Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






2. Port 22






3. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






4. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






5. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






6. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






7. A social-engineering attack that manipulates the victim into calling the attacker for help.






8. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






9. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.






10. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






11. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






12. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.






13. A denial-of-service attack where the attacker sends a ping to the network's broadcast address from the spoofed IP address of the target. All systems in the subnet then respond to the spoofed address - eventually flooding the device.






14. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






15. Formal description and evaluation of the vulnerabilities in an information system






16. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






17. Nmap normal output






18. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






19. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






20. A device on a network.






21. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






22. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






23. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






24. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






25. UDP Scan






26. Cracking Tools






27. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






28. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






29. A type of encryption where the same key is used to encrypt and decrypt the message.






30. A computer virus that infects and spreads in multiple ways.






31. An informed decision to accept the potential for damage to or loss of an IT asset.






32. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






33. nmap






34. A social-engineering attack using computer resources - such as e-mail or IRC.






35. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






36. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






37. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






38. White hat






39. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






40. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






41. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






42. Transmitting one protocol encapsulated inside another protocol.






43. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






44. A computer network confined to a relatively small area - such as a single building or campus.






45. A host designed to collect data on suspicious activity.






46. FTP Bounce Attack






47. A point of reference used to mark an initial state in order to manage change.






48. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






49. The process of recording activity on a system for monitoring and later review.






50. Shifting responsibility from one party to another