Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Normal scan timing






2. Hex 04






3. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






4. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






5. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






6. FIN Scan






7. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






8. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






9. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






10. A computer network confined to a relatively small area - such as a single building or campus.






11. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






12. A virus designed to infect the master boot record.






13. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






14. ICMP Type/Code 0-0






15. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






16. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






17. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






18. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






19. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






20. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






21. Network Scanning






22. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






23. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






24. An Application layer protocol for managing devices on an IP network.






25. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






26. The monetary value assigned to an IT asset.






27. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.






28. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






29. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






30. Any item of value or worth to an organization - whether physical or virtual.






31. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






32. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






33. UDP Scan






34. Sneaky scan timing






35. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






36. Version Detection Scan






37. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






38. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






39. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.






40. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






41. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






42. White hat






43. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






44. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






45. Attacks on the actual programming code of an application.






46. A group of experts that handles computer security incidents.






47. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






48. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






49. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






50. ICMP Ping






Can you answer 50 questions in 15 minutes?



Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests