Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A wireless networking mode where all clients connect to the wireless network through a central access point.






2. The transmission of digital signals without precise clocking or synchronization.






3. ICMP Type/Code 3-13






4. A documented process for a procedure designed to be consistent - repeatable - and accountable.






5. A social-engineering attack that manipulates the victim into calling the attacker for help.






6. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






7. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






8. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






9. Nmap ml output






10. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






11. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






12. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.






13. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






14. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






15. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.






16. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






17. A social-engineering attack using computer resources - such as e-mail or IRC.






18. ex 02






19. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






20. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






21. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






22. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






23. Normal scan timing






24. A protocol that allows a client computer to request services from a server and the server to return the results.






25. CAN-SPAM






26. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






27. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






28. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






29. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






30. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






31. The monetary value assigned to an IT asset.






32. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






33. The conveying of official access or legal power to a person or entity.






34. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






35. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.






36. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






37. A protocol defining packets that are able to be routed by a router.






38. Insane scan timing






39. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






40. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






41. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






42. ICMP Type/Code 11






43. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






44. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






45. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






46. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






47. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






48. nmap all output






49. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






50. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.