Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






2. Evaluation in which testers attempt to penetrate the network.






3. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






4. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.






5. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.






6. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






7. Port 80/81/8080






8. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






9. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






10. A network deployed as a trap to detect - deflect - or deter unauthorized use of information systems.






11. don't ping






12. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






13. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






14. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






15. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






16. Port 31337






17. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






18. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






19. A program designed to execute at a specific time to release malicious code onto the computer system or network.






20. Paranoid scan timing






21. A software or hardware defect that often results in system vulnerabilities.






22. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






23. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






24. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






25. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






26. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






27. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






28. 18 U.S.C. 1030






29. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.






30. Two or more LANs connected by a high-speed line across a large geographical area.






31. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






32. A business - government agency - or educational institution that provides access to the Internet.






33. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






34. Wrapper or Binder






35. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






36. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






37. Port 135






38. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






39. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






40. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






41. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






42. ICMP Timestamp






43. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






44. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.






45. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






46. Hex 14






47. A documented process for a procedure designed to be consistent - repeatable - and accountable.






48. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.






49. Port 23






50. Incremental Substitution