Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






2. Microsoft SID 500






3. A defined measure of service within a network system






4. Also known as a digital certificate - this is an electronic file used to verify a user's identity - providing non-repudiation throughout the system It is also a set of data that uniquely identifies an entity. Certificates contain the entity's public






5. ACK Scan






6. The lack of clocking (imposed time ordering) on a bit stream.






7. Black box test






8. An electronic version of junk mail. Unsolicited commercial e-mail sent to numerous recipients.






9. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






10. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






11. Literally - 'not balanced or the same.' In computing - asymmetric refers to a difference in networking speeds upstream to downstream. In cryptography - it's the use of more than one key for encryption/authentication purposes.






12. Any item of value or worth to an organization - whether physical or virtual.






13. White box test






14. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.






15. An Application layer protocol for managing devices on an IP network.






16. A point-to-point connection between two endpoints created to exchangedata. Typically a tunnel is either an encrypted connection - or a connection using a protocol in a method for which it was not designed. An encrypted connection forms a point-to-poi






17. A self-replicating malicious program that attempts installation beneath antivirus software by directly intercepting the interrupt handlers of the operating system to evade detection.






18. A physical security attack where the attacker sifts through garbage and recycle bins for information that may be useful on current and future attacks






19. FTP Bounce Attack






20. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






21. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






22. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






23. An unknown deficiency in software or some other product that results in a security vulnerability being identified.






24. The process of using easily accessible DNS records to map a target network's internal hosts.






25. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and protective measu






26. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






27. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






28. Computer software or hardware that can intercept and log traffic passing over a digital network.






29. Nmap grepable output






30. The process of recording activity on a system for monitoring and later review.






31. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






32. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






33. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






34. Also known as the dot-dot-slash attack. Using directory traversal - the attacker attempts to access restricted directories and execute commands outside intended web server directories by using the URL to redirect to an unintended folder location.






35. ICMP Type/Code 11






36. An informed decision to accept the potential for damage to or loss of an IT asset.






37. Hex 14






38. A configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it






39. A trusted entity that issues and revokes public key certificates. In a network - a CA is a trusted entity that issues - manages - and revokes security credentials and public keys for message encryption and/or authentication. Within a public key infra






40. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






41. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






42. LM Hash for short passwords (under 7)






43. Paranoid scan timing






44. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






45. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






46. Directory Transversal






47. Aggressive scan timing






48. Sneaky scan timing






49. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.






50. A software or hardware application or device that captures user keystrokes.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests