Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






2. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption






3. An attack that exploits the common mistake many people make when installing operating systems






4. Normal scan timing






5. Transmitting one protocol encapsulated inside another protocol.






6. The software product or system that is the subject of an evaluation.






7. Port 22






8. The process of recording activity on a system for monitoring and later review.






9. A communications protocol used for browsing the Internet.






10. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






11. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






12. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






13. A wireless networking mode where all clients connect to the wireless network through a central access point.






14. Cracking Tools






15. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






16. TCP Ping






17. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






18. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






19. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






20. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






21. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






22. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






23. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.






24. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






25. The process of using easily accessible DNS records to map a target network's internal hosts.






26. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






27. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






28. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






29. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






30. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






31. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






32. Vulnerability Scanning






33. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






34. Shifting responsibility from one party to another






35. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






36. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






37. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






38. A systematic process for the assessment of security vulnerabilities.






39. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






40. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






41. Paranoid scan timing






42. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.






43. Metamorphic Virus






44. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






45. White box test






46. Using conversation or some other interaction between people to gather useful information.






47. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






48. Black box test






49. A list of IP addresses and corresponding MAC addresses stored on a local computer.






50. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests