Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Name given to expert groups that handle computer security incidents.






2. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






3. A type of encryption where the same key is used to encrypt and decrypt the message.






4. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






5. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






6. don't ping






7. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






8. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.






9. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






10. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






11. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






12. A systematic process for the assessment of security vulnerabilities.






13. Port 389






14. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






15. A storage buffer that transparently stores data so future requests for the same data can be served faster.






16. ACK Scan






17. A protocol for exchanging packets over a serial line.






18. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






19. A device providing temporary - on-demand - point-to-point network access to users.






20. The combination of all IT assets - resources - components - and systems.






21. Port 31337






22. An early network application that provides information on users currently logged on to a machine.






23. A virus that plants itself in a system's boot sector and infects the master boot record.






24. The Security Accounts Manager file in Windows stores all the password hashes for the system.






25. Polite scan timing






26. A small Trojan program that listens on port 777.






27. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






28. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






29. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






30. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






31. Attacks on the actual programming code of an application.






32. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






33. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






34. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi






35. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






36. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col






37. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






38. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






39. Metamorphic Virus






40. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






41. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






42. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






43. Xmas Tree scan






44. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






45. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






46. nmap all output






47. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






48. UDP Scan






49. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






50. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.