Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






2. Polymorphic Virus






3. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






4. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






5. Normal scan timing






6. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






7. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






8. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






9. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






10. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






11. The monetary value assigned to an IT asset.






12. Two or more LANs connected by a high-speed line across a large geographical area.






13. Ping Scan






14. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






15. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






16. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






17. A device providing temporary - on-demand - point-to-point network access to users.






18. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






19. Port 80/81/8080






20. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






21. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






22. ICMP Netmask






23. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






24. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






25. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






26. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






27. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






28. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






29. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






30. A string that represents the location of a web resource






31. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






32. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






33. A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.






34. The change or growth of a project's scope






35. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).






36. A protocol that allows a client computer to request services from a server and the server to return the results.






37. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






38. Port 31337






39. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






40. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






41. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






42. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t






43. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.






44. A type of encryption where the same key is used to encrypt and decrypt the message.






45. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






46. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






47. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






48. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all






49. A Canonical Name record within DNS - used to provide an alias for a domain name.






50. A protocol defining packets that are able to be routed by a router.






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests