Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






2. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






3. nmap






4. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






5. Computer software or hardware that can intercept and log traffic passing over a digital network.






6. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






7. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






8. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






9. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






10. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






11. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






12. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






13. 18 U.S.C. 1030






14. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






15. LM Hash for short passwords (under 7)






16. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






17. ex 02






18. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






19. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






20. A device on a network.






21. Port 53






22. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






23. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






24. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






25. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






26. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






27. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






28. A protocol for exchanging packets over a serial line.






29. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






30. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






31. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






32. A computer process that requests a service from another computer and accepts the server's responses.






33. Hex 10






34. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it






35. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






36. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






37. Any item of value or worth to an organization - whether physical or virtual.






38. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






39. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






40. A computer file system architecture used in Windows - OS/2 - and most memory cards.






41. ICMP Type/Code 8






42. nmap






43. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






44. Phases of an attack






45. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






46. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






47. Black hat






48. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






49. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






50. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.