Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






2. A social-engineering attack that manipulates the victim into calling the attacker for help.






3. A backup facility with the electrical and physical components of a computer facility - but with no computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user has to move from his main






4. SYN Ping






5. A software or hardware application or device that captures user keystrokes.






6. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






7. ICMP Timestamp






8. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






9. An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform.






10. The steps taken to gather evidence and information on the targets you wish to attack.






11. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






12. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






13. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






14. A group of penetration testers that assess the security of an organization - which is often unaware of the existence of the team or the exact assignment.






15. 18 U.S.C. 1030






16. A type of attack used to deny service to legitimate users of a network resource by intentionally overloading the network with illegitimate TCP connection requests. SYN packets are sent repeatedly to the target - but the corresponding SYN/ACK response






17. A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded.






18. A social-engineering attack using computer resources - such as e-mail or IRC.






19. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






20. PI and PT Ping






21. The lack of clocking (imposed time ordering) on a bit stream.






22. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






23. Establish Null Session






24. A collection of historical records or the place where they are kept. In computing - an archive generally refers to backup copies of logs and/or data.






25. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






26. A method of external testing whereby several systems or resources are used together to effect an attack.






27. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






28. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






29. The monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as single loss expectancy (SLE) = asset value (AV)






30. Nmap grepable output






31. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






32. A stand-alone computer - kept off the network - that is used for scanning potentially malicious media or software.






33. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






34. Injecting traffic into the network to identify the operating system of a device.






35. A class of algorithms for cryptography that use the same cryptographic key for both decryption and encryption.






36. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.






37. CAN-SPAM






38. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






39. A limited-function version of the Internetworking Operating System (IOS) - held in read-only memory in some earlier models of Cisco devices - capable of performing several seldom-needed low-level functions such as loading a new IOS into Flash memory






40. nmap all output






41. An application that monitors a computer or network to identify - and prevent - malware. AV is usually signature-based - and can take multiple actions on defined malware files/activity.






42. List Scan






43. A program designed to execute at a specific time to release malicious code onto the computer system or network.






44. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






45. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






46. Access by information systems (or users) communicating from outside the information system security perimeter.






47. Nmap ml output






48. A form of fraud in which someone pretends to be someone else by assuming that person's identity - typically in order to access resources or obtain credit and other benefits in that person's name.






49. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






50. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).