Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The software product or system that is the subject of an evaluation.






2. Port 389






3. A person or entity indirectly involved in a relationship between two principles.






4. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






5. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






6. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






7. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






8. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






9. Any item of value or worth to an organization - whether physical or virtual.






10. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.






11. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






12. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






13. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






14. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






15. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






16. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






17. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.






18. MAC Flooding






19. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






20. Hex 04






21. The condition of a resource being ready for use and accessible by authorized users.






22. The exploitation of a security vulnerability






23. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






24. 18 U.S.C. 1029






25. Paranoid scan timing






26. nmap






27. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






28. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






29. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






30. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






31. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






32. A small Trojan program that listens on port 777.






33. ACK Scan






34. Ports 20/21






35. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






36. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






37. Port 22






38. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






39. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






40. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






41. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






42. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






43. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






44. A protocol used to pass control and error messages between nodes on the Internet.






45. Port 110






46. Establish Null Session






47. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






48. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.






49. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






50. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests