Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Phases of an attack






2. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






3. White hat






4. A step-by-step method of solving a problem. In computing security - an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption






5. A string that represents the location of a web resource






6. The conveying of official access or legal power to a person or entity.






7. An attack technique that tricks your DNS server into believing it has received authentic information when - in reality - it has been provided fraudulent data. DNS cache poisoning affects user traffic by sending it to erroneous or malicious end points






8. The process of transforming ciphertext into plaintext through the use of a cryptographic algorithm.






9. Name given to expert groups that handle computer security incidents.






10. The result of using a private key to encrypt a hash value for identification purposes within a PKI system. The signature can be decoded by the originator's public key - verifying his identity and providing non-repudiation. A valid digital signature g






11. All measures and techniques taken to gather information about an intended target. Footprinting can be passive or active.






12. Formerly Redundant Array of Inexpensive Disks; a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit - where data is distributed acr






13. Another term for firewalking






14. An evaluation consisting of a document review - interviews - and demonstrations - as well as vulnerability scans and hands-on testing.






15. Aggressive scan timing






16. A formal set of rules describing data transmission - especially across a network. A protocol determines the type of error checking - the data compression method - how the sending device will indicate completion - how the receiving device will indicat






17. The art and science of creating a covert message or image within another message - image - audio - or video file.






18. A method of evaluating the security of a computer system or network by simulating an attack from a malicious source.






19. A file system used by the Mac OS.






20. nmap






21. A term representing the responsibility managers and their organizations have to provide information security to ensure the type of control - the cost of control - and the deployment of control are appropriate for the system being managed.






22. A command that instructs the system processor to do nothing. Many overflow attacks involve stringing several NOP operations together (known as a NOP sled).






23. A connection-oriented - layer 4 protocol for transporting data over network segments. TCP is considered reliable because it guarantees delivery and the proper reordering of transmitted packets. This protocol is used for most long-haul traffic on the






24. A program designed to execute at a specific time to release malicious code onto the computer system or network.






25. A small Trojan program that listens on port 777.






26. A routing protocol developed to be used within a single organization.






27. The lack of clocking (imposed time ordering) on a bit stream.






28. A network system of servers that translates numeric Internet Protocol (IP) addresses into human-friendly - hierarchical Internet addresses - and vice versa.






29. A Unix-like computer operating system descending from the BSD. Open-BSD includes a number of security features absent or optional in other operating systems.






30. MAC Flooding






31. Ports 20/21






32. Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts - both successful and unsuccessful.






33. The ability to trace actions performed on a system to a specific user or system entity.






34. An attack with the goal of preventing authorized users from accessing services and preventing the normal operation of computers and networks.






35. The contents of a packet. A system attack requires the attacker to deliver a malicious payload that is acted upon and executed by the system.






36. A device on a network.






37. IP Protocol Scan






38. The monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO






39. Looking over an authorized user's shoulder in order to steal information (such as authentication information).






40. The Security Accounts Manager file in Windows stores all the password hashes for the system.






41. An HTTP command to transmit text to a web server for processing. The opposite of an HTTP GET.






42. An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequence numbers to take over the channel.






43. A software license agreement; a contract between the 'licensor' and purchaser establishing the right to use the software.






44. A denial-of-service technique that uses numerous hosts to perform the attack.






45. Actions - devices - procedures - techniques - or other measures intended to reduce the vulnerability of an information system.






46. ICMP Timestamp






47. The default network authentication suite of protocols for Windows NT 4.0






48. A distance-vector routing protocol that employs the hop count as a routing metric. The 'hold down time -' used to define how long a route is held in memory - is 180 seconds. RIP prevents routing loops by implementing a limit on the number of hops all






49. A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network.






50. A virus that plants itself in a system's boot sector and infects the master boot record.