CEH v10 Study Cards | Questions And Answers Latest {2024- 2025} A+ Graded | 100%
Verified
OSI layer! Name each and their PDU! - Application --> Data
Presentation --> Data
Session --> Data
Transport --> Segment
Network --> Packet
Data Link --> Frame
Physical --> Bit
What are the risk management phases identified by ECC? - 1. Risk Identification
2. Risk Assessment
3. Risk Treatment
4. Risk Tracking
5. Risk Review
Define ALE = SLE x ARO - Memorize --> Annualized Loss Expectancy = Single Loss Expectancy x Annual
Rate of Occurance
Define C.I.A. (triad) - Confidentiality
Integrity
Availability
Define TOE - Target of Evaluation --> what is being tested
Define ST - Security Target --> Documentation describing the TOE and security requirements
Define PP - Protection Profile --> Set of security requirements specifically for the type of product being
tested
, Define a script kiddie - uneducated in hacking techniques, uses freely available tools and techniques on
the internet
Define a phreaker - someone who manipulates telecommunications systems in order to make free calls
What is an application -level attack? - attacks on the actual programming and software logic of an
application.
What is a shrink-wrap code attack? - attacks that take advantage of the built-in code and scripts most
off-the-shelf applications come with
What are the ECC phases of Hacking? - 1. Reconnaissance
2. Scanning and Enumeration
3. Gaining Access
4. Maintaining Access
5. Covering Tracks
What is passive reconnaissance? - gathering information and evidence about a target without their
knowledge? (i.e. internet searches, dumpster diving)
What is active reconnaissance? - anything that puts your actions as a hacker closer to discovery. (i.e.
sending packets to a machine)
What is a SIEM? - Security Incident and Event Managment (system)
What is HIPAA? - Health Insurance Portability and Accountability Act --> addresses privacy standards
with regard to medical information
What is PCI-DSS? - Payment Card Industry Data Security Standard --> be familiar with requirements, this
is for anything that manages things like debit cards
Verified
OSI layer! Name each and their PDU! - Application --> Data
Presentation --> Data
Session --> Data
Transport --> Segment
Network --> Packet
Data Link --> Frame
Physical --> Bit
What are the risk management phases identified by ECC? - 1. Risk Identification
2. Risk Assessment
3. Risk Treatment
4. Risk Tracking
5. Risk Review
Define ALE = SLE x ARO - Memorize --> Annualized Loss Expectancy = Single Loss Expectancy x Annual
Rate of Occurance
Define C.I.A. (triad) - Confidentiality
Integrity
Availability
Define TOE - Target of Evaluation --> what is being tested
Define ST - Security Target --> Documentation describing the TOE and security requirements
Define PP - Protection Profile --> Set of security requirements specifically for the type of product being
tested
, Define a script kiddie - uneducated in hacking techniques, uses freely available tools and techniques on
the internet
Define a phreaker - someone who manipulates telecommunications systems in order to make free calls
What is an application -level attack? - attacks on the actual programming and software logic of an
application.
What is a shrink-wrap code attack? - attacks that take advantage of the built-in code and scripts most
off-the-shelf applications come with
What are the ECC phases of Hacking? - 1. Reconnaissance
2. Scanning and Enumeration
3. Gaining Access
4. Maintaining Access
5. Covering Tracks
What is passive reconnaissance? - gathering information and evidence about a target without their
knowledge? (i.e. internet searches, dumpster diving)
What is active reconnaissance? - anything that puts your actions as a hacker closer to discovery. (i.e.
sending packets to a machine)
What is a SIEM? - Security Incident and Event Managment (system)
What is HIPAA? - Health Insurance Portability and Accountability Act --> addresses privacy standards
with regard to medical information
What is PCI-DSS? - Payment Card Industry Data Security Standard --> be familiar with requirements, this
is for anything that manages things like debit cards
