Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A computer process that requests a service from another computer and accepts the server's responses.






2. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






3. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






4. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






5. Policy stating what users of a system can and cannot do with the organization's assets.






6. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






7. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






8. The art and science of creating a covert message or image within another message - image - audio - or video file.






9. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






10. A point of reference used to mark an initial state in order to manage change.






11. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






12. A method of external testing whereby several systems or resources are used together to effect an attack.






13. Hex 04






14. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






15. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






16. A computer virus that infects and spreads in multiple ways.






17. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a






18. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






19. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






20. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it






21. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






22. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






23. Phases of an attack






24. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






25. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






26. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






27. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






28. Vulnerability Scanning






29. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






30. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






31. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






32. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






33. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






34. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






35. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.






36. Injecting traffic into the network to identify the operating system of a device.






37. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






38. Sneaky scan timing






39. Any network incident that prompts some kind of log entry or other notification.






40. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






41. The software product or system that is the subject of an evaluation.






42. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






43. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






44. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






45. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






46. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






47. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






48. An organized collection of data.






49. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






50. Port 161/162