Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






2. Hashing algorithm that results in a 128-bit output.






3. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






4. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






5. Hex 04






6. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






7. An Application layer protocol for managing devices on an IP network.






8. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






9. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






10. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






11. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






12. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.






13. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






14. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






15. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






16. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






17. Formal description and evaluation of the vulnerabilities in an information system






18. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






19. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.






20. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






21. The Security Accounts Manager file in Windows stores all the password hashes for the system.






22. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






23. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






24. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






25. An attack that exploits the common mistake many people make when installing operating systems






26. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






27. Black hat






28. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






29. ex 02






30. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






31. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






32. Idlescan






33. A denial-of-service technique that uses numerous hosts to perform the attack.






34. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it






35. The concept of having more than one person required to complete a task






36. Ports 20/21






37. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






38. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






39. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






40. A virus that plants itself in a system's boot sector and infects the master boot record.






41. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






42. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






43. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






44. The act of dialing all numbers within an organization to discover open modems.






45. Policy stating what users of a system can and cannot do with the organization's assets.






46. ICMP Netmask






47. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






48. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






49. Shifting responsibility from one party to another






50. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.