Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






2. Nmap ml output






3. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






4. Nmap grepable output






5. nmap all output






6. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






7. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






8. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






9. Cracking Tools






10. Vulnerability Scanning






11. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






12. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.






13. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






14. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






15. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






16. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






17. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






18. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






19. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






20. Paranoid scan timing






21. Controls to detect anomalies or undesirable events occurring on a system.






22. A computer file system architecture used in Windows - OS/2 - and most memory cards.






23. A software or hardware defect that often results in system vulnerabilities.






24. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






25. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






26. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






27. A file system used by the Mac OS.






28. A wireless networking mode where all clients connect to the wireless network through a central access point.






29. A document describing information security guidelines - policies - procedures - and standards.






30. Directing a protocol from one port to another.






31. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






32. A type of malware that covertly collects information about a user.






33. A host designed to collect data on suspicious activity.






34. Attacks on the actual programming code of an application.






35. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






36. Computer software or hardware that can intercept and log traffic passing over a digital network.






37. A device providing temporary - on-demand - point-to-point network access to users.






38. Port 137/138/139






39. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






40. 18 U.S.C. 1030






41. Ports 20/21






42. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






43. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






44. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






45. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






46. A point of reference used to mark an initial state in order to manage change.






47. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






48. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






49. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






50. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.