Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process of embedding information into a digital signal in a way that makes it difficult to remove.






2. Normal scan timing






3. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






4. The steps taken to gather evidence and information on the targets you wish to attack.






5. Paranoid scan timing






6. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






7. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






8. Wrapper or Binder






9. Phases of an attack






10. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






11. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.






12. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






13. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






14. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






15. Xmas Tree scan






16. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






17. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






18. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






19. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.






20. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






21. TCP SYN Scan






22. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






23. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






24. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






25. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a






26. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






27. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.






28. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






29. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






30. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






31. 18 U.S.C. 1029






32. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






33. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






34. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






35. A computer process that requests a service from another computer and accepts the server's responses.






36. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






37. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






38. A point of reference used to mark an initial state in order to manage change.






39. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






40. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






41. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






42. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






43. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






44. An early network application that provides information on users currently logged on to a machine.






45. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






46. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






47. A defined measure of service within a network system






48. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






49. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






50. Hex 04