Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Layer 7 of the OSI reference model. The Application layer provides services to applications - which allow them access to the network. Protocols such as FTP and SMTP reside here.






2. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






3. Window Scan






4. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






5. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






6. A data encryption/decryption program often used for e-mail and file storage.






7. A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects.






8. Describes practices in production and development that promote access to the end product's source materials.






9. Devices - connected to one or more switches - grouped logically into a single broadcast domain. VLANs enable administrators to divide the devices connected to the switches into multiple VLANs without requiring separate physical switches.






10. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






11. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.






12. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






13. Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This connection enables the computer to configure - query - and troubleshoot the router/switch by use of a terminal emulator and a comman






14. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






15. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






16. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






17. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






18. Xmas Tree scan






19. The combination of all IT assets - resources - components - and systems.






20. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






21. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






22. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






23. Polymorphic Virus






24. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






25. A free and popular version of the Unix operating system.






26. A program designed to browse websites in an automated - methodical manner. Sometimes these programs are used to harvest information from websites - such as e-mail addresses.






27. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






28. A device or service designed to obfuscate traffic between a client and the Internet. Generally used to make activity on the Internet as untraceable as possible.






29. The art and science of creating a covert message or image within another message - image - audio - or video file.






30. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).






31. Insane scan timing






32. A tool that helps a company to compare its actual performance with its potential performance.






33. The level of importance assigned to an IT asset






34. 1. The path a packet travels to reach the intended destination. Each individual device along the path traveled is called a hop. 2. Information contained on a device containing instructions for reaching other nodes on the network. This information can






35. Directing a protocol from one port to another.






36. CAN-SPAM






37. Port 23






38. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






39. An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users.






40. Software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality - integrity - or availability of an information system. A virus - worm - Trojan horse - or other code-based entity that infects a






41. An Application layer protocol for sending electronic mail between servers.






42. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






43. LM Hash for short passwords (under 7)






44. Drawing symbols in public places to alert others to an open Wi-Fi network. War chalking can include the SSIDs - administrative passwords to APs - and other information.






45. A type of encryption where the same key is used to encrypt and decrypt the message.






46. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






47. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






48. ICMP Ping






49. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






50. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.