Test your basic knowledge |

CEH: Certified Ethical Hacker

  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.

2. Two or more LANs connected by a high-speed line across a large geographical area.

3. The act of dialing all numbers within an organization to discover open modems.

4. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.

5. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.

6. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.

7. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.

8. Normal scan timing

9. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it

10. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive

11. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).

12. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.

13. A device providing temporary - on-demand - point-to-point network access to users.

14. Xmas Tree scan

15. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.

16. A Canonical Name record within DNS - used to provide an alias for a domain name.

17. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.

18. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.

19. Access by information systems (or users) communicating from outside the information system security perimeter.

20. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.

21. Evaluation in which testers attempt to penetrate the network.

22. Safeguards or countermeasures to avoid - counteract - or minimize security risks.

23. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.

24. IP Protocol Scan

25. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.

26. A denial-of-service technique that uses numerous hosts to perform the attack.

27. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.

28. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.

29. The monetary value assigned to an IT asset.

30. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private

31. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.

32. A type of malware that covertly collects information about a user.

33. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.

34. 18 U.S.C. 1030

35. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.

36. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.

37. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr

38. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.

39. Incremental Substitution

40. The transmission of digital signals without precise clocking or synchronization.

41. Port 161/162

42. ICMP Ping

43. The Security Accounts Manager file in Windows stores all the password hashes for the system.

44. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.

45. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.

46. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action

47. An attack that exploits the common mistake many people make when installing operating systems

48. A routing protocol developed to be used within a single organization.

49. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.

50. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.