Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






2. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






3. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






4. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






5. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






6. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






7. FTP Bounce Attack






8. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






9. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






10. The conveying of official access or legal power to a person or entity.






11. Sneaky scan timing






12. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






13. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






14. ICMP Timestamp






15. Polite scan timing






16. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.






17. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






18. 18 U.S.C. 1030






19. A program designed to execute at a specific time to release malicious code onto the computer system or network.






20. LM Hash for short passwords (under 7)






21. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.






22. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






23. Cracking Tools






24. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






25. The process of using easily accessible DNS records to map a target network's internal hosts.






26. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






27. Hex 04






28. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






29. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






30. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






31. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






32. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






33. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






34. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






35. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






36. A method of external testing whereby several systems or resources are used together to effect an attack.






37. The level of importance assigned to an IT asset






38. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






39. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






40. Window Scan






41. A protocol used for sending and receiving log information for nodes on a network.






42. Port 137/138/139






43. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






44. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






45. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






46. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






47. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.






48. Controls to detect anomalies or undesirable events occurring on a system.






49. Port 31337






50. IP Protocol Scan







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests