Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






2. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






3. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






4. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






5. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






6. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






7. A file system used by the Mac OS.






8. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






9. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it






10. The default network authentication suite of protocols for Windows NT 4.0






11. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






12. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






13. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






14. An informed decision to accept the potential for damage to or loss of an IT asset.






15. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






16. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






17. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






18. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






19. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






20. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






21. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.






22. SYN Ping






23. Port 53






24. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






25. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






26. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.






27. A virus that plants itself in a system's boot sector and infects the master boot record.






28. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






29. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.






30. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






31. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






32. Insane scan timing






33. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






34. Using conversation or some other interaction between people to gather useful information.






35. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






36. Port 88






37. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






38. The process of recording activity on a system for monitoring and later review.






39. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






40. Microsoft SID 500






41. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).






42. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.






43. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






44. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






45. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






46. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






47. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






48. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






49. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






50. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or