Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






2. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






3. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






4. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






5. Nmap normal output






6. FTP Bounce Attack






7. Incremental Substitution






8. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






9. A computer network confined to a relatively small area - such as a single building or campus.






10. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






11. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






12. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






13. Recording the time - normally in a log file - when an event happens or when information is created or modified.






14. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






15. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






16. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






17. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






18. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






19. Shifting responsibility from one party to another






20. A virus that plants itself in a system's boot sector and infects the master boot record.






21. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






22. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






23. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






24. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






25. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






26. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






27. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.






28. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






29. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






30. Any network incident that prompts some kind of log entry or other notification.






31. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






32. Port 22






33. 18 U.S.C. 1030






34. Nmap ml output






35. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere






36. Black box test






37. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






38. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






39. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






40. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






41. ICMP Type/Code 8






42. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






43. Computer software or hardware that can intercept and log traffic passing over a digital network.






44. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






45. The monetary value assigned to an IT asset.






46. Using conversation or some other interaction between people to gather useful information.






47. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






48. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






49. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






50. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.






Can you answer 50 questions in 15 minutes?



Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests