Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security identifier. The method by which Windows identifies user - group - and computer accounts for rights and permissions.






2. A unique hostname that is used to identify resources on the Internet. Domain names start with a root (.) - then add a top level (.com - .gov - or .mil - for example) - and a given name space.






3. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






4. An organization composed of engineers - scientists - and students who issue standards related to electrical - electronic - and computer engineering.






5. Also known as a public key certificate - this is an electronic file that is used to verify a user's identity - providing non-repudiation throughout the sys-tem. Certificates contain the entity's public key - serial number - version - subject - algori






6. The monetary value assigned to an IT asset.






7. A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource - such as a domain name - an IP address - or an autonomous system.






8. A computer network confined to a relatively small area - such as a single building or campus.






9. Sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones - PDAs - or laptop computers.






10. An approach to restricting system access to authorized users in which roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned par






11. A software or hardware application or device that captures user keystrokes.






12. A set of exclusive rights granted by the law of a jurisdiction to the author or creator of an original work - including the right to copy - distribute - and adapt the work.






13. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all






14. The means by which a recipient of a message can ensure the identity of the sender and that neither party can deny having sent or received the message. The most common method is through digital certificates.






15. Directory Transversal






16. The default network authentication suite of protocols for Windows NT 4.0






17. A well-known and studied phenomenon of human nature - whereby a single trait influences the perception of other traits.






18. A three-step process computers execute to negotiate a connection with one another. The three steps are SYN - SYN/ACK - ACK.






19. A method in cryptography by which cryptographic keys are exchanged between users - allowing use of a cryptographic algorithm (for example - the Diffie-Hellman key exchange).






20. Port 389






21. A series of documents and notes on standards used or proposed for use on the Internet; each is identified by a number.






22. A piece of software - provided by the vendor - intended to update or fix known - discovered problems in a computer program or its supporting data.






23. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






24. Nmap ml output






25. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






26. An organization's threshold for the seven areas of information security responsibility. This level is established based on the objectives for maintaining confidentiality - integrity - and availability of the organization's IT assets and infrastructur






27. The act of checking some sequence of tokens for the presence of the constituents of some pattern.






28. A simple PPP authentication mechanism in which the user name and password are transmitted in clear text to prove identity. PAP compares the user name and password to a table listing authorized users.






29. Idlescan






30. An API that provides services related to the OSI model's Session layer - allowing applications on separate computers to communicate over a LAN.






31. Start of Authority record. This record identifies the primary name server for the zone. The SOA record contains the host name of the server responsible for all DNS records within the namespace - as well as the basic properties of the domain.






32. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






33. The set of all hardware - firmware - and/or software components critical to IT security. Bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.






34. Any network incident that prompts some kind of log entry or other notification.






35. An attack against an authentication protocol in which the attacker intercepts data in transit along the network between the claimant and verifier - but does not alter the data (in other words - eavesdropping).






36. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






37. In a classful IPv4 subnet - this is the network number with all binary 0s in the subnet part of the number. When written in decimal - the zero subnet has the same number as the classful network number.






38. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






39. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






40. A documented process for a procedure designed to be consistent - repeatable - and accountable.






41. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






42. CAN-SPAM






43. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).






44. The steps taken to gather evidence and information on the targets you wish to attack.






45. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






46. A one-way mathematical function that generates a fixedlength numerical string (hash) from a given data input. MD5 and SHA-1 are hashing algorithms.






47. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






48. Policy stating what users of a system can and cannot do with the organization's assets.






49. In regard to hash algorithms - this occurs when two or more distinct inputs produce the same output.






50. A derogatory term used to describe an attacker - usually new to the field - who uses simple - easy-to-follow scripts or programs developed by others to attack computer systems and networks and deface websites.