Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






2. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






3. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door






4. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






5. A protocol used to pass control and error messages between nodes on the Internet.






6. Idlescan






7. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.






8. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






9. White box test






10. Vulnerability Scanning






11. A method of external testing whereby several systems or resources are used together to effect an attack.






12. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






13. don't ping






14. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






15. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






16. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






17. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






18. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






19. Port 161/162






20. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.






21. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






22. The steps taken to gather evidence and information on the targets you wish to attack.






23. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






24. A Canonical Name record within DNS - used to provide an alias for a domain name.






25. The lack of clocking (imposed time ordering) on a bit stream.






26. A portion of memory used to temporarily store output or input data.






27. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






28. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.






29. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.






30. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






31. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






32. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






33. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.






34. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.






35. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






36. Hashing algorithm that results in a 128-bit output.






37. A command used in HTTP and FTP to retrieve a file from a server.






38. An Application layer protocol for managing devices on an IP network.






39. Recording the time - normally in a log file - when an event happens or when information is created or modified.






40. Hex 14






41. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






42. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






43. A document describing information security guidelines - policies - procedures - and standards.






44. A type of encryption where the same key is used to encrypt and decrypt the message.






45. Sneaky scan timing






46. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






47. Port 389






48. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






49. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






50. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.