Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A defined measure of service within a network system






2. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






3. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






4. A computer process that requests a service from another computer and accepts the server's responses.






5. The process of using easily accessible DNS records to map a target network's internal hosts.






6. The steps taken to gather evidence and information on the targets you wish to attack.






7. A documented process for a procedure designed to be consistent - repeatable - and accountable.






8. A systematic process for the assessment of security vulnerabilities.






9. Window Scan






10. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






11. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






12. Phases of an attack






13. A protocol for exchanging packets over a serial line.






14. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






15. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






16. Formal description and evaluation of the vulnerabilities in an information system






17. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






18. Xmas Tree scan






19. FIN Scan






20. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






21. Polite scan timing






22. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






23. The condition of a resource being ready for use and accessible by authorized users.






24. An organized collection of data.






25. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






26. The ability to trace actions performed on a system to a specific user or system entity.






27. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






28. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






29. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






30. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






31. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






32. A computer file system architecture used in Windows - OS/2 - and most memory cards.






33. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






34. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






35. The level of importance assigned to an IT asset






36. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






37. Policy stating what users of a system can and cannot do with the organization's assets.






38. Monitoring of telephone or Internet conversations - typically by covert means.






39. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.






40. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets






41. Aggressive scan timing






42. nmap all output






43. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






44. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






45. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






46. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






47. An attack that exploits the common mistake many people make when installing operating systems






48. Incremental Substitution






49. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






50. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.