Test your basic knowledge |

CEH: Certified Ethical Hacker

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An Internet routing protocol used to exchange routing information within an autonomous system.






2. A device providing temporary - on-demand - point-to-point network access to users.






3. White box test






4. A group of people - gathered together by a business entity - working to address a specific problem or goal.






5. A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP) - much like a point-to-point wired connection.






6. A system used by the Securities and Exchange Commission (SEC) for companies and businesses to transmit required filings and information. The EDGAR database performs automated collection - validation - indexing - acceptance - and forwarding of submiss






7. A program or piece of code inserted into a system - usually covertly - with the intent of compromising the confidentiality - integrity - or availability of the victim's data - applications - or operating system. Malware consists of viruses - worms -






8. An Application layer protocol used by local email clients to retrieve e-mail from a remote server over a TCP/IP connection.






9. A protocol defining packets that are able to be routed by a router.






10. Safeguards or countermeasures to avoid - counteract - or minimize security risks.






11. Nmap normal output






12. A method of defining what rights and permissions an entity has to a given resource. In networking - Access Control Lists are commonly associated with firewall and router traffic filtering rules.






13. A sublayer of layer 2 of the OSI model - the Data Link layer. It provides addressing and channel access control mechanisms that enable several terminals or network nodes to communicate within a multipoint network.






14. A security tool designed to protect a system or network against attacks by comparing traffic patterns against a list of both known attack signatures and general characteristics of how attacks may be carried out. Threats are rated and reported.






15. Cracking Tools






16. An information assurance strategy in which multiple layers of defense are placed throughout an Information Technology system.






17. A pen testing method where the attacker knows all information about the internal network. It is designed to simulate an attack by a disgruntled systems administrator - or similar level.






18. Phases of an attack






19. TCP SYN Scan






20. A protocol used to pass control and error messages between nodes on the Internet.






21. IP Protocol Scan






22. A widely used authentication protocol developed at the MassachusettsInstitute of Technology (MIT). Kerberos authentication uses tickets - Ticket Granting Service - and Key Distribution Center.






23. A non-self-replicating program that appears to have a useful purpose - but in reality has a different - malicious purpose.






24. Computer software or hardware that can intercept and log traffic passing over a digital network.






25. ICMP Type/Code 3






26. A set of hardware - software - people - policies - and procedures needed to create - manage - distribute - use - store - and revoke digital certificates.






27. A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses.






28. The subjective - potential percentage of loss to a specific asset if a specific threat is realized. The exposure factor (EF) is a subjective value the person assessing risk must define.






29. A type of malware that covertly collects information about a user.






30. A penetration test in which the ethical hacker has limited knowledge of the intended target(s). Designed to simulate an internal - but non-systemadministrator-level attack.






31. TCP Ping






32. A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN - providing wireless clients access to network resources.






33. Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks.






34. The act of using numerous electronic serial numbers on a cell phone until a valid number is located.






35. In computer security - this is an algorithm that uses separate keys for encryption and decryption.






36. The use of deceptive computer-based means to trick individuals into disclosing sensitive personal information






37. A term trademarked by the Wi-Fi Alliance - used to define a standard for devices to use to connect to a wireless network.






38. Port 389






39. A hacker who aims to bring down critical infrastructure for a 'cause' and does not worry about the penalties associated with his actions.






40. A value used to control cryptographic operations - such as decryption -encryption - signature generation - and signature verification.






41. Port 80/81/8080






42. A unit of information formatted according to specific protocols that allows precise transmittal of data from one network node to another. Also called a datagram or data packet - a packet contains a header (container) and a payload (contents). Any IP






43. A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone.






44. A computer system that performs tasks dictated by an attacker from a remote location. Zombies may be active or idle - and owners of the systems generally do not know their systems are compromised.






45. A technology that establishes a tunnel to create a private - dedicated - leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Companies commonly use VPNs to allow employees to connect securely






46. A storage buffer that transparently stores data so future requests for the same data can be served faster.






47. Defined in RFC 826 - ARP is a protocol used to map a known IP address to a physical (MAC) address.






48. FIN Scan






49. The act of dialing all numbers within an organization to discover open modems.






50. An enumeration technique used to provide information about a computer system; generally used for operating system identification (also known as fingerprinting).