Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






2. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






3. LM Hash for short passwords (under 7)






4. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






5. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






6. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






7. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).






8. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






9. Port 23






10. 18 U.S.C. 1029






11. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






12. Nmap ml output






13. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






14. A command used in HTTP and FTP to retrieve a file from a server.






15. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.






16. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets






17. Monitoring of telephone or Internet conversations - typically by covert means.






18. A routing protocol developed to be used within a single organization.






19. A virus designed to infect the master boot record.






20. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






21. Hex 12






22. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






23. Hashing algorithm that results in a 128-bit output.






24. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






25. The change or growth of a project's scope






26. Vulnerability Scanning






27. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






28. The art and science of creating a covert message or image within another message - image - audio - or video file.






29. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






30. nmap






31. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






32. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






33. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






34. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






35. A program designed to execute at a specific time to release malicious code onto the computer system or network.






36. Port 137/138/139






37. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






38. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






39. Evaluation in which testers attempt to penetrate the network.






40. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






41. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.






42. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






43. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






44. Black hat






45. Any network incident that prompts some kind of log entry or other notification.






46. NSA






47. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






48. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






49. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






50. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.