Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A document describing information security guidelines - policies - procedures - and standards.






2. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






3. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






4. A free and popular version of the Unix operating system.






5. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






6. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






7. Port 80/81/8080






8. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






9. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






10. Port 135






11. Establish Null Session






12. A device providing temporary - on-demand - point-to-point network access to users.






13. A partially protected zone on a network - not exposed to the full fury of the Internet - but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must a






14. A software or hardware application or device that captures user keystrokes.






15. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






16. A virus that plants itself in a system's boot sector and infects the master boot record.






17. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






18. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






19. The steps taken to gather evidence and information on the targets you wish to attack.






20. The art and science of creating a covert message or image within another message - image - audio - or video file.






21. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






22. Computer software or hardware that can intercept and log traffic passing over a digital network.






23. List Scan






24. A computer process that requests a service from another computer and accepts the server's responses.






25. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.






26. Version Detection Scan






27. ACK Scan






28. A person or entity indirectly involved in a relationship between two principles.






29. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






30. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






31. A type of malware that covertly collects information about a user.






32. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






33. A string that represents the location of a web resource






34. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






35. The potential for damage to or loss of an IT asset






36. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).






37. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






38. A routing protocol developed to be used within a single organization.






39. ICMP Ping






40. Nmap grepable output






41. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






42. A wireless networking mode where all clients connect to the wireless network through a central access point.






43. Phases of an attack






44. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






45. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






46. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






47. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






48. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






49. Port 22






50. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.