Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A file system used by the Mac OS.






2. ICMP Type/Code 3






3. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






4. ICMP Type/Code 8






5. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






6. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






7. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.






8. White hat






9. A record showing which user has accessed a given resource and what operations the user performed during a given period.






10. Port 135






11. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






12. A type of encryption where the same key is used to encrypt and decrypt the message.






13. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






14. The transmission of digital signals without precise clocking or synchronization.






15. Hex 14






16. FIN Scan






17. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






18. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






19. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






20. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






21. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






22. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






23. Evaluation in which testers attempt to penetrate the network.






24. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






25. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).






26. An Application layer protocol for managing devices on an IP network.






27. Name given to expert groups that handle computer security incidents.






28. List Scan






29. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






30. ICMP Ping






31. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






32. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






33. nmap






34. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






35. A group of people - gathered together by a business entity - working to address a specific problem or goal.






36. ex 02






37. The change or growth of a project's scope






38. The monetary value assigned to an IT asset.






39. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






40. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






41. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.






42. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






43. TCP connect() scan






44. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






45. A defined measure of service within a network system






46. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






47. The act of dialing all numbers within an organization to discover open modems.






48. IP Protocol Scan






49. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all






50. An attack that exploits the common mistake many people make when installing operating systems