Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ICMP Timestamp






2. The organization that governs the Internet's top-level domains - IP address allocation - and port number assignments.






3. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






4. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






5. A systematic process for the assessment of security vulnerabilities.






6. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






7. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






8. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks






9. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






10. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






11. An Internet routing protocol used to exchange routing information within an autonomous system.






12. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






13. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






14. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






15. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






16. A data encryption/decryption program often used for e-mail and file storage.






17. The ability to trace actions performed on a system to a specific user or system entity.






18. Version Detection Scan






19. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






20. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






21. Port 22






22. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






23. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






24. The process of embedding information into a digital signal in a way that makes it difficult to remove.






25. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






26. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






27. A social-engineering attack that manipulates the victim into calling the attacker for help.






28. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






29. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






30. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






31. ACK Scan






32. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






33. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






34. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






35. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






36. A group of experts that handles computer security incidents.






37. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






38. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






39. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






40. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






41. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






42. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






43. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






44. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.






45. An organized collection of data.






46. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.






47. A computer file system architecture used in Windows - OS/2 - and most memory cards.






48. The change or growth of a project's scope






49. Xmas Tree scan






50. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.