Test your basic knowledge |

CEH: Certified Ethical Hacker

  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.

2. The potential for damage to or loss of an IT asset

3. Port 161/162

4. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).

5. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.

6. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.

7. Safeguards or countermeasures to avoid - counteract - or minimize security risks.

8. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.

9. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.

10. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.

11. Port 31337

12. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).

13. The change or growth of a project's scope

14. A denial-of-service technique that uses numerous hosts to perform the attack.

15. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.

16. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.

17. The process of embedding information into a digital signal in a way that makes it difficult to remove.

18. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.

19. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.

20. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.

21. Black hat

22. Nmap ml output

23. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.

24. TCP SYN Scan

25. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.

26. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is

27. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.

28. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.

29. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.

30. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)

31. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.

32. A computer process that requests a service from another computer and accepts the server's responses.

33. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.

34. FTP Bounce Attack

35. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or

36. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.

37. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.

38. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.

39. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.

40. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -

41. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.

42. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.

43. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.

44. Nmap normal output

45. A file system used by the Mac OS.

46. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.

47. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.

48. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.

49. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.

50. Xmas Tree scan