Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






2. A string that represents the location of a web resource






3. The ability to trace actions performed on a system to a specific user or system entity.






4. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






5. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






6. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






7. Shifting responsibility from one party to another






8. The level of importance assigned to an IT asset






9. Paranoid scan timing






10. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






11. Port 31337






12. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






13. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






14. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






15. Port 137/138/139






16. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






17. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






18. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






19. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






20. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






21. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






22. The combination of all IT assets - resources - components - and systems.






23. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






24. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






25. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






26. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






27. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






28. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






29. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






30. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






31. A systematic process for the assessment of security vulnerabilities.






32. The process of embedding information into a digital signal in a way that makes it difficult to remove.






33. Port 135






34. RPC Scan






35. An organized collection of data.






36. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






37. TCP Ping






38. Policy stating what users of a system can and cannot do with the organization's assets.






39. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






40. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






41. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






42. Using conversation or some other interaction between people to gather useful information.






43. Microsoft SID 500






44. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






45. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






46. Port 110






47. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






48. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






49. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






50. Polite scan timing







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests