Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






2. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






3. The art and science of creating a covert message or image within another message - image - audio - or video file.






4. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi






5. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






6. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






7. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






8. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.






9. Port 389






10. nmap all output






11. Computer software or hardware that can intercept and log traffic passing over a digital network.






12. The default network authentication suite of protocols for Windows NT 4.0






13. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






14. The transmission of digital signals without precise clocking or synchronization.






15. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






16. List Scan






17. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.






18. Nmap ml output






19. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






20. A device on a network.






21. A mode of operation for a block cipher - with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value - and vice versa






22. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






23. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






24. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






25. Phases of an attack






26. Any network incident that prompts some kind of log entry or other notification.






27. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.






28. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






29. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






30. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






31. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






32. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






33. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






34. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






35. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






36. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






37. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






38. Sneaky scan timing






39. ex 02






40. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






41. An attack that exploits the common mistake many people make when installing operating systems






42. Hex 14






43. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






44. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






45. A Windows-based GUI version of nmap.






46. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






47. Hex 12






48. A protocol used to pass control and error messages between nodes on the Internet.






49. An Application layer protocol for sending electronic mail between servers.






50. An attack that combines a brute-force attack with a dictionary attack.