Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Evaluation in which testers attempt to penetrate the network.






2. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






3. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






4. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






5. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






6. An early network application that provides information on users currently logged on to a machine.






7. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






8. Port 80/81/8080






9. ICMP Timestamp






10. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






11. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






12. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






13. The steps taken to gather evidence and information on the targets you wish to attack.






14. White box test






15. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






16. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






17. TCP Ping






18. A type of malware that covertly collects information about a user.






19. Sneaky scan timing






20. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






21. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






22. A type of encryption where the same key is used to encrypt and decrypt the message.






23. Directory Transversal






24. NSA






25. The concept of having more than one person required to complete a task






26. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.






27. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






28. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






29. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






30. The default network authentication suite of protocols for Windows NT 4.0






31. A point of reference used to mark an initial state in order to manage change.






32. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






33. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






34. An Internet routing protocol used to exchange routing information within an autonomous system.






35. Another term for firewalking






36. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






37. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






38. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






39. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






40. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






41. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






42. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






43. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






44. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






45. IP Protocol Scan






46. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






47. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






48. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






49. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






50. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.