Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ICMP Timestamp






2. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






3. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






4. A systematic process for the assessment of security vulnerabilities.






5. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






6. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






7. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.






8. The Security Accounts Manager file in Windows stores all the password hashes for the system.






9. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






10. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






11. SYN Ping






12. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






13. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.






14. LM Hash for short passwords (under 7)






15. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).






16. Phases of an attack






17. A small Trojan program that listens on port 777.






18. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






19. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






20. A Windows-based GUI version of nmap.






21. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






22. A computer process that requests a service from another computer and accepts the server's responses.






23. A command used in HTTP and FTP to retrieve a file from a server.






24. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






25. The lack of clocking (imposed time ordering) on a bit stream.






26. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






27. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






28. Network Scanning






29. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






30. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman






31. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






32. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






33. ICMP Netmask






34. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






35. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






36. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






37. An attack that exploits the common mistake many people make when installing operating systems






38. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






39. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






40. IP Protocol Scan






41. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






42. nmap






43. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






44. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






45. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






46. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






47. The potential for damage to or loss of an IT asset






48. An informed decision to accept the potential for damage to or loss of an IT asset.






49. UDP Scan






50. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.