Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Port 31337






2. The monetary value assigned to an IT asset.






3. A hacking method for stealing the cookies used during a session build and replaying them for unauthorized connection purposes.






4. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






5. A command used in HTTP and FTP to retrieve a file from a server.






6. A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (that is - clearance) of users to access information of such sensi






7. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






8. Recording the time - normally in a log file - when an event happens or when information is created or modified.






9. The Security Accounts Manager file in Windows stores all the password hashes for the system.






10. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






11. The rate at which a biometric system will incorrectly identify an unauthorized individual and allow them access (see false negative).






12. Malicious code that uses a polymorphic engine to mutate while keeping the original algorithm intact; the code changes itself each time it runs - but the function of the code will not change.






13. A computer process that requests a service from another computer and accepts the server's responses.






14. Hex 10






15. Aggressive scan timing






16. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






17. The directory service created by Microsoft for use on itsnetworks. Provides a variety of network services using Lightweight Directory Access Protocol (LDAP) - Kerberos-based authentication - and single sign-on for user access to network-based resourc






18. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






19. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






20. A secret - typically consisting of only decimal digits - that a claimant memorizes and uses to authenticate his identity






21. A denial-of-service technique that uses numerous hosts to perform the attack.






22. A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. SSIDs are broadcast by default - and are sent in the header of every packet. SSIDs provide no encryption or security.






23. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






24. The steps taken to gather evidence and information on the targets you wish to attack.






25. A standard that provides best-practice recommendations on information security management for use by those responsible for initiating - implementing - or maintaining Information Security Management Systems (ISMS). Information security is defined with






26. A software program for remotely controlling a Microsoft Windows computer system over a network. Generally considered malware.






27. LAN standard - defined by ANSI X3T9.5 - specifying a 100Mbps token-passing network using fiber-optic cable and a dualring architecture for redundancy - with transmission distances of up to two kilometers.






28. Nmap grepable output






29. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






30. Weakness in an information system - system security procedures - internal controls - or implementation that could be exploited or triggered by a threat source.






31. Nmap normal output






32. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






33. Transmission using channels or frequencies outside those normally used for data transfer; often used for error reporting.






34. The rate at which a biometric system will incorrectly reject an access attempt by an authorized user.






35. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






36. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






37. A free and popular version of the Unix operating system.






38. MAC Flooding






39. A skilled hacker that straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain). Gray hats sometime perform illegal acts to exploit technology with the intent of achi






40. The change or growth of a project's scope






41. Independent review and examination of records and activities to assess the adequacy of system controls - to ensure compliance with established policies and operational procedures - and to recommend necessary changes.






42. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






43. A string used for authentication in SNMP. The public community string is used for read-only searches - whereas the private community string is used for read/write. Community strings are transmitted in clear text in SNMPv1. SNMPv3 provides encryption






44. Originally an extension of PPP - this is a protocol for authentication used within wireless networks. Works with multiple authentication measures.






45. The process of systematically testing each port on a firewall to map rules and determine accessible ports.






46. Monitoring of telephone or Internet conversations - typically by covert means.






47. A portion of memory used to temporarily store output or input data.






48. A VPN tunneling protocol with encryption. PPTP connects two nodes in a VPN by using one TCP port for negotiation and authentication and one IP protocol for data transfer.






49. Polymorphic Virus






50. Computer software or hardware that can intercept and log traffic passing over a digital network.