Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The conveying of official access or legal power to a person or entity.






2. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






3. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






4. The basis of this kind of security is that an individual user - or program operating on the user's behalf - is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the use






5. Window Scan






6. The concept of having more than one person required to complete a task






7. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






8. Nmap ml output






9. A computer process that requests a service from another computer and accepts the server's responses.






10. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






11. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






12. A self-replicating - self-propagating - self-contained program that uses networking mechanisms to spread itself.






13. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






14. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






15. Baseband LAN specification developed by Xerox Corporation - Intel - and Digital Equipment Corporation. One of the least expensive - most widely deployed networking standards; uses the CSMA/CD method of media access control.






16. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






17. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






18. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






19. A nonroutable IP address range intended for use only within the confines of a single organization - falling within the predefined ranges of 10.0.0.0 - 172.16-31.0.0 - or 192.168.0.0.






20. Two or more LANs connected by a high-speed line across a large geographical area.






21. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






22. The steps taken to gather evidence and information on the targets you wish to attack.






23. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






24. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






25. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






26. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






27. The act or actions of a hacker to put forward a cause or a political agenda - to affect some societal change - or to shed light on something he feels to be political injustice. These activities are usually illegal in nature.






28. As an identification device becomes more sensitive or accurate - its FAR decreases while its FRR increases. The CER is the point at which these two rates are equal - or cross over.






29. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






30. An evaluation consisting of a document review - interviews - and demonstrations. No hands-on testing is performed.






31. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






32. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






33. Policy stating what users of a system can and cannot do with the organization's assets.






34. Freely and readily available information on an organization that can be gathered by a business entity about its competitor's customers - products - and marketing - and can be used by an attacker to build useful information for further attacks.






35. Polymorphic Virus






36. Recording the time - normally in a log file - when an event happens or when information is created or modified.






37. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






38. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






39. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






40. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






41. A command used in HTTP and FTP to retrieve a file from a server.






42. Hex 12






43. An Internet routing protocol used to exchange routing information within an autonomous system.






44. A communications protocol used for browsing the Internet.






45. Describes practices in production and development that promote access to the end product's source materials.






46. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






47. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.






48. An attack that combines a brute-force attack with a dictionary attack.






49. The potential for damage to or loss of an IT asset






50. Metamorphic Virus