Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






2. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






3. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






4. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.






5. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).






6. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






7. nmap






8. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.






9. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






10. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






11. ex 02






12. A record showing which user has accessed a given resource and what operations the user performed during a given period.






13. Idlescan






14. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi






15. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






16. Transmitting one protocol encapsulated inside another protocol.






17. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






18. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






19. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






20. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






21. An Application layer protocol for sending electronic mail between servers.






22. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






23. Management policy and procedures designed to maintain or restore business operations - including computer operations - possibly at an alternate location - in the event of emergencies - system failures - or disaster.






24. A host designed to collect data on suspicious activity.






25. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






26. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






27. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






28. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






29. A storage buffer that transparently stores data so future requests for the same data can be served faster.






30. A network traffic management technique designed to allow applications to specify the route a packet will take to a destination - regardless of what the route tables between the two systems say.






31. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






32. An organized collection of data.






33. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.






34. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






35. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






36. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






37. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






38. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






39. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






40. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






41. Port 137/138/139






42. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






43. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






44. Ports 20/21






45. A Canonical Name record within DNS - used to provide an alias for a domain name.






46. Describes practices in production and development that promote access to the end product's source materials.






47. A protocol that allows a client computer to request services from a server and the server to return the results.






48. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






49. SYN Ping






50. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.