Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. PI and PT Ping






2. A data encryption/decryption program often used for e-mail and file storage.






3. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.






4. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






5. A defined measure of service within a network system






6. UDP Scan






7. A social-engineering attack that manipulates the victim into calling the attacker for help.






8. Policy stating what users of a system can and cannot do with the organization's assets.






9. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






10. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






11. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






12. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






13. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






14. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.






15. An adapter that provides the physical connection to send and receive data between the computer and the network media.






16. 18 U.S.C. 1030






17. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






18. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






19. Idlescan






20. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






21. FTP Bounce Attack






22. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






23. List Scan






24. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






25. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






26. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






27. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






28. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






29. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






30. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.






31. RPC Scan






32. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






33. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






34. NSA






35. The art and science of creating a covert message or image within another message - image - audio - or video file.






36. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






37. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






38. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






39. A protocol that allows a client computer to request services from a server and the server to return the results.






40. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.






41. Nmap grepable output






42. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






43. Cracking Tools






44. don't ping






45. ICMP Type/Code 11






46. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






47. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






48. A systematic process for the assessment of security vulnerabilities.






49. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






50. The steps taken to gather evidence and information on the targets you wish to attack.