Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






2. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






3. White hat






4. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






5. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






6. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






7. A computer network confined to a relatively small area - such as a single building or campus.






8. The process of embedding information into a digital signal in a way that makes it difficult to remove.






9. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






10. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






11. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






12. A hardware device used to log keystrokes covertly. Hardware keystroke loggers are very dangerous due to the fact that they cannot be detected through regular software/anti-malware scanning.






13. Paranoid scan timing






14. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






15. The default network authentication suite of protocols for Windows NT 4.0






16. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






17. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






18. Nmap grepable output






19. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.






20. The Security Accounts Manager file in Windows stores all the password hashes for the system.






21. Text or data in its encrypted form; the result of plaintext being input into a cryptographic algorithm.






22. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






23. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






24. A device providing temporary - on-demand - point-to-point network access to users.






25. A group of experts that handles computer security incidents.






26. Version Detection Scan






27. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






28. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






29. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






30. Hashing algorithm that results in a 128-bit output.






31. Insane scan timing






32. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






33. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






34. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






35. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






36. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






37. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






38. Nmap normal output






39. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






40. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






41. The change or growth of a project's scope






42. Idlescan






43. A host designed to collect data on suspicious activity.






44. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






45. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






46. A small space having two sets of interlocking doors; the first set of doors must close before the second set opens. Typically authentication is required for each door - often using different factors. For example - a smart card may open the first door






47. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






48. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






49. A person or entity indirectly involved in a relationship between two principles.






50. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.