Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






2. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.






3. Hex 29






4. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






5. A virus that plants itself in a system's boot sector and infects the master boot record.






6. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






7. A wireless LAN security standard developed by IEEE. Requires Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).






8. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






9. A group of people - gathered together by a business entity - working to address a specific problem or goal.






10. A type of encryption where the same key is used to encrypt and decrypt the message.






11. A method of external testing whereby several systems or resources are used together to effect an attack.






12. A file system used by the Mac OS.






13. Port 389






14. A portion of memory used to temporarily store output or input data.






15. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.






16. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






17. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






18. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






19. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






20. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






21. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






22. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






23. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






24. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






25. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






26. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






27. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






28. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






29. A business - government agency - or educational institution that provides access to the Internet.






30. The potential for damage to or loss of an IT asset






31. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






32. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






33. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






34. Port 53






35. The exploitation of a security vulnerability






36. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.






37. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






38. Polymorphic Virus






39. A tool that helps a company to compare its actual performance with its potential performance.






40. Vulnerability Scanning






41. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






42. Aggressive scan timing






43. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






44. Port 31337






45. A string that represents the location of a web resource






46. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






47. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






48. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






49. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






50. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.