Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Microsoft SID 500






2. Black box test






3. List Scan






4. A type of malware that covertly collects information about a user.






5. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.






6. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






7. CAN-SPAM






8. A computer network confined to a relatively small area - such as a single building or campus.






9. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






10. A text file stored within a browser by a web server that maintains information about the connection. Cookies are used to store information to maintain a unique but consistent surfing experience - but can also contain authentication parameters. Cookie






11. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.






12. Another term for firewalking






13. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






14. Nmap normal output






15. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






16. Aggressive scan timing






17. ICMP Netmask






18. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






19. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






20. Nmap ml output






21. Normal scan timing






22. Insane scan timing






23. Policy stating what users of a system can and cannot do with the organization's assets.






24. Version Detection Scan






25. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).






26. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






27. ICMP Timestamp






28. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






29. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






30. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






31. A group of people - gathered together by a business entity - working to address a specific problem or goal.






32. An Application layer protocol for sending electronic mail between servers.






33. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






34. The condition of a resource being ready for use and accessible by authorized users.






35. Port 389






36. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






37. Name given to expert groups that handle computer security incidents.






38. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






39. An adapter that provides the physical connection to send and receive data between the computer and the network media.






40. A computer placed outside a firewall to provide public services to other Internet sites - and hardened to resist external attacks.






41. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






42. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






43. A tool that helps a company to compare its actual performance with its potential performance.






44. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






45. ICMP Type/Code 3-13






46. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






47. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






48. An authentication method on point-to-point links - using a three-way handshake and a mutually agreed-upon key.






49. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






50. The change or growth of a project's scope