S.C. 1030






17. A protocol defining packets that are able to be routed by a router.






18. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






19. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






20. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






21. Directing a protocol from one port to another.






22. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






23. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).






24. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






25. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






26. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






27. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






28. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






29. Idlescan






30. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.






31. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






32. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






33. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






34. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






35. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






36. A type of malware that covertly collects information about a user.






37. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






38. A protocol that allows a client computer to request services from a server and the server to return the results.






39. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere






40. Monitoring of telephone or Internet conversations - typically by covert means.






41. The combination of all IT assets - resources - components - and systems.






42. A storage buffer that transparently stores data so future requests for the same data can be served faster.






43. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






44. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t






45. A type of encryption where the same key is used to encrypt and decrypt the message.






46. A protocol used for sending and receiving log information for nodes on a network.






47. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






48. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






49. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all






50. Looking over an authorized user's shoulder in order to steal information (such as authentication information).