Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






2. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






3. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






4. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






5. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






6. A string that represents the location of a web resource






7. A type of encryption where the same key is used to encrypt and decrypt the message.






8. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






9. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






10. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






11. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






12. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






13. Another term for firewalking






14. The last portion of the SID that identifies the user to the system in Windows. A RID of 500 identifies the administrator account.






15. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.






16. Aggressive scan timing






17. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






18. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






19. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






20. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






21. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






22. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






23. Transmitting one protocol encapsulated inside another protocol.






24. A record showing which user has accessed a given resource and what operations the user performed during a given period.






25. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






26. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






27. An Internet routing protocol used to exchange routing information within an autonomous system.






28. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






29. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






30. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






31. An Application layer protocol for sending electronic mail between servers.






32. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






33. LM Hash for short passwords (under 7)






34. Software code - a portion of data - or sequence of commands intended to take advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware.






35. The conveying of official access or legal power to a person or entity.






36. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






37. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






38. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






39. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.






40. A file system used by the Mac OS.






41. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






42. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.






43. A software or hardware application or device that captures user keystrokes.






44. A social-engineering attack that manipulates the victim into calling the attacker for help.






45. Port 22






46. A protocol used for sending and receiving log information for nodes on a network.






47. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






48. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






49. ICMP Type/Code 0-0






50. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.