Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






2. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






3. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






4. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






5. Controls to detect anomalies or undesirable events occurring on a system.






6. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






7. An early network application that provides information on users currently logged on to a machine.






8. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






9. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






10. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






11. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






12. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






13. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






14. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it






15. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






16. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






17. Ports 20/21






18. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






19. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






20. Nmap normal output






21. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






22. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






23. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






24. Hex 14






25. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






26. Metamorphic Virus






27. nmap all output






28. A command used in HTTP and FTP to retrieve a file from a server.






29. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






30. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






31. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






32. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






33. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






34. A record showing which user has accessed a given resource and what operations the user performed during a given period.






35. Insane scan timing






36. Aggressive scan timing






37. Port 80/81/8080






38. A string that represents the location of a web resource






39. FIN Scan






40. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






41. Black box test






42. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






43. The monetary value assigned to an IT asset.






44. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






45. Port 137/138/139






46. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption






47. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






48. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






49. Computer software or hardware that can intercept and log traffic passing over a digital network.






50. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or