Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ex 02






2. Hex 14






3. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






4. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






5. A host designed to collect data on suspicious activity.






6. The condition of a resource being ready for use and accessible by authorized users.






7. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






8. Access by information systems (or users) communicating from outside the information system security perimeter.






9. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






10. An Application layer protocol for managing devices on an IP network.






11. Establish Null Session






12. A protocol used for sending and receiving log information for nodes on a network.






13. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.






14. A communications protocol used for browsing the Internet.






15. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






16. The potential for damage to or loss of an IT asset






17. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






18. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






19. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.






20. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






21. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






22. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






23. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






24. The Security Accounts Manager file in Windows stores all the password hashes for the system.






25. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






26. TCP Ping






27. Injecting traffic into the network to identify the operating system of a device.






28. A string that represents the location of a web resource






29. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






30. Shifting responsibility from one party to another






31. Microsoft SID 500






32. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






33. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






34. Port 31337






35. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






36. An attack that exploits the common mistake many people make when installing operating systems






37. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






38. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






39. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






40. 18 U.S.C. 1030






41. MAC Flooding






42. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






43. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






44. A group of experts that handles computer security incidents.






45. Aggressive scan timing






46. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






47. UDP Scan






48. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






49. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






50. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.