Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






2. Port 22






3. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






4. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






5. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






6. Hashing algorithm that results in a 128-bit output.






7. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






8. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






9. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






10. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






11. The potential for damage to or loss of an IT asset






12. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






13. Hex 12






14. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






15. Port 389






16. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.






17. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






18. A computer virus that infects and spreads in multiple ways.






19. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






20. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






21. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.






22. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






23. A device providing temporary - on-demand - point-to-point network access to users.






24. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






25. TCP SYN Scan






26. A string that represents the location of a web resource






27. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






28. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






29. A group of experts that handles computer security incidents.






30. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.






31. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






32. An early network application that provides information on users currently logged on to a machine.






33. Black hat






34. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






35. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).






36. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.






37. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






38. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door






39. Microsoft SID 500






40. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






41. ICMP Type/Code 0-0






42. Ports 20/21






43. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






44. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






45. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






46. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






47. Nmap grepable output






48. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






49. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






50. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests