Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






2. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






3. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






4. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.






5. A person or entity indirectly involved in a relationship between two principles.






6. A social-engineering attack that manipulates the victim into calling the attacker for help.






7. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






8. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






9. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






10. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






11. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






12. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






13. The ability to trace actions performed on a system to a specific user or system entity.






14. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






15. A method of external testing whereby several systems or resources are used together to effect an attack.






16. The monetary value assigned to an IT asset.






17. A command used in HTTP and FTP to retrieve a file from a server.






18. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks






19. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






20. Any network incident that prompts some kind of log entry or other notification.






21. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






22. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






23. LM Hash for short passwords (under 7)






24. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






25. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






26. An informed decision to accept the potential for damage to or loss of an IT asset.






27. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






28. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.






29. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






30. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






31. A small Trojan program that listens on port 777.






32. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






33. Cracking Tools






34. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






35. Microsoft SID 500






36. nmap all output






37. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col






38. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






39. Ports 20/21






40. Paranoid scan timing






41. FIN Scan






42. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






43. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






44. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






45. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






46. The software product or system that is the subject of an evaluation.






47. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






48. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






49. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can






50. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests