Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Layer 2 of the OSI reference model. This layer provides reliable transit of data across a physical link. The Data Link layer is concerned with physical addressing - network topology - access to the network medium - error detection - sequential delive






2. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.






3. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






4. Port 135






5. A Canonical Name record within DNS - used to provide an alias for a domain name.






6. A biometric device that uses pattern-recognition techniques based on images of the irises of an individual's eyes.






7. A remote control program in which the client runs on a local computer and connects to a remote server on a network. Commands entered locally are executed on the remote system.






8. A documented process for a procedure designed to be consistent - repeatable - and accountable.






9. Phases of an attack






10. Set of tools (applications or code) that enables administrator-level accessto a computer or computer network and is designed to obscure the fact that the system has been compromised. Rootkits are dangerous malware entities that provide administrator






11. LM Hash for short passwords (under 7)






12. The act of secretly listening to the private conversations of others without their consent. This can also be done over telephone lines (wiretapping) - e-mail - instant messaging - and other methods of communication considered private






13. A hybrid of the HTTP and SSL/TLS protocols that provides encrypted communication and secure identification of a web server.






14. Recording the time - normally in a log file - when an event happens or when information is created or modified.






15. A decision to reduce the potential for damage to or loss of an IT asset by taking some type of action






16. A document describing information security guidelines - policies - procedures - and standards.






17. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






18. Directing a protocol from one port to another.






19. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






20. A fully qualified domain name consists of a host and domain name - including a top-level domain such as .com - .net - .mil - .edu -and so on.






21. Terminal Access Controller Access-Control System. A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks.






22. Port 53






23. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






24. Any item of value or worth to an organization - whether physical or virtual.






25. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






26. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






27. FTP Bounce Attack






28. An organized collection of data.






29. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






30. Aggressive scan timing






31. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






32. ICMP Timestamp






33. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






34. Occurs when authorized users accumulate excess privileges on a system due to moving from position to position.






35. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






36. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






37. The steps taken to gather evidence and information on the targets you wish to attack.






38. A network architecture framework developed by ISO that describes the communications process between two systems across the Internet in seven distinct layers.






39. An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.






40. Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.






41. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






42. An attack in which the hacker can derive information from the ciphertext without actually decoding it. Sensitive information can be considered compromised if an adversary can infer its real value with a high level of confidence.






43. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






44. Layer 6 of the OSI reference model. The Presentation layer ensures information sent by the Application layer of the sending system will be readable by the Application layer of the receiving system.






45. The process of determining if a network entity (user or service) is legitimate






46. Two or more LANs connected by a high-speed line across a large geographical area.






47. Used to find the domain name associated with an IP address; the opposite of a DNS lookup.






48. A cyber attacker who acts without permission from - and gives prior notice to - the resource owner. Also known as a malicious hacker.






49. Self-contained network with a limited number of participants who extend limited trust to one another in order to accomplish an agreed-upon goal.






50. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is