Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






2. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






3. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






4. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






5. Computer software or hardware that can intercept and log traffic passing over a digital network.






6. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






7. A protocol used to pass control and error messages between nodes on the Internet.






8. Two or more LANs connected by a high-speed line across a large geographical area.






9. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






10. Hashing algorithm that results in a 128-bit output.






11. A social-engineering attack that manipulates the victim into calling the attacker for help.






12. Establish Null Session






13. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






14. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.






15. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






16. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






17. Port 135






18. 18 U.S.C. 1029






19. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






20. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






21. Microsoft SID 500






22. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






23. Any network incident that prompts some kind of log entry or other notification.






24. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






25. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






26. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






27. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






28. The lack of clocking (imposed time ordering) on a bit stream.






29. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






30. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






31. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






32. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






33. An attack that combines a brute-force attack with a dictionary attack.






34. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






35. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.






36. FIN Scan






37. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






38. PI and PT Ping






39. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






40. TCP connect() scan






41. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






42. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






43. Policy stating what users of a system can and cannot do with the organization's assets.






44. Access by information systems (or users) communicating from outside the information system security perimeter.






45. An early network application that provides information on users currently logged on to a machine.






46. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






47. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






48. White box test






49. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






50. LM Hash for short passwords (under 7)






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests