Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






2. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






3. CAN-SPAM






4. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






5. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






6. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






7. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






8. The steps taken to gather evidence and information on the targets you wish to attack.






9. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






10. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






11. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






12. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






13. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






14. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






15. The default network authentication suite of protocols for Windows NT 4.0






16. A protocol that allows a client computer to request services from a server and the server to return the results.






17. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.






18. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






19. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






20. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






21. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






22. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






23. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






24. ICMP Ping






25. 18 U.S.C. 1030






26. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






27. Idlescan






28. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






29. The conveying of official access or legal power to a person or entity.






30. Attacks on the actual programming code of an application.






31. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






32. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






33. Host-based IDS. An IDS that resides on the host - protecting against file and folder manipulation and other host-based attacks and actions.






34. PI and PT Ping






35. Hex 04






36. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






37. A social-engineering attack using computer resources - such as e-mail or IRC.






38. A computer network confined to a relatively small area - such as a single building or campus.






39. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.






40. Computer software or hardware that can intercept and log traffic passing over a digital network.






41. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






42. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






43. 18 U.S.C. 1029






44. The potential for damage to or loss of an IT asset






45. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






46. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






47. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






48. A computer virus that infects and spreads in multiple ways.






49. A command used in HTTP and FTP to retrieve a file from a server.






50. The ability to trace actions performed on a system to a specific user or system entity.