Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






2. A device providing temporary - on-demand - point-to-point network access to users.






3. Directing a protocol from one port to another.






4. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.






5. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






6. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






7. A list of IP addresses and corresponding MAC addresses stored on a local computer.






8. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






9. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






10. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






11. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






12. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






13. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






14. Port 389






15. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






16. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






17. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






18. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






19. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






20. The act of dialing all numbers within an organization to discover open modems.






21. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






22. Black hat






23. A type of encryption where the same key is used to encrypt and decrypt the message.






24. A protocol used to pass control and error messages between nodes on the Internet.






25. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






26. don't ping






27. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






28. Paranoid scan timing






29. An attack that combines a brute-force attack with a dictionary attack.






30. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






31. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






32. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






33. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






34. Polite scan timing






35. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






36. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






37. Recording the time - normally in a log file - when an event happens or when information is created or modified.






38. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






39. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






40. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






41. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






42. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






43. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.






44. The default network authentication suite of protocols for Windows NT 4.0






45. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






46. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






47. An attack that exploits the common mistake many people make when installing operating systems






48. Cracking Tools






49. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can






50. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests