Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






2. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






3. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t






4. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






5. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






6. TCP connect() scan






7. Using conversation or some other interaction between people to gather useful information.






8. An evaluation conducted to determine the potential for damage to or loss of an IT asset.






9. Port 137/138/139






10. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






11. A communications protocol used for browsing the Internet.






12. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






13. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






14. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.






15. An informed decision to accept the potential for damage to or loss of an IT asset.






16. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






17. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






18. A host designed to collect data on suspicious activity.






19. Formal description and evaluation of the vulnerabilities in an information system






20. Phases of an attack






21. IP Protocol Scan






22. nmap all output






23. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






24. The potential for damage to or loss of an IT asset






25. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






26. The monetary value assigned to an IT asset.






27. Describes practices in production and development that promote access to the end product's source materials.






28. A person or entity indirectly involved in a relationship between two principles.






29. Hashing algorithm that results in a 128-bit output.






30. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






31. SYN Ping






32. The process of using easily accessible DNS records to map a target network's internal hosts.






33. ACK Scan






34. The ability to trace actions performed on a system to a specific user or system entity.






35. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






36. ICMP Type/Code 3-13






37. Directory Transversal






38. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






39. Hex 29






40. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






41. Aggressive scan timing






42. Port 161/162






43. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






44. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






45. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






46. A protocol used for sending and receiving log information for nodes on a network.






47. A protocol that allows a client computer to request services from a server and the server to return the results.






48. A virus written in a macro language and usually embedded in document or spreadsheet files.






49. The act of dialing all numbers within an organization to discover open modems.






50. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.