Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ICMP Type/Code 0-0






2. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






3. Any item of value or worth to an organization - whether physical or virtual.






4. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






5. Black hat






6. Incremental Substitution






7. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






8. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






9. An organized collection of data.






10. Black box test






11. The act of dialing all numbers within an organization to discover open modems.






12. The art and science of creating a covert message or image within another message - image - audio - or video file.






13. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






14. ACK Scan






15. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






16. A person or entity indirectly involved in a relationship between two principles.






17. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






18. An Ethernet networking system transmitting data at 100 million bits per second (Mbps) - 10 times the speed of an earlier Ethernet standard. Derived from the Ethernet 802.3 standard - it is also known as 100BaseT.






19. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






20. A method of network traffic filtering that monitors the entire communications process - including the originator of the session and from which direction it started.






21. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






22. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






23. A document describing information security guidelines - policies - procedures - and standards.






24. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






25. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






26. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






27. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






28. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.






29. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






30. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






31. A type of malware that covertly collects information about a user.






32. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






33. Port 161/162






34. Hex 29






35. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.






36. A method of external testing whereby several systems or resources are used together to effect an attack.






37. A type of DNS transfer - where all records from an SOA are transmitted to the requestor. Zone transfers have two options: full (opcode AXFR) and incremental (IXFR).






38. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






39. The process of recording activity on a system for monitoring and later review.






40. A method of password cracking whereby all possible options are systematically enumerated until a match is found. These attacks try every password (or authentication option) - one after another - until successful. Bruteforce attacks take a long time t






41. A tool that helps a company to compare its actual performance with its potential performance.






42. Port 137/138/139






43. A point of reference used to mark an initial state in order to manage change.






44. An attack that combines a brute-force attack with a dictionary attack.






45. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






46. ICMP Type/Code 8






47. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






48. A record showing which user has accessed a given resource and what operations the user performed during a given period.






49. Port 389






50. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks