CEH v10 vocabulary | Questions And Answers Latest {2024- 2025} A+ Graded | 100%
Verified
5 zone of ECC - Internet, Internet DMZ, Production Network Zone, Intranet Zone, Management Network
Zone
7 layers of OSI model - Application, Presentation, Session, Transport, Network, Data Link, and Physical
four layers of the TCP/IP stack - Application, Transport, Internet, and Network Access
TCP/IP Frame - Preamble, Start Frame Delimiter(SFD), Destination Address, Source Address,
Length/type, Data,Frame Check Sequence (FCS)
3-way Handshake - SYN, SYN/ACK, ACK
Security, Functionality and Usability - Level of security in any system can be defined by the strength of
three components.
Threat Modeling - a risk assessment approach for analyzing security of an application by capturing,
organizing, and analyzing all the information that affects the security of an application
Zero-day - An attack that exploits computer application vulnerabilities before the software developer
releases a patch for the vulnerability
Daisy-chaining - It involves gaining access to one network and/or computer and then using the same
information to gain access to multiple networks and computers that contain desirable information
bots - a software application that can be use to control systems remotely to execute or automate
predefined tasks. Hackers use this to carry out malicious activity over the Internet such as distributed
denial-of-service (DDoS) attacks, keylogging, spying, etc
, doxing - Publishing personally identifiable information about an individual collected from publicly
available databases and social media. People with malicious intent collect this information from publicly
accessible channels such as the databases, social media and the Internet
IRT - Incident Response Team
Risk Management - this includes identifying organizational assets, threats to those assets, asset
vulnerabilities, exploring countermeasures to put in place to minimize risk as much as possible
3 types of controls - preventative, detective, or corrective
BIA - Business Impact analysis
MTD - Maximum Tolerable downtime: a means to prioritze the recovery of assets should the worst
occur
BCP - The Business Continuity plan is a set of plans and procedures to follow in the event of a failure or a
disaster to get business services up and running
DRP - Addressing what to do to recover any lost data or services. Disaster recovery plan
ALE - Annualized loss expectancy is the product of the ARO(Annual rate of occurence) and the SLE(Single
loss expectancy). It is the monetary loss that can be expected for an asset due to risk over a one-year
period.
Security Triad - Confidentiality, Integrity, Availability
Confidentiality - addressing the secrecy and privacy of information, refers to the measures taken to
prevent disclosure of information or data to unauthorized users or systems: Passwords are a common
measure
attacks against these are confidentiality attacks
Verified
5 zone of ECC - Internet, Internet DMZ, Production Network Zone, Intranet Zone, Management Network
Zone
7 layers of OSI model - Application, Presentation, Session, Transport, Network, Data Link, and Physical
four layers of the TCP/IP stack - Application, Transport, Internet, and Network Access
TCP/IP Frame - Preamble, Start Frame Delimiter(SFD), Destination Address, Source Address,
Length/type, Data,Frame Check Sequence (FCS)
3-way Handshake - SYN, SYN/ACK, ACK
Security, Functionality and Usability - Level of security in any system can be defined by the strength of
three components.
Threat Modeling - a risk assessment approach for analyzing security of an application by capturing,
organizing, and analyzing all the information that affects the security of an application
Zero-day - An attack that exploits computer application vulnerabilities before the software developer
releases a patch for the vulnerability
Daisy-chaining - It involves gaining access to one network and/or computer and then using the same
information to gain access to multiple networks and computers that contain desirable information
bots - a software application that can be use to control systems remotely to execute or automate
predefined tasks. Hackers use this to carry out malicious activity over the Internet such as distributed
denial-of-service (DDoS) attacks, keylogging, spying, etc
, doxing - Publishing personally identifiable information about an individual collected from publicly
available databases and social media. People with malicious intent collect this information from publicly
accessible channels such as the databases, social media and the Internet
IRT - Incident Response Team
Risk Management - this includes identifying organizational assets, threats to those assets, asset
vulnerabilities, exploring countermeasures to put in place to minimize risk as much as possible
3 types of controls - preventative, detective, or corrective
BIA - Business Impact analysis
MTD - Maximum Tolerable downtime: a means to prioritze the recovery of assets should the worst
occur
BCP - The Business Continuity plan is a set of plans and procedures to follow in the event of a failure or a
disaster to get business services up and running
DRP - Addressing what to do to recover any lost data or services. Disaster recovery plan
ALE - Annualized loss expectancy is the product of the ARO(Annual rate of occurence) and the SLE(Single
loss expectancy). It is the monetary loss that can be expected for an asset due to risk over a one-year
period.
Security Triad - Confidentiality, Integrity, Availability
Confidentiality - addressing the secrecy and privacy of information, refers to the measures taken to
prevent disclosure of information or data to unauthorized users or systems: Passwords are a common
measure
attacks against these are confidentiality attacks
