Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






2. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






3. The conveying of official access or legal power to a person or entity.






4. A routing protocol developed to be used within a single organization.






5. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






6. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






7. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






8. ICMP Type/Code 8






9. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






10. An organized collection of data.






11. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






12. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






13. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






14. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






15. A free and popular version of the Unix operating system.






16. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






17. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






18. ACK Scan






19. Microsoft SID 500






20. TCP Ping






21. A social-engineering attack using computer resources - such as e-mail or IRC.






22. Another term for firewalking






23. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






24. Name given to expert groups that handle computer security incidents.






25. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






26. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






27. An adapter that provides the physical connection to send and receive data between the computer and the network media.






28. Injecting traffic into the network to identify the operating system of a device.






29. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






30. ICMP Ping






31. A tool that helps a company to compare its actual performance with its potential performance.






32. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






33. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






34. The combination of all IT assets - resources - components - and systems.






35. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






36. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption






37. 18 U.S.C. 1029






38. The art and science of creating a covert message or image within another message - image - audio - or video file.






39. A data encryption/decryption program often used for e-mail and file storage.






40. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






41. The process of using easily accessible DNS records to map a target network's internal hosts.






42. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






43. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






44. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






45. Metamorphic Virus






46. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






47. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.






48. The concept of having more than one person required to complete a task






49. TCP SYN Scan






50. The process of systematically testing each port on a firewall to map rules and determine accessible ports.