Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






2. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






3. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






4. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






5. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






6. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






7. Nmap grepable output






8. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






9. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






10. The default network authentication suite of protocols for Windows NT 4.0






11. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






12. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






13. The Security Accounts Manager file in Windows stores all the password hashes for the system.






14. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






15. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






16. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






17. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






18. The process of recording activity on a system for monitoring and later review.






19. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






20. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






21. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.






22. A group of people - gathered together by a business entity - working to address a specific problem or goal.






23. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.






24. The ability to trace actions performed on a system to a specific user or system entity.






25. Nmap normal output






26. A host designed to collect data on suspicious activity.






27. A data encryption/decryption program often used for e-mail and file storage.






28. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






29. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






30. A type of malware that covertly collects information about a user.






31. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






32. Black hat






33. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






34. A social-engineering attack using computer resources - such as e-mail or IRC.






35. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






36. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






37. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






38. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






39. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






40. A computer process that requests a service from another computer and accepts the server's responses.






41. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.






42. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






43. An organized collection of data.






44. A Windows-based GUI version of nmap.






45. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






46. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






47. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






48. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






49. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






50. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP