Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The conveying of official access or legal power to a person or entity.






2. Establish Null Session






3. A data encryption/decryption program often used for e-mail and file storage.






4. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






5. A protocol used for sending and receiving log information for nodes on a network.






6. White box test






7. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






8. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






9. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






10. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






11. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






12. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






13. Hex 29






14. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






15. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






16. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






17. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






18. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






19. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






20. Version Detection Scan






21. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






22. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






23. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






24. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






25. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






26. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






27. Polymorphic Virus






28. The process of using easily accessible DNS records to map a target network's internal hosts.






29. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






30. Cracking Tools






31. Port 135






32. Port 137/138/139






33. Paranoid scan timing






34. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






35. Controls to detect anomalies or undesirable events occurring on a system.






36. Access by information systems (or users) communicating from outside the information system security perimeter.






37. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






38. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






39. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






40. An attack that combines a brute-force attack with a dictionary attack.






41. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






42. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






43. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door






44. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






45. The potential for damage to or loss of an IT asset






46. A point of reference used to mark an initial state in order to manage change.






47. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






48. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






49. Port 22






50. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.