Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A method of external testing whereby several systems or resources are used together to effect an attack.






2. A fully operational off-site data-processing facility equipped with hardware and system software to be used in the event of a disaster.






3. A comparison metric for different biometric devices and technologies; the point at which the false acceptance rate (FAR) equals the






4. An Internet routing protocol used to exchange routing information within an autonomous system.






5. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.






6. A unique numerical string - created by a hashing algorithm on a given piece of data - used to verify data integrity. Generally hashes are used to verify the integrity of files after download (comparison to the hash value on the site before download)






7. A computer network confined to a relatively small area - such as a single building or campus - in which devices connect through high-frequency radio waves using IEEE standard 802.11.






8. A method for detecting malicious code on a computer where the files are compared to signatures of known viruses stored in a database.






9. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






10. Port 22






11. An anonymous connection to an administrative share (IPC$) on a Windows machine. Null sessions allow for enumeration of Windows machines - among other attacks.






12. A systematic process for the assessment of security vulnerabilities.






13. An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel.






14. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






15. Computer software or hardware that can intercept and log traffic passing over a digital network.






16. The default network authentication suite of protocols for Windows NT 4.0






17. A standard for encrypting e-mail - web pages - and other stream-oriented information transmitted over the Internet.






18. A record showing which user has accessed a given resource and what operations the user performed during a given period.






19. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






20. Evaluation in which testers attempt to penetrate the network.






21. An attacker who breaks into computer systems with malicious intent - without the owner's knowledge or permission.






22. Port 137/138/139






23. A file system used by the Mac OS.






24. Shifting responsibility from one party to another






25. Nmap ml output






26. A free - open source version of the Berkeley Software Distribution of Unix - often used in embedded systems.






27. Hex 10






28. nmap all output






29. One or more locations from which control is exercised over a computer - television broadcast - or telecommunications network.






30. An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption.






31. An Application layer protocol used primarily by Microsoft Windows to provide shared access to printers - files - and serial ports. It also provides an authenticated interprocess communication mechanism.






32. Wrapper or Binder






33. RPC Scan






34. Calculations of two components of risk: R - the magnitude of the potential loss (L) - and the probability - p - that the loss will occur.






35. Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed.






36. A condition that occurs when more data is written to a buffer than it has space to store - and results in data corruption or other system errors. This is usually due to insufficient bounds checking - a bug - or improper configuration in the program c






37. A symmetric key cipher where plaintext bits are combined with a pseudo-random cipher bit stream (keystream) - typically by an exclusive-or (XOR) operation. In a stream cipher the plaintext digits are encrypted one at a time - and the transformation o






38. The security property that data is not modified in an unauthorized and undetected manner. Also - the principle and measures taken to ensure that data received is in the exact same condition and state as when it was originally transmitted.






39. Whether purposeful or the result of malware or other attack - a backdoor is a hidden capability in a system or program for bypassing normal computer authentication systems.






40. A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet; widely used on e-commerce - banking - and other sites requiring privacy.






41. A technology where you advertise one IP address externally and data packets are rerouted to the appropriate IP address inside your network by a device providing translation services. In this way - IP addresses of machines on your internal network are






42. The cyclical practice of identifying - classifying - remediating - and mitigating vulnerabilities.






43. The process of pinging each address within a subnet to map potential targets. Ping sweeps are unreliable and easily detectable - but very fast.






44. A utility that sends an ICMP Echo message to determine if a specific IP address is accessible; if the message receives a reply - the address is reachable.






45. Port 110






46. ex 02






47. The process of using easily accessible DNS records to map a target network's internal hosts.






48. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






49. Controls internal to a system designed to resolve vulnerabilities and errors soon after they arise.






50. The change or growth of a project's scope







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests