Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






2. ICMP Timestamp






3. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






4. A software or hardware defect that often results in system vulnerabilities.






5. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






6. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






7. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






8. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






9. Monitoring of telephone or Internet conversations - typically by covert means.






10. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






11. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






12. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






13. A domain composed of all the systems sharing any given physical transport media. Systems within a collision domain may collide with each other during the transmission of data. Collisions can be managed by CSMA/CD (collision detection) or CSMA/CA (col






14. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






15. Transmitting one protocol encapsulated inside another protocol.






16. Describes practices in production and development that promote access to the end product's source materials.






17. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






18. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






19. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






20. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






21. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






22. An organized collection of data.






23. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






24. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






25. An adapter that provides the physical connection to send and receive data between the computer and the network media.






26. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






27. A portion of memory used to temporarily store output or input data.






28. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






29. A systematic process for the assessment of security vulnerabilities.






30. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.






31. Hex 04






32. ICMP Type/Code 11






33. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






34. A small Trojan program that listens on port 777.






35. Computer software or hardware that can intercept and log traffic passing over a digital network.






36. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






37. ICMP Type/Code 3






38. A protocol used for sending and receiving log information for nodes on a network.






39. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






40. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






41. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






42. The condition of a resource being ready for use and accessible by authorized users.






43. Paranoid scan timing






44. A type of encryption where the same key is used to encrypt and decrypt the message.






45. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






46. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






47. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






48. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






49. Another term for firewalking






50. A protocol defining packets that are able to be routed by a router.