Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack that combines a brute-force attack with a dictionary attack.






2. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






3. FIN Scan






4. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






5. Computer software or hardware that can intercept and log traffic passing over a digital network.






6. The monetary value assigned to an IT asset.






7. Port 53






8. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






9. ex 02






10. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






11. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






12. The art and science of creating a covert message or image within another message - image - audio - or video file.






13. Phases of an attack






14. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






15. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






16. LM Hash for short passwords (under 7)






17. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






18. A document describing information security guidelines - policies - procedures - and standards.






19. A data encryption/decryption program often used for e-mail and file storage.






20. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






21. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






22. The process of using easily accessible DNS records to map a target network's internal hosts.






23. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can






24. A computer network confined to a relatively small area - such as a single building or campus.






25. An attack that is direct in nature - usually where the attacker injects something into - or otherwise alters - the network or system target.






26. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






27. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






28. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






29. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






30. Controls to detect anomalies or undesirable events occurring on a system.






31. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






32. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






33. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






34. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






35. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.






36. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






37. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






38. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






39. A group of people - gathered together by a business entity - working to address a specific problem or goal.






40. Evaluation in which testers attempt to penetrate the network.






41. A protocol defining packets that are able to be routed by a router.






42. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






43. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






44. ICMP Type/Code 0-0






45. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






46. Another term for firewalking






47. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






48. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






49. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






50. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.