Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






2. A free and popular version of the Unix operating system.






3. 18 U.S.C. 1030






4. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






5. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






6. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






7. The act of dialing all numbers within an organization to discover open modems.






8. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






9. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






10. The lack of clocking (imposed time ordering) on a bit stream.






11. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






12. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






13. Port 161/162






14. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






15. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






16. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






17. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






18. The potential for damage to or loss of an IT asset






19. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






20. Hex 29






21. Hex 10






22. White hat






23. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






24. A Canonical Name record within DNS - used to provide an alias for a domain name.






25. A small Trojan program that listens on port 777.






26. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






27. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






28. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






29. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






30. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






31. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






32. A storage buffer that transparently stores data so future requests for the same data can be served faster.






33. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






34. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.






35. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






36. MAC Flooding






37. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






38. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






39. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






40. Insane scan timing






41. A command used in HTTP and FTP to retrieve a file from a server.






42. White box test






43. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






44. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






45. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






46. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






47. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






48. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






49. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






50. The change or growth of a project's scope