Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ICMP Type/Code 3-13






2. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






3. nmap






4. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






5. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






6. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






7. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






8. Hex 29






9. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






10. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






11. The process of using easily accessible DNS records to map a target network's internal hosts.






12. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.






13. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






14. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






15. A device providing temporary - on-demand - point-to-point network access to users.






16. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






17. Establish Null Session






18. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






19. A virus written in a macro language and usually embedded in document or spreadsheet files.






20. Describes practices in production and development that promote access to the end product's source materials.






21. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






22. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






23. IP Protocol Scan






24. TCP connect() scan






25. An early network application that provides information on users currently logged on to a machine.






26. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






27. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






28. ICMP Type/Code 8






29. The condition of a resource being ready for use and accessible by authorized users.






30. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






31. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.






32. A group of experts that handles computer security incidents.






33. A small Trojan program that listens on port 777.






34. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






35. A file system used by the Mac OS.






36. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






37. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






38. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






39. Port 135






40. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






41. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






42. A cryptographic attack where bits are manipulated in the ciphertext itself to generate a predictable outcome in the plaintext once it is decrypted.






43. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






44. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






45. A software or hardware application or device that captures user keystrokes.






46. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






47. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






48. Transmitting one protocol encapsulated inside another protocol.






49. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






50. Black hat