Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






2. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






3. A routing protocol developed to be used within a single organization.






4. Shifting responsibility from one party to another






5. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






6. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.






7. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






8. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






9. A device providing temporary - on-demand - point-to-point network access to users.






10. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






11. Metamorphic Virus






12. Port 161/162






13. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






14. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






15. A data encryption/decryption program often used for e-mail and file storage.






16. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






17. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.






18. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






19. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






20. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






21. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






22. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






23. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






24. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






25. Policy stating what users of a system can and cannot do with the organization's assets.






26. A document describing information security guidelines - policies - procedures - and standards.






27. A program designed to execute at a specific time to release malicious code onto the computer system or network.






28. Cracking Tools






29. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.






30. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






31. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






32. An informed decision to accept the potential for damage to or loss of an IT asset.






33. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






34. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






35. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.






36. Directory Transversal






37. CAN-SPAM






38. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






39. A type of encryption where the same key is used to encrypt and decrypt the message.






40. A protocol used to pass control and error messages between nodes on the Internet.






41. Polymorphic Virus






42. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






43. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






44. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






45. IP Protocol Scan






46. Any item of value or worth to an organization - whether physical or virtual.






47. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






48. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






49. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






50. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.