Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A social-engineering attack using computer resources - such as e-mail or IRC.






2. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






3. A network administration command-line tool available for many operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mappings or any other specific DNS record.






4. Vulnerability Scanning






5. A virus designed to infect the master boot record.






6. Hex 10






7. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






8. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






9. ICMP Type/Code 8






10. A storage buffer that transparently stores data so future requests for the same data can be served faster.






11. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






12. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






13. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






14. A point of reference used to mark an initial state in order to manage change.






15. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






16. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






17. A nontechnical method of hacking. Social engineering is the art of manipulating people - whether in person (human-based) or via computing methods (computer-based) - into providing sensitive information.






18. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






19. An early network application that provides information on users currently logged on to a machine.






20. An extensible mechanism for e-mail. A variety of MIME types exist for sending content such as audio - binary - or video using the Simple Mail Transfer Protocol (SMTP).






21. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






22. Network Scanning






23. Part of a service contract where the level of service is formally defined; may be required as part of the initial pen test agreements.






24. A device that receives and sends data packets between two or more networks; the packet headers and a forwarding table provide the router with the information necessary for deciding which interface to use to forward packets.






25. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






26. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






27. Manipulating a search string with additional specific operators to search for vulnerabilities or very specific information.






28. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman






29. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






30. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






31. LM Hash for short passwords (under 7)






32. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






33. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






34. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






35. A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets






36. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






37. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.






38. The combination of all IT assets - resources - components - and systems.






39. A command used in HTTP and FTP to retrieve a file from a server.






40. An organized collection of data.






41. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






42. A wireless networking mode where all clients connect to the wireless network through a central access point.






43. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






44. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






45. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






46. A document describing information security guidelines - policies - procedures - and standards.






47. An encryption standard designed by Joan Daemen and Vincent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES).






48. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






49. A device that provides access between two or more networks. Gateways are typically used to connect dissimilar networks.






50. The process of systematically testing each port on a firewall to map rules and determine accessible ports.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests