Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






2. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






3. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






4. FTP Bounce Attack






5. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






6. Formal description and evaluation of the vulnerabilities in an information system






7. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






8. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






9. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






10. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






11. The process of using easily accessible DNS records to map a target network's internal hosts.






12. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






13. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






14. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col






15. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






16. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






17. A record showing which user has accessed a given resource and what operations the user performed during a given period.






18. Port 137/138/139






19. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






20. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






21. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






22. The process of embedding information into a digital signal in a way that makes it difficult to remove.






23. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






24. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman






25. MAC Flooding






26. The combination of all IT assets - resources - components - and systems.






27. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






28. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






29. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






30. The level of importance assigned to an IT asset






31. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






32. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






33. Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.






34. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






35. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






36. Vulnerability Scanning






37. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






38. A small Trojan program that listens on port 777.






39. ICMP Ping






40. The condition of a resource being ready for use and accessible by authorized users.






41. A portion of memory used to temporarily store output or input data.






42. The potential for damage to or loss of an IT asset






43. Idlescan






44. Wrapper or Binder






45. A person or entity indirectly involved in a relationship between two principles.






46. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.






47. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






48. A systematic process for the assessment of security vulnerabilities.






49. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






50. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






Can you answer 50 questions in 15 minutes?



Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests