Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






2. Xmas Tree scan






3. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






4. A protocol that allows a client computer to request services from a server and the server to return the results.






5. An adapter that provides the physical connection to send and receive data between the computer and the network media.






6. An attack that exploits the common mistake many people make when installing operating systems






7. A virus written in a macro language and usually embedded in document or spreadsheet files.






8. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.






9. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






10. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






11. The process of recording activity on a system for monitoring and later review.






12. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






13. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






14. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






15. The level of importance assigned to an IT asset






16. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






17. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






18. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






19. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






20. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






21. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






22. Port 80/81/8080






23. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






24. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






25. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






26. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col






27. Idlescan






28. An early network application that provides information on users currently logged on to a machine.






29. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






30. 18 U.S.C. 1030






31. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






32. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.






33. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






34. ICMP Type/Code 8






35. The condition of a resource being ready for use and accessible by authorized users.






36. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






37. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






38. Black box test






39. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






40. Polymorphic Virus






41. A file system used by the Mac OS.






42. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






43. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






44. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).






45. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






46. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






47. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






48. A software or hardware application or device that captures user keystrokes.






49. White box test






50. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.