Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






2. Hex 12






3. A virus written in a macro language and usually embedded in document or spreadsheet files.






4. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






5. Access by information systems (or users) communicating from outside the information system security perimeter.






6. nmap






7. An attack where the hacker manipulates parameters within the URL string in hopes of modifying data.






8. Any network incident that prompts some kind of log entry or other notification.






9. Attacks on the actual programming code of an application.






10. Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or eight-digit hexadecimal number.






11. A suite of protocols used for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. This suite includes protocols for establishing mutual authentication between agents at the sessio






12. Version Detection Scan






13. nmap






14. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






15. A piece of code intentionally inserted into a software system that will perform a malicious function when specified conditions are met at some future point.






16. Used for exchanging structured information - such as XML-based messages - in the implementation of web services






17. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






18. A malicious computer program with self-replication capabilities that attaches to another file and moves with the host from one computer to another.






19. 18 U.S.C. 1030






20. Method used by antivirus software to detect new - unknown viruses that have not yet been identified; based on a piece-by-piece examination of a program - looking for a sequence or sequences of instructions that differentiate the virus from 'normal' p






21. Insane scan timing






22. Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients.






23. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






24. A protocol used for sending and receiving log information for nodes on a network.






25. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.






26. The public portion of an asymmetric key pair typically used to encrypt data or verify signatures. Public keys are shared and are used to encrypt messages.






27. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






28. A storage buffer that transparently stores data so future requests for the same data can be served faster.






29. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






30. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






31. TCP connect() scan






32. Process of breaking a packet into smaller units when it is being transmitted over a network medium that's unable to support a transmission unit the original size of the packet.






33. A proprietary - open - wireless technology used for transferring data from fixed and mobile devices over short distances.






34. Formal description and evaluation of the vulnerabilities in an information system






35. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






36. Idlescan






37. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






38. A TCP flag notifying an originating station that the preceding packet (or packets) has been received.






39. Black hat






40. The potential for damage to or loss of an IT asset






41. A structured set of criteria for evaluating computer security within products and systems produced by European countries; it has been largely replaced by the Common Criteria.






42. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






43. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






44. A situation in which an IDS or other sensor triggers on an event as an intrusion attempt - when it was actually legitimate traffic.






45. An Application layer protocol for managing devices on an IP network.






46. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






47. The change or growth of a project's scope






48. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






49. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






50. A set of rules defined to screen network packets based on source address - destination address - or protocol; these rules determine whether the packet will be forwarded or discarded.