Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






2. An outdated symmetric cipher encryption algorithm - previously U.S. government-approved and used by business and civilian government agencies. DES is no longer considered secure due to the ease with which the entire keyspace can be attempted using mo






3. A string that represents the location of a web resource






4. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.






5. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






6. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






7. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






8. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






9. Recording the time - normally in a log file - when an event happens or when information is created or modified.






10. A function that is easy to compute in one direction - yet believed to be difficult to compute in the opposite direction (finding its inverse) without special information - called the 'trapdoor.' Widely used in cryptography.






11. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






12. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






13. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






14. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






15. The lack of clocking (imposed time ordering) on a bit stream.






16. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






17. Computer software or hardware that can intercept and log traffic passing over a digital network.






18. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






19. A method of external testing whereby several systems or resources are used together to effect an attack.






20. Black hat






21. Monitoring of telephone or Internet conversations - typically by covert means.






22. The software product or system that is the subject of an evaluation.






23. Directory Transversal






24. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






25. A protocol used for sending and receiving log information for nodes on a network.






26. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






27. Any item of value or worth to an organization - whether physical or virtual.






28. A security protocol for wireless local area networks defined in the 802.11b standard; intended to provide the same level of security as a wired LAN. WEP is not considered strong security - although it does authenticate clients to access points - encr






29. A social-engineering attack that manipulates the victim into calling the attacker for help.






30. NSA






31. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






32. A storage buffer that transparently stores data so future requests for the same data can be served faster.






33. A device on a network.






34. An e-mail protection method using a secret message or image that can be referenced on any official communication with the site; if an e-mail is received without the image or message - the recipient knows it is not legitimate.






35. 18 U.S.C. 1029






36. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






37. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






38. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






39. A virus that plants itself in a system's boot sector and infects the master boot record.






40. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






41. A wireless networking mode where all clients connect to the wireless network through a central access point.






42. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






43. Phases of an attack






44. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






45. A method of permitting only MAC addresses in a preapproved list network access. Addresses not matching are blocked.






46. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






47. Vulnerability Scanning






48. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






49. 18 U.S.C. 1030






50. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.