Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






2. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






3. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






4. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






5. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






6. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






7. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






8. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






9. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.






10. A file system used by the Mac OS.






11. Directing a protocol from one port to another.






12. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






13. The process of using easily accessible DNS records to map a target network's internal hosts.






14. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






15. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






16. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






17. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






18. The monetary value assigned to an IT asset.






19. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






20. Ping Scan






21. Hex 10






22. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






23. Vulnerability Scanning






24. A free and popular version of the Unix operating system.






25. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






26. A record showing which user has accessed a given resource and what operations the user performed during a given period.






27. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






28. Normal scan timing






29. List Scan






30. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






31. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






32. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






33. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






34. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






35. A group of people - gathered together by a business entity - working to address a specific problem or goal.






36. A protocol defining packets that are able to be routed by a router.






37. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






38. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






39. An informed decision to accept the potential for damage to or loss of an IT asset.






40. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






41. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.






42. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






43. FIN Scan






44. The potential for damage to or loss of an IT asset






45. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






46. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






47. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






48. Any item of value or worth to an organization - whether physical or virtual.






49. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.






50. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col