Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






2. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






3. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






4. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






5. Two or more LANs connected by a high-speed line across a large geographical area.






6. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






7. ICMP Type/Code 3-13






8. Attacks on the actual programming code of an application.






9. Phases of an attack






10. An Application layer protocol for sending electronic mail between servers.






11. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






12. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






13. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






14. Software that has advertisements embedded within. Generally displays ads in the form of pop-ups.






15. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






16. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.






17. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






18. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






19. A protocol that allows a client computer to request services from a server and the server to return the results.






20. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






21. Normal scan timing






22. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






23. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






24. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






25. Nmap grepable output






26. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






27. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






28. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






29. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






30. Policy stating what users of a system can and cannot do with the organization's assets.






31. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






32. A protocol for exchanging packets over a serial line.






33. ex 02






34. An attack that exploits the common mistake many people make when installing operating systems






35. Shifting responsibility from one party to another






36. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






37. A free and popular version of the Unix operating system.






38. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






39. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






40. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






41. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






42. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






43. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






44. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






45. Hex 10






46. The conveying of official access or legal power to a person or entity.






47. CAN-SPAM






48. A communications protocol used for browsing the Internet.






49. SYN Ping






50. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests