Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






2. Formal description and evaluation of the vulnerabilities in an information system






3. A computer process that requests a service from another computer and accepts the server's responses.






4. ICMP Netmask






5. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






6. don't ping






7. ICMP Type/Code 3






8. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.






9. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






10. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






11. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






12. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






13. The level of importance assigned to an IT asset






14. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






15. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






16. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






17. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






18. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






19. A protocol for exchanging packets over a serial line.






20. A computer file system architecture used in Windows - OS/2 - and most memory cards.






21. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






22. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






23. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






24. The monetary value assigned to an IT asset.






25. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






26. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






27. A program designed to execute at a specific time to release malicious code onto the computer system or network.






28. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






29. Version Detection Scan






30. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






31. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






32. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






33. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






34. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






35. A protocol that allows a client computer to request services from a server and the server to return the results.






36. A record showing which user has accessed a given resource and what operations the user performed during a given period.






37. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






38. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






39. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






40. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






41. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






42. Hex 04






43. A list of IP addresses and corresponding MAC addresses stored on a local computer.






44. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






45. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.






46. Window Scan






47. The steps taken to gather evidence and information on the targets you wish to attack.






48. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






49. A portion of memory used to temporarily store output or input data.






50. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.