Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere






2. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.






3. A Windows-based GUI version of nmap.






4. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






5. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






6. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






7. The default network authentication suite of protocols for Windows NT 4.0






8. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






9. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






10. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






11. RPC Scan






12. Any item of value or worth to an organization - whether physical or virtual.






13. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






14. An attack that combines a brute-force attack with a dictionary attack.






15. FTP Bounce Attack






16. The concept of having more than one person required to complete a task






17. Policy stating what users of a system can and cannot do with the organization's assets.






18. A virus designed to infect the master boot record.






19. The Security Accounts Manager file in Windows stores all the password hashes for the system.






20. 18 U.S.C. 1030






21. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






22. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






23. Cracking Tools






24. Port 389






25. A computer virus that infects and spreads in multiple ways.






26. The process of using easily accessible DNS records to map a target network's internal hosts.






27. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






28. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






29. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






30. A string that represents the location of a web resource






31. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






32. Paranoid scan timing






33. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






34. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t






35. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






36. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






37. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






38. Black hat






39. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






40. Evaluation in which testers attempt to penetrate the network.






41. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






42. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






43. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.






44. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






45. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






46. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






47. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






48. Window Scan






49. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






50. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.