Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Polite scan timing






2. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






3. A routing protocol developed to be used within a single organization.






4. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






5. A document describing information security guidelines - policies - procedures - and standards.






6. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






7. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






8. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






9. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






10. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






11. The process of using an application to remotely identify open ports on a system (for example - whether systems allow connections through those ports).






12. Monitoring of telephone or Internet conversations - typically by covert means.






13. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.






14. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.






15. Black box test






16. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






17. Injecting traffic into the network to identify the operating system of a device.






18. Security measures - such as a locked door - perimeter fence - or security guard - to prevent or deter physical access to a facility - resource - or information stored on physical media.






19. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






20. Access by information systems (or users) communicating from outside the information system security perimeter.






21. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






22. An Internet routing protocol used to exchange routing information within an autonomous system.






23. An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.






24. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






25. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






26. A nonnumerical - subjective risk evaluation. Used with qualitative assessment (an evaluation of risk that results in ratings of none - low - medium - and high for the probability.)






27. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






28. nmap all output






29. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






30. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






31. The change or growth of a project's scope






32. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.






33. The ability to trace actions performed on a system to a specific user or system entity.






34. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






35. A utility that traces a packet from your computer to an Internet host - showing how many hops the packet takes to reach the host and how long the packet requires to complete the hop.






36. A systematic process for the assessment of security vulnerabilities.






37. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.






38. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






39. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






40. LM Hash for short passwords (under 7)






41. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






42. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






43. Port 53






44. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






45. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






46. A NAT method in which multiple internal hosts - using private IP addressing - can be mapped through a single public IP address using the session IDs and port numbers. An internal global IP address can support in excess of 65 -000 concurrent TCP and U






47. A protocol defining packets that are able to be routed by a router.






48. Network Scanning






49. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






50. Xmas Tree scan