CEH v11 Comprehensive Study Guide Complete
Questions Bank / Questions and Correct Detailed
Answers
Terms in this set (1749)
Authentication The process of identifying a user's identity, making sure
that they can have access to the system and/or files. This
can be accomplished either by a password, retina scan, or
fingerprint scan, sometimes even a combination of the
above.
Botnet A network of computers that have been infected with a
virus, and now are working continuously in order to create
security breaches.
DDoS Using multiple hosts and users, hackers bombard a
website with a tidal wave of requests to such an extent
that it locks up the system and forces it to temporarily
shut down.
Domain A series of computers and associated peripherals (routers,
printers, scanners), that are all connected as one entity.
Encryption Coding used to protect your information from hackers.
Malware malicious software that damages or disables computer
systems and gives limited or full control of the systems to
the creator for malicious activities such as theft or fraud.
When a hacker changes the IP address of an email so that it
Spoofing
seems to come from a trusted source
,Spyware A type of malware that attackers install on a computer to
secretly gather information about its users without their
knowledge.
Trojan Horse A form of malware, this one a misleading computer
program that looks innocent, but in fact allows the hacker
into your system via a back door, allowing them to control
your computer.
Virus It infects a system by inserting itself into a file or executable
program. Malware which changes, corrupts, or destroys
information, and is then passed on to other systems, usually
by otherwise benign means.
VPN creates a safe and encrypted tunnel over a public network
to securely send and receive sensitive information. It
creates a subnet by using key-based encryption for secure
communication between endpoints.
Worm Malware that can reproduce itself for the purposes of
spreading itself to other computers in the network.
Hack Value The notion among hackers that something is worth doing or
is interesting.
Vulnerability An existence of a weakness, design, or implementation
error that may lead to compromising the security of the
system.
Exploit A breach of IT system security through vulnerabilities. It is
the part the malware that contains code or a sequence of
commands that can take advantage of a bug or vulnerability
in a digital system or device.
Payload Payload
Gaining access to one network and/or computer to obtain
Daisy Chaining information that will enable them to gain access to multiple
other computers and/or networks.
,Doxing Publishing personally identifiable information about an
individual that was obtain from public databases and
social media.
Bot A software application that can be remotely controlled to
execute/automate predefined tasks.
Information Security A state of infrastructure and information well-being to keep the
possibility of theft, tampering, disruption of information and
services kept tolerable and low.
Confidentiality The assurance that information is only accessible to authorized
individuals.
Integrity The trustworthiness of preventing improper and unauthorized
changes of data or resources.
Availability The assurance that the system which is responsible for the
processing, delivering and storing of information is
accessible to the authorized users when required.
Authenticity Any data, communication or document characteristics which
ensures the quality of being genuine.
Non-Repudiation Guarantees that an individual cannot later deny sending a
message and the recipient cannot deny receiving a message.
Cloud Computing An on-demand delivery of IT capabilities where infrastructure
and applications are provided to subscribers as a metered
service over a network.
Advanced Persistent An attack vector focuses on stealing data from a victims
Threats (APT) machine without their knowledge.
Cloud Computing Threats An attack vector is a flaw in within a client's
application cloud which can enable attackers to
access other client's data.
An attack is performed on a network or single computer by an
Insider Attacks
entrusted individual who has authorized access.
, Web Application Threats A security attack vector that threatens the performance of a
website and hampers its security to steal user credentials,
set up a phishing site or acquire private data by targeting
web applications.
SHA-1 A Secure Hashing Algorithm (SHA) that produces a 160-bit
digest from a message with a maximum length of (264 - 1)
bits, and resembles the MD5 algorithm.
Software as a Service Offers software to subscribers on-demand over the internet.
(SaaS)
Platform as a Service Offers development tools, configuration management, and
(PaaS) deployment platforms on-demand that can be used by
subscribers to develop custom applications.
Infrastructure as a Service Provides virtual machines and other abstracted
(IaaS) hardware and operating systems which may be
controlled through a service API.
Identify as a Service Offers IAM services including SSO, MFA, IGA and intelligence
(IDaaS) collection.
Security as a Service Provides Penetration testing, authentication, intrusion detection,
(SECaaS) anti-malware, security incident, and event management services.
Container as a Service Offers Virtualization of container engines, management of
(CaaS) containers, applications and clusters through a web portal or
API.
Function as a Service Provides a platform for developing, running and managing
(FaaS) application functionality for microservices.
Public Cloud Services are rendered over a network that is open for public use.
Private Cloud Cloud infrastructure is operated for a single organization only.
Shared Infrastructure between several organizations from a
Community Cloud
specific community with common concerns.
Questions Bank / Questions and Correct Detailed
Answers
Terms in this set (1749)
Authentication The process of identifying a user's identity, making sure
that they can have access to the system and/or files. This
can be accomplished either by a password, retina scan, or
fingerprint scan, sometimes even a combination of the
above.
Botnet A network of computers that have been infected with a
virus, and now are working continuously in order to create
security breaches.
DDoS Using multiple hosts and users, hackers bombard a
website with a tidal wave of requests to such an extent
that it locks up the system and forces it to temporarily
shut down.
Domain A series of computers and associated peripherals (routers,
printers, scanners), that are all connected as one entity.
Encryption Coding used to protect your information from hackers.
Malware malicious software that damages or disables computer
systems and gives limited or full control of the systems to
the creator for malicious activities such as theft or fraud.
When a hacker changes the IP address of an email so that it
Spoofing
seems to come from a trusted source
,Spyware A type of malware that attackers install on a computer to
secretly gather information about its users without their
knowledge.
Trojan Horse A form of malware, this one a misleading computer
program that looks innocent, but in fact allows the hacker
into your system via a back door, allowing them to control
your computer.
Virus It infects a system by inserting itself into a file or executable
program. Malware which changes, corrupts, or destroys
information, and is then passed on to other systems, usually
by otherwise benign means.
VPN creates a safe and encrypted tunnel over a public network
to securely send and receive sensitive information. It
creates a subnet by using key-based encryption for secure
communication between endpoints.
Worm Malware that can reproduce itself for the purposes of
spreading itself to other computers in the network.
Hack Value The notion among hackers that something is worth doing or
is interesting.
Vulnerability An existence of a weakness, design, or implementation
error that may lead to compromising the security of the
system.
Exploit A breach of IT system security through vulnerabilities. It is
the part the malware that contains code or a sequence of
commands that can take advantage of a bug or vulnerability
in a digital system or device.
Payload Payload
Gaining access to one network and/or computer to obtain
Daisy Chaining information that will enable them to gain access to multiple
other computers and/or networks.
,Doxing Publishing personally identifiable information about an
individual that was obtain from public databases and
social media.
Bot A software application that can be remotely controlled to
execute/automate predefined tasks.
Information Security A state of infrastructure and information well-being to keep the
possibility of theft, tampering, disruption of information and
services kept tolerable and low.
Confidentiality The assurance that information is only accessible to authorized
individuals.
Integrity The trustworthiness of preventing improper and unauthorized
changes of data or resources.
Availability The assurance that the system which is responsible for the
processing, delivering and storing of information is
accessible to the authorized users when required.
Authenticity Any data, communication or document characteristics which
ensures the quality of being genuine.
Non-Repudiation Guarantees that an individual cannot later deny sending a
message and the recipient cannot deny receiving a message.
Cloud Computing An on-demand delivery of IT capabilities where infrastructure
and applications are provided to subscribers as a metered
service over a network.
Advanced Persistent An attack vector focuses on stealing data from a victims
Threats (APT) machine without their knowledge.
Cloud Computing Threats An attack vector is a flaw in within a client's
application cloud which can enable attackers to
access other client's data.
An attack is performed on a network or single computer by an
Insider Attacks
entrusted individual who has authorized access.
, Web Application Threats A security attack vector that threatens the performance of a
website and hampers its security to steal user credentials,
set up a phishing site or acquire private data by targeting
web applications.
SHA-1 A Secure Hashing Algorithm (SHA) that produces a 160-bit
digest from a message with a maximum length of (264 - 1)
bits, and resembles the MD5 algorithm.
Software as a Service Offers software to subscribers on-demand over the internet.
(SaaS)
Platform as a Service Offers development tools, configuration management, and
(PaaS) deployment platforms on-demand that can be used by
subscribers to develop custom applications.
Infrastructure as a Service Provides virtual machines and other abstracted
(IaaS) hardware and operating systems which may be
controlled through a service API.
Identify as a Service Offers IAM services including SSO, MFA, IGA and intelligence
(IDaaS) collection.
Security as a Service Provides Penetration testing, authentication, intrusion detection,
(SECaaS) anti-malware, security incident, and event management services.
Container as a Service Offers Virtualization of container engines, management of
(CaaS) containers, applications and clusters through a web portal or
API.
Function as a Service Provides a platform for developing, running and managing
(FaaS) application functionality for microservices.
Public Cloud Services are rendered over a network that is open for public use.
Private Cloud Cloud infrastructure is operated for a single organization only.
Shared Infrastructure between several organizations from a
Community Cloud
specific community with common concerns.
