Test your basic knowledge |

CEH: Certified Ethical Hacker

  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.

2. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.

3. A protocol that allows a client computer to request services from a server and the server to return the results.

4. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.

5. Port 110

6. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.

7. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.

8. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.

9. A portion of memory used to temporarily store output or input data.

10. NSA

11. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.

12. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.

13. A group of experts that handles computer security incidents.

14. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.

15. Used for exchanging structured information - such as XML-based messages - in the implementation of web services

16. Shifting responsibility from one party to another

17. The process of determining if a network entity (user or service) is legitimate

18. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action

19. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.

20. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.

21. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.

22. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c

23. A documented process for a procedure designed to be consistent - repeatable - and accountable.

24. The change or growth of a project's scope

25. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.

26. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.

27. Polite scan timing

28. An evaluation conducted to determine the potential for damage to or loss of an IT asset.

29. A communications protocol used for browsing the Internet.

30. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.

31. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.

32. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.

33. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.

34. ICMP Timestamp

35. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.

36. A systematic process for the assessment of security vulnerabilities.

37. Recording the time - normally in a log file - when an event happens or when information is created or modified.

38. White box test

39. Idlescan

40. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.

41. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.

42. Evaluation in which testers attempt to penetrate the network.

43. Ports 20/21

44. Polymorphic Virus

45. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.

46. A group of people - gathered together by a business entity - working to address a specific problem or goal.

47. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.

48. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.

49. An Application layer protocol for sending electronic mail between servers.

50. ex 02