Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Recording the time - normally in a log file - when an event happens or when information is created or modified.






2. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






3. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






4. Directing a protocol from one port to another.






5. A social-engineering attack that manipulates the victim into calling the attacker for help.






6. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






7. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






8. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






9. The process of using easily accessible DNS records to map a target network's internal hosts.






10. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






11. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.






12. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






13. Insane scan timing






14. A virus that plants itself in a system's boot sector and infects the master boot record.






15. A virus designed to infect the master boot record.






16. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






17. Sneaky scan timing






18. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






19. A protocol for exchanging packets over a serial line.






20. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






21. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






22. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






23. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






24. The transmission of digital signals without precise clocking or synchronization.






25. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






26. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






27. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






28. A systematic process for the assessment of security vulnerabilities.






29. Vulnerability Scanning






30. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






31. The change or growth of a project's scope






32. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.






33. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






34. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






35. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






36. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






37. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






38. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






39. Nmap ml output






40. An organized collection of data.






41. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






42. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






43. Port 88






44. SYN Ping






45. A command used in HTTP and FTP to retrieve a file from a server.






46. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






47. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






48. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






49. 18 U.S.C. 1029






50. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.