Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






2. A protocol used to pass control and error messages between nodes on the Internet.






3. A software or hardware application or device that captures user keystrokes.






4. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






5. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






6. nmap






7. A data encryption/decryption program often used for e-mail and file storage.






8. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






9. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






10. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






11. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






12. A device on a network.






13. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






14. Port 135






15. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






16. A protocol defining packets that are able to be routed by a router.






17. Another term for firewalking






18. An informed decision to accept the potential for damage to or loss of an IT asset.






19. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






20. Hex 10






21. The combination of all IT assets - resources - components - and systems.






22. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.






23. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






24. A type of malware that covertly collects information about a user.






25. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






26. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






27. An Internet routing protocol used to exchange routing information within an autonomous system.






28. CAN-SPAM






29. The conveying of official access or legal power to a person or entity.






30. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






31. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.






32. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






33. A communications protocol used for browsing the Internet.






34. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






35. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






36. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






37. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






38. A routing protocol developed to be used within a single organization.






39. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






40. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.






41. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






42. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






43. ICMP Type/Code 0-0






44. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






45. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






46. NSA






47. A protocol that allows a client computer to request services from a server and the server to return the results.






48. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






49. Controls to detect anomalies or undesirable events occurring on a system.






50. Port 88