Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A software or hardware defect that often results in system vulnerabilities.






2. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






3. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






4. nmap






5. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






6. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






7. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






8. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.






9. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






10. Hex 10






11. Network Scanning






12. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






13. Port 88






14. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






15. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






16. ICMP Type/Code 0-0






17. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






18. The steps taken to gather evidence and information on the targets you wish to attack.






19. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






20. A Canonical Name record within DNS - used to provide an alias for a domain name.






21. A software or hardware application or device that captures user keystrokes.






22. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






23. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






24. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






25. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






26. An evaluation conducted to determine the potential for damage to or loss of an IT asset.






27. Wrapper or Binder






28. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






29. List Scan






30. A point of reference used to mark an initial state in order to manage change.






31. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






32. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi






33. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






34. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






35. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






36. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman






37. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






38. Establish Null Session






39. Describes practices in production and development that promote access to the end product's source materials.






40. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






41. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






42. NSA






43. Aggressive scan timing






44. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






45. Directory Transversal






46. Sneaky scan timing






47. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






48. Any network incident that prompts some kind of log entry or other notification.






49. A defined measure of service within a network system






50. Phases of an attack