Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An announcement - typically from a software vendor - of a known security vulnerability in a program; often the bulletin contains instructions for the application of a software patch.






2. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






3. Confidentiality - Integrity - and Availability are the three aspects of security and make up the triangle.






4. A social-engineering effort in which the attacker pretends to be an employee - a valid user - or even an executive to elicit information or access.






5. Activities to determine the extent to which a security control is implemented correctly - operating as intended - and producing the desired outcome with respect to meeting the security requirements for the system.






6. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






7. Software or hardware components that restrict access between a protected network and the Internet - or between other sets of networks - to block unwanted use or attacks.






8. An Application layer protocol for sending electronic mail between servers.






9. Traffic-passing technique used by bridges and switches in which traffic received on an interface is sent out all interfaces on the device except the interface on which the information was originally received. Traffic on a switch is flooded when it is






10. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






11. UDP Scan






12. TCP SYN Scan






13. The central part of a computer or communications system hardware firmware - and software that implements the basic security procedures for controlling access to system resources.






14. Establish Null Session






15. A communications path - such as the Internet - authorized for data transmission within a computer system or network.






16. A firewall evasion technique whereby packets are wrapped in HTTP - as a covert channel to the target.






17. A communications channel that is being used for a purpose it was not intended for - usually to transfer information secretly.






18. A symmetric - block-cipher data-encryption standard that uses a variablelength key that can range from 32 bits to 448 bits.






19. A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify network layer connectivity between hosts.






20. A wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator - or has been created to allow a hacker to conduct a man-in-the-middle attack.






21. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






22. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.






23. The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network. Occurs at layer 2 of the OSI reference model.






24. A set of related communications protocols operating together as a group to address communication at some or all of the seven layers of the OSI reference model.






25. Any kind of connection that allows you to see all traffic passing by. Generally used in reference to a NIDS (network-based IDS) to monitor all traffic.






26. A programming principle whereby the last piece of data added to the stack is the first piece of data taken off.






27. A method of falsely identifying the source of data packets; often used by hackers to make it difficult to trace where an attack originated.






28. A Windows-based GUI version of nmap.






29. The software product or system that is the subject of an evaluation.






30. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






31. Wireless LAN standards created by IEEE. 802.11a runs at up to 54Mbps at 5GHz - 802.11b runs at 11Mbps at 2.4GHz - 802.11g runs at 54Mbps at 2.4GHz - and 802.11n can run upwards of 150MBps.






32. A networking configuration where all nodes are connected in a circle with no terminated ends on the cable.






33. Phases of an attack






34. IP Protocol Scan






35. When an authorized person allows (intentionally or unintentionally) someone to pass through a secure door - despite the fact that the intruder does not have a badge.






36. A security objective that ensures a resource can be accessed only by authorized users. This is also the property that sensitive information is not disclosed to unauthorized individuals - entities - or processes.






37. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






38. Attacks that take advantage of the built-in code and scripts most off-the-shelf applications come with.






39. A software or hardware defect that often results in system vulnerabilities.






40. Unauthorized access to information such as a calendar - contact list - e-mails - and text messages on a wireless device through a Bluetooth connection.






41. An organized collection of data.






42. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






43. The science or study of protecting information - whether in transit or at rest - by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.






44. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






45. A mathematical operation requiring two binary inputs: If the inputs match - the output is a 0 - otherwise it is a 1.






46. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






47. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






48. A card with a built-in microprocessor and memory used for identification or financial transactions. The card transfers data to and from a central computer when inserted into a reader.






49. Any circumstance or event with the potential to adversely impact organizationaloperations - organizational assets - or individuals through an information system via unauthorized access - destruction - disclosure - modification of information - and/or






50. In penetration testing - this is a method of testing the security of a system or subnet without any previous knowledge of the device or network. Designed to simulate an attack by an outside intruder (usually from the Internet).