Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






2. A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm - the length of the input block is the same as the length of the output block.






3. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






4. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






5. An Internet routing protocol used to exchange routing information within an autonomous system.






6. Another term for firewalking






7. don't ping






8. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






9. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t






10. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






11. A group of experts that handles computer security incidents.






12. A protocol used to pass control and error messages between nodes on the Internet.






13. Version Detection Scan






14. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






15. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






16. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






17. An Application layer protocol for managing devices on an IP network.






18. A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail.






19. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






20. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






21. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.






22. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






23. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






24. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.






25. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






26. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






27. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






28. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






29. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.






30. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






31. A document describing information security guidelines - policies - procedures - and standards.






32. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






33. A software or hardware defect that often results in system vulnerabilities.






34. SYN Ping






35. Phases of an attack






36. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






37. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






38. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






39. The software product or system that is the subject of an evaluation.






40. Sneaky scan timing






41. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






42. A legal limit on the amount of financial liability and remedies the organization is responsible for taking on.






43. A command used in HTTP and FTP to retrieve a file from a server.






44. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






45. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






46. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






47. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






48. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






49. An early network application that provides information on users currently logged on to a machine.






50. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests