Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Idlescan






2. The act of dialing all numbers within an organization to discover open modems.






3. White hat






4. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






5. NSA






6. ICMP Netmask






7. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






8. A group of experts that handles computer security incidents.






9. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






10. A computer virus that infects and spreads in multiple ways.






11. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






12. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.






13. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






14. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.






15. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






16. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






17. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






18. Attacks on the actual programming code of an application.






19. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






20. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






21. Cracking Tools






22. A communications protocol used for browsing the Internet.






23. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






24. Port 135






25. A small Trojan program that listens on port 777.






26. ICMP Type/Code 11






27. A computer network confined to a relatively small area - such as a single building or campus.






28. Nmap ml output






29. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






30. Ports 20/21






31. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






32. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






33. TCP Ping






34. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






35. Computer software or hardware that can intercept and log traffic passing over a digital network.






36. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.






37. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






38. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






39. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






40. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






41. Injecting traffic into the network to identify the operating system of a device.






42. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






43. An Internet routing protocol used to exchange routing information within an autonomous system.






44. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






45. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






46. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






47. Microsoft SID 500






48. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






49. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






50. An adapter that provides the physical connection to send and receive data between the computer and the network media.