Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Network Scanning






2. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






3. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






4. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






5. Name given to expert groups that handle computer security incidents.






6. Access by information systems (or users) communicating from outside the information system security perimeter.






7. A list of IP addresses and corresponding MAC addresses stored on a local computer.






8. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






9. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






10. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it






11. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






12. An evaluation conducted to determine the potential for damage to or loss of an IT asset.






13. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.






14. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






15. A string that represents the location of a web resource






16. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






17. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






18. Port 161/162






19. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






20. Aggressive scan timing






21. List Scan






22. Computer software or hardware that can intercept and log traffic passing over a digital network.






23. A Canonical Name record within DNS - used to provide an alias for a domain name.






24. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






25. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






26. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






27. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






28. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






29. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






30. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






31. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






32. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






33. SYN Ping






34. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






35. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






36. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






37. A software or hardware application or device that captures user keystrokes.






38. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






39. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






40. The default network authentication suite of protocols for Windows NT 4.0






41. IP Protocol Scan






42. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






43. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






44. The conveying of official access or legal power to a person or entity.






45. Wrapper or Binder






46. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






47. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






48. The lack of clocking (imposed time ordering) on a bit stream.






49. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






50. Incremental Substitution