Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The transmission of digital signals without precise clocking or synchronization.






2. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






3. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






4. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






5. A small Trojan program that listens on port 777.






6. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.






7. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






8. 18 U.S.C. 1029






9. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.






10. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






11. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






12. A defined measure of service within a network system






13. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






14. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






15. The software product or system that is the subject of an evaluation.






16. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






17. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






18. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






19. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






20. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






21. A data encryption/decryption program often used for e-mail and file storage.






22. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






23. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere






24. An informed decision to accept the potential for damage to or loss of an IT asset.






25. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






26. A portion of memory used to temporarily store output or input data.






27. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






28. A software or hardware application or device that captures user keystrokes.






29. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






30. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






31. Two or more LANs connected by a high-speed line across a large geographical area.






32. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






33. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






34. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






35. A group of experts that handles computer security incidents.






36. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).






37. Vulnerability Scanning






38. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






39. nmap all output






40. Nmap normal output






41. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






42. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






43. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






44. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a






45. The exploitation of a security vulnerability






46. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






47. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






48. Formal description and evaluation of the vulnerabilities in an information system






49. A wireless networking mode where all clients connect to the wireless network through a central access point.






50. Safeguards or countermeasures to avoid - counteract - or minimize security risks.