Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






2. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






3. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






4. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






5. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






6. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






7. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






8. An evaluation conducted to determine the potential for damage to or loss of an IT asset.






9. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






10. Idlescan






11. Monitoring of telephone or Internet conversations - typically by covert means.






12. A social-engineering attack that manipulates the victim into calling the attacker for help.






13. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






14. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






15. A software or hardware defect that often results in system vulnerabilities.






16. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






17. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






18. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






19. A small Trojan program that listens on port 777.






20. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






21. RPC Scan






22. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






23. A routing protocol developed to be used within a single organization.






24. don't ping






25. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






26. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






27. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






28. Network Scanning






29. The steps taken to gather evidence and information on the targets you wish to attack.






30. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






31. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






32. 18 U.S.C. 1030






33. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.






34. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).






35. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






36. ICMP Netmask






37. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi






38. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






39. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






40. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






41. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






42. Formal description and evaluation of the vulnerabilities in an information system






43. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.






44. Hex 12






45. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






46. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






47. The change or growth of a project's scope






48. IP Protocol Scan






49. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






50. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.