Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






2. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






3. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






4. Two or more LANs connected by a high-speed line across a large geographical area.






5. A software or hardware application or device that captures user keystrokes.






6. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






7. The process of determining if a network entity (user or service) is legitimate






8. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






9. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






10. The monetary value assigned to an IT asset.






11. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






12. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






13. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






14. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






15. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






16. Port 22






17. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






18. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






19. Vulnerability Scanning






20. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






21. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






22. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






23. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






24. ICMP Ping






25. Nmap normal output






26. nmap all output






27. The art and science of creating a covert message or image within another message - image - audio - or video file.






28. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.






29. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






30. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






31. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






32. Black box test






33. Injecting traffic into the network to identify the operating system of a device.






34. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






35. ICMP Type/Code 11






36. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






37. Network Scanning






38. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






39. The process of recording activity on a system for monitoring and later review.






40. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






41. Phases of an attack






42. Microsoft SID 500






43. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






44. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






45. Hex 10






46. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






47. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).






48. An international encoding standard - working within multiple languages and scripts - that represents each letter - digit - or symbol with a unique numeric value that applies across different platforms.






49. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






50. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.