Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. don't ping






2. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






3. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






4. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.






5. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






6. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






7. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






8. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






9. The software product or system that is the subject of an evaluation.






10. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






11. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






12. A group of people - gathered together by a business entity - working to address a specific problem or goal.






13. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






14. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






15. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






16. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).






17. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






18. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).






19. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






20. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






21. A protocol used for sending and receiving log information for nodes on a network.






22. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






23. A group of experts that handles computer security incidents.






24. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






25. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






26. Two or more LANs connected by a high-speed line across a large geographical area.






27. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






28. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






29. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






30. Describes practices in production and development that promote access to the end product's source materials.






31. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






32. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






33. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






34. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






35. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






36. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






37. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






38. A software or hardware defect that often results in system vulnerabilities.






39. A device on a network.






40. RPC Scan






41. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






42. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.






43. A storage buffer that transparently stores data so future requests for the same data can be served faster.






44. A communications protocol used for browsing the Internet.






45. The process of using easily accessible DNS records to map a target network's internal hosts.






46. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






47. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






48. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






49. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






50. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private