Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.






2. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






3. A device on a network.






4. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






5. An early network application that provides information on users currently logged on to a machine.






6. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






7. 18 U.S.C. 1030






8. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






9. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






10. Access by information systems (or users) communicating from outside the information system security perimeter.






11. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






12. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






13. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






14. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






15. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






16. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






17. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






18. Nmap grepable output






19. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






20. TCP SYN Scan






21. The process of embedding information into a digital signal in a way that makes it difficult to remove.






22. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






23. Port 161/162






24. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






25. ICMP Type/Code 3-13






26. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






27. The lack of clocking (imposed time ordering) on a bit stream.






28. The level of importance assigned to an IT asset






29. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.






30. PI and PT Ping






31. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






32. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






33. A routing protocol developed to be used within a single organization.






34. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman






35. The Security Accounts Manager file in Windows stores all the password hashes for the system.






36. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






37. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.






38. A business - government agency - or educational institution that provides access to the Internet.






39. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






40. The art and science of creating a covert message or image within another message - image - audio - or video file.






41. Sneaky scan timing






42. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






43. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






44. Hex 04






45. A social-engineering attack using computer resources - such as e-mail or IRC.






46. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






47. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






48. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






49. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.






50. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.