Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






2. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






3. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






4. Directory Transversal






5. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






6. A protocol that allows a client computer to request services from a server and the server to return the results.






7. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






8. Port 23






9. A business - government agency - or educational institution that provides access to the Internet.






10. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






11. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






12. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






13. Hex 14






14. Provides router-to-router or host-to-network connections over asynchronous and synchronous circuits.






15. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






16. A background process found in Unix - Linux - Solaris - and other Unix-based operating systems.






17. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






18. The act of searching for Wi-Fi wireless networks by a person in a moving vehicle - using a portable device.






19. The default network authentication suite of protocols for Windows NT 4.0






20. A type of encryption where the same key is used to encrypt and decrypt the message.






21. A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to reorder - delete - insert - or read information.






22. CAN-SPAM






23. A documented process for a procedure designed to be consistent - repeatable - and accountable.






24. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






25. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






26. The process of sending a packet or frame toward the destination. In a switch - messages are forwarded only to the port they are addressed to.






27. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






28. A measurable - physical characteristic used to recognize the identity - or verify the claimed identity - of an applicant. Facial images - fingerprints - and handwriting samples are all examples of biometrics.






29. A device providing temporary - on-demand - point-to-point network access to users.






30. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






31. Microsoft SID 500






32. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






33. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






34. Content Addressable Memory table. Holds all the MAC-address-to-port mappings on a switch.






35. The software product or system that is the subject of an evaluation.






36. Nmap normal output






37. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






38. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






39. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






40. Malware designed to install some sort of virus - backdoor - and so on - on a target system.






41. A device on a network.






42. Formal description and evaluation of the vulnerabilities in an information system






43. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






44. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






45. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






46. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






47. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






48. Port 389






49. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.






50. In penetration testing - enumeration is the act of querying a device or network segment thoroughly and systematically for information.