Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






2. don't ping






3. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






4. A communications protocol used for browsing the Internet.






5. Recording the time - normally in a log file - when an event happens or when information is created or modified.






6. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






7. Shifting responsibility from one party to another






8. Port 135






9. A point of reference used to mark an initial state in order to manage change.






10. MAC Flooding






11. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






12. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman






13. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






14. The ability to trace actions performed on a system to a specific user or system entity.






15. A data encryption/decryption program often used for e-mail and file storage.






16. nmap






17. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






18. Idlescan






19. An Internet routing protocol used to exchange routing information within an autonomous system.






20. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.






21. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






22. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






23. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






24. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






25. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t






26. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






27. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






28. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






29. Vulnerability Scanning






30. A wireless networking mode where all clients connect to the wireless network through a central access point.






31. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






32. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






33. A list of IP addresses and corresponding MAC addresses stored on a local computer.






34. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col






35. The concept of having more than one person required to complete a task






36. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






37. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






38. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






39. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






40. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






41. The software product or system that is the subject of an evaluation.






42. A person or entity indirectly involved in a relationship between two principles.






43. A device providing temporary - on-demand - point-to-point network access to users.






44. An informed decision to accept the potential for damage to or loss of an IT asset.






45. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






46. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






47. ICMP Netmask






48. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






49. A computer network confined to a relatively small area - such as a single building or campus.






50. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.