Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.






2. A social-engineering attack using computer resources - such as e-mail or IRC.






3. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






4. Computer software or hardware that can intercept and log traffic passing over a digital network.






5. The condition of a resource being ready for use and accessible by authorized users.






6. Network Scanning






7. Port 80/81/8080






8. ICMP Timestamp






9. A computer process that requests a service from another computer and accepts the server's responses.






10. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






11. NSA






12. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.






13. Directory Transversal






14. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






15. Port 22






16. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






17. ICMP Ping






18. FIN Scan






19. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






20. ex 02






21. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






22. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






23. Attacks on the actual programming code of an application.






24. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






25. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






26. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






27. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






28. Nmap normal output






29. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






30. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






31. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






32. The ability to trace actions performed on a system to a specific user or system entity.






33. Vulnerability Scanning






34. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






35. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






36. nmap all output






37. A protocol for exchanging packets over a serial line.






38. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






39. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






40. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






41. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






42. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.






43. A type of encryption where the same key is used to encrypt and decrypt the message.






44. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).






45. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






46. Hex 29






47. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






48. Access by information systems (or users) communicating from outside the information system security perimeter.






49. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.






50. A routing protocol developed to be used within a single organization.