Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Transmitting one protocol encapsulated inside another protocol.






2. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






3. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






4. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






5. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






6. A string that represents the location of a web resource






7. Directory Transversal






8. Port 31337






9. A file system used by the Mac OS.






10. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






11. ICMP Ping






12. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






13. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






14. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






15. A method of external testing whereby several systems or resources are used together to effect an attack.






16. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi






17. Nmap normal output






18. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






19. Incremental Substitution






20. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






21. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






22. The conveying of official access or legal power to a person or entity.






23. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






24. The concept of having more than one person required to complete a task






25. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






26. The Security Accounts Manager file in Windows stores all the password hashes for the system.






27. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






28. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






29. Window Scan






30. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






31. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






32. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






33. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






34. Ping Scan






35. Vulnerability Scanning






36. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






37. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






38. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






39. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






40. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






41. The act of dialing all numbers within an organization to discover open modems.






42. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






43. A person or entity indirectly involved in a relationship between two principles.






44. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






45. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






46. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






47. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.






48. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






49. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






50. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.