Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.






2. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






3. ICMP Type/Code 8






4. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






5. IP Protocol Scan






6. TCP SYN Scan






7. A wireless networking mode where all clients connect to the wireless network through a central access point.






8. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






9. A denial-of-service technique that uses numerous hosts to perform the attack.






10. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






11. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






12. A type of malware that covertly collects information about a user.






13. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






14. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






15. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






16. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






17. Controls to detect anomalies or undesirable events occurring on a system.






18. NSA






19. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






20. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






21. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






22. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






23. Idlescan






24. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






25. An adapter that provides the physical connection to send and receive data between the computer and the network media.






26. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






27. Hex 14






28. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






29. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






30. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






31. Transmitting one protocol encapsulated inside another protocol.






32. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






33. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).






34. Incremental Substitution






35. The software product or system that is the subject of an evaluation.






36. Evaluation in which testers attempt to penetrate the network.






37. A storage buffer that transparently stores data so future requests for the same data can be served faster.






38. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






39. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






40. The combination of all IT assets - resources - components - and systems.






41. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






42. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






43. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






44. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






45. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






46. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






47. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






48. ICMP Type/Code 3-13






49. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






50. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.