Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






2. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






3. Hex 10






4. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






5. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






6. nmap






7. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman






8. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






9. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.






10. A device set up to send a response on behalf of an end node to the requesting host. Proxies are generally used to obfuscate the host from the Internet.






11. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






12. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






13. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






14. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks






15. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






16. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






17. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






18. An Application layer protocol for sending electronic mail between servers.






19. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






20. A connectionless - layer 4 transport protocol. UDP is faster than TCP - but offers no reliability. A best effort is made to deliver the data - but no checks and verifications are performed to guarantee delivery. Therefore - UDP is termed a 'connectio






21. Black box test






22. Port 110






23. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






24. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






25. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.






26. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






27. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






28. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






29. The conveying of official access or legal power to a person or entity.






30. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






31. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






32. Hex 04






33. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






34. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






35. A storage buffer that transparently stores data so future requests for the same data can be served faster.






36. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






37. A command used in HTTP and FTP to retrieve a file from a server.






38. The process of a system providing a fully qualified domain name (FQDN) to a local name server - for resolution to its corresponding IP address.






39. An Application layer protocol - using TCP - for transporting files across an Internet connection. FTP transmits in clear text.






40. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






41. FTP Bounce Attack






42. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






43. A file system used by the Mac OS.






44. Shifting responsibility from one party to another






45. FIN Scan






46. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.






47. An inspection of a place where a company or individual proposes to work - to gather the necessary information for a design or risk assessment.






48. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






49. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






50. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.