Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






2. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






3. A command used in HTTP and FTP to retrieve a file from a server.






4. nmap






5. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






6. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






7. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






8. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






9. PI and PT Ping






10. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






11. Hex 04






12. The process of determining if a network entity (user or service) is legitimate






13. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






14. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






15. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






16. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






17. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






18. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






19. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






20. A device on a network.






21. Polymorphic Virus






22. A software or hardware defect that often results in system vulnerabilities.






23. Hashing algorithm that results in a 128-bit output.






24. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it






25. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






26. Window Scan






27. Establish Null Session






28. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






29. ICMP Type/Code 3-13






30. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






31. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






32. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






33. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






34. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






35. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






36. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






37. A protocol used to pass control and error messages between nodes on the Internet.






38. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






39. A small Trojan program that listens on port 777.






40. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






41. Policy stating what users of a system can and cannot do with the organization's assets.






42. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






43. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






44. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






45. A virus designed to infect the master boot record.






46. Port 53






47. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






48. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






49. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






50. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.