Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A device providing temporary - on-demand - point-to-point network access to users.






2. Using conversation or some other interaction between people to gather useful information.






3. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






4. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






5. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can






6. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






7. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






8. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






9. Describes practices in production and development that promote access to the end product's source materials.






10. The secret portion of an asymmetric key pair typically used to decrypt or digitally sign data. The private key is never shared and is always used for decryption - with one notable exception: The private key is used to encrypt the digital signature.






11. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






12. The act of dialing all numbers within an organization to discover open modems.






13. A brand name of analog scrambling and de-scrambling equipment for cable and satellite television - invented primarily to keep consumer Television receive-only (TVRO) satellite equipment from receiving TV programming except on a subscription basis.






14. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.






15. Ping Scan






16. A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware.






17. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






18. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






19. ICMP Netmask






20. A section or subset of the network. Often a router or other routing device provides the end point of the segment.






21. Port 161/162






22. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






23. Microsoft SID 500






24. The process of embedding information into a digital signal in a way that makes it difficult to remove.






25. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






26. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






27. Idlescan






28. Name given to expert groups that handle computer security incidents.






29. Wrapper or Binder






30. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






31. RPC Scan






32. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






33. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






34. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






35. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






36. A protocol for transporting data packets across a packet switched internetwork (such as the Internet). IP is a routed protocol.






37. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






38. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.






39. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






40. A storage buffer that transparently stores data so future requests for the same data can be served faster.






41. A documented process for a procedure designed to be consistent - repeatable - and accountable.






42. A number assigned during TCP startup sessions that tracks how much information has been moved. This number is used by hackers when hijacking sessions.






43. Controlling access to a network by analyzing the headers of incoming and outgoing packets - and letting them pass or discarding them based on rule sets created by a network administrator. A packet filter allows or denies packets based on destination






44. nmap






45. An attack where the hacker positions himself between the client and the server - to intercept (and sometimes alter) data traveling between the two.






46. Establish Null Session






47. The change or growth of a project's scope






48. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.






49. A protocol that allows a client computer to request services from a server and the server to return the results.






50. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.