Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An international organization composed of national standards bodies from over 75 countries. Developed the OSI reference model.






2. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






3. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






4. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






5. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






6. The steps taken to gather evidence and information on the targets you wish to attack.






7. ICMP Type/Code 3-13






8. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption






9. A backlog of packets stored in buffers and waiting to be forwarded over an interface.






10. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






11. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






12. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






13. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






14. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.






15. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






16. Controls to detect anomalies or undesirable events occurring on a system.






17. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






18. A virus that plants itself in a system's boot sector and infects the master boot record.






19. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






20. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






21. A denial-of-service technique that uses numerous hosts to perform the attack.






22. The change or growth of a project's scope






23. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






24. Port 53






25. Computer software or hardware that can intercept and log traffic passing over a digital network.






26. Steps taken to identify and limit risks to an acceptable or reasonable level of exposure.






27. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.






28. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






29. An Application layer protocol for managing devices on an IP network.






30. White hat






31. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






32. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






33. A free and popular version of the Unix operating system.






34. A protocol that allows a client computer to request services from a server and the server to return the results.






35. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






36. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






37. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






38. A method of external testing whereby several systems or resources are used together to effect an attack.






39. Policy stating what users of a system can and cannot do with the organization's assets.






40. A device on a network.






41. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.






42. A portion of memory used to temporarily store output or input data.






43. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






44. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.






45. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






46. A software or hardware defect that often results in system vulnerabilities.






47. A principle in security engineering that attempts to use anonymity and secrecy (of design - implementation - and so on) to provide security; the footprint of the organization - entity - network - or system is kept as small as possible to avoid intere






48. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.






49. A computer security expert who performs security audits and penetration tests against systems or network segments - with the owner's full knowledge and permission - in an effort to increase security.






50. Hex 14