CEH v11
Authentication - Answer- The process of identifying a user's identity, making sure that they can have access to the system and/or files. This can be accomplished either by a password, retina scan, or fingerprint scan, sometimes even a combination
of the above.
Botnet - Answer- A network of computers that have been infected with a virus, and now are working continuously in order to create security breaches.
DDoS - Answer- Using multiple hosts and users, hackers bombard a website with a tidal wave of requests to such an extent that it locks up the system and forces it to temporarily shut down.
Domain - Answer- A series of computers and associated peripherals (routers, printers, scanners), that are all connected as one entity.
Encryption - Answer- Coding used to protect your information from hackers.
Malware - Answer- malicious software that damages or disables computer systems and gives limited or full control of the systems to the creator for malicious activities such as theft or fraud.
Spoofing - Answer- When a hacker changes the IP address of an email so that it seems to come from a trusted source
Spyware - Answer- A type of malware that attackers install on a computer to secretly
gather information about its users without their knowledge.
Trojan Horse - Answer- A form of malware, this one a misleading computer program that looks innocent, but in fact allows the hacker into your system via a back door, allowing them to control your computer.
Virus - Answer- It infects a system by inserting itself into a file or executable program. Malware which changes, corrupts, or destroys information, and is then passed on to other systems, usually by otherwise benign means.
VPN - Answer- creates a safe and encrypted tunnel over a public network to securely send and receive sensitive information. It creates a subnet by using key-
based encryption for secure communication between endpoints.
Worm - Answer- Malware that can reproduce itself for the purposes of spreading itself to other computers in the network.
Hack Value - Answer- The notion among hackers that something is worth doing or is interesting. Vulnerability - Answer- An existence of a weakness, design, or implementation error that may lead to compromising the security of the system.
Exploit - Answer- A breach of IT system security through vulnerabilities. It is the part the malware that contains code or a sequence of commands that can take advantage of a bug or vulnerability in a digital system or device.
Payload - Answer- Payload
Daisy Chaining - Answer- Gaining access to one network and/or computer to obtain information that will enable them to gain access to multiple other computers and/or networks.
Doxing - Answer- Publishing personally identifiable information about an individual that was obtain from public databases and social media.
Bot - Answer- A software application that can be remotely controlled to execute/automate predefined tasks.
Information Security - Answer- A state of infrastructure and information well-being to keep the possibility of theft, tampering, disruption of information and services kept tolerable and low.
Confidentiality - Answer- The assurance that information is only accessible to authorized individuals.
Integrity - Answer- The trustworthiness of preventing improper and unauthorized changes of data or resources.
Availability - Answer- The assurance that the system which is responsible for the processing, delivering and storing of information is accessible to the authorized users when required.
Authenticity - Answer- Any data, communication or document characteristics which ensures the quality of being genuine.
Non-Repudiation - Answer- Guarantees that an individual cannot later deny sending a message and the recipient cannot deny receiving a message.
Cloud Computing - Answer- An on-demand delivery of IT capabilities where infrastructure and applications are provided to subscribers as a metered service over
a network.
Advanced Persistent Threats (APT) - Answer- An attack vector focuses on stealing data from a victims machine without their knowledge.
Cloud Computing Threats - Answer- An attack vector is a flaw in within a client's application cloud which can enable attackers to access other client's data. Insider Attacks - Answer- An attack is performed on a network or single computer by an entrusted individual who has authorized access.
Web Application Threats - Answer- A security attack vector that threatens the performance of a website and hampers its security to steal user credentials, set up a phishing site or acquire private data by targeting web applications.
SHA-1 - Answer- A Secure Hashing Algorithm (SHA) that produces a 160-bit digest from a message with a maximum length of (264 - 1) bits, and resembles the MD5 algorithm.
Software as a Service (SaaS) - Answer- Offers software to subscribers on-demand over the internet.
Platform as a Service (PaaS) - Answer- Offers development tools, configuration management, and deployment platforms on-demand that can be used by subscribers to develop custom applications.
Infrastructure as a Service (IaaS) - Answer- Provides virtual machines and other abstracted hardware and operating systems which may be controlled through a service API.
Identify as a Service (IDaaS) - Answer- Offers IAM services including SSO, MFA, IGA and intelligence collection.
Security as a Service (SECaaS) - Answer- Provides Penetration testing, authentication, intrusion detection, anti-malware, security incident, and event management services.
Container as a Service (CaaS) - Answer- Offers Virtualization of container engines, management of containers, applications and clusters through a web portal or API.
Function as a Service (FaaS) - Answer- Provides a platform for developing, running and managing application functionality for microservices.
Public Cloud - Answer- Services are rendered over a network that is open for public use.
Private Cloud - Answer- Cloud infrastructure is operated for a single organization only.
Community Cloud - Answer- Shared Infrastructure between several organizations from a specific community with common concerns.
Hybrid Cloud - Answer- Combination of two or more clouds that remain unique entities but are bound together, thereby offering the benefits of multiple deployment models. Multi Cloud - Answer- Dynamic heterogeneous environment that combines workloads across multiple cloud vendors, managed via one proprietary interface to achieve long term business goals.
Cloud Consumer - Answer- A person or organization that uses cloud computing services.
Cloud Provider - Answer- A person or organization that provides services to the interested parties.
Cloud Carrier - Answer- Providing connectivity and transport services between cloud consumers and providers.
Cloud Auditor - Answer- A party that can conduct independent assessment of cloud service controls and taking an opinion thereon.
Cloud Broker - Answer- An entity that manages the use, performance and delivery of
cloud services, and maintains relationships between cloud providers and consumers.
Virtualization - Answer- The ability to run multiple operating systems on a single physical system. or multiple instances of one operating system and share the underlining resources such as a server, storage device or network.
Containers - Answer- Placed on the top of one physical server and host operating system, and share the operating systems kernel binaries and libraries, thereby reducing the need for reproducing the OS.
Docker - Answer- An open source technology used for developing, packaging and running applications and all its dependencies in the form of containers, to ensure that
the application works in a seamless environment. It provides a PaaS through OS level virtualization and delivers containerized software packages.
Kubernetes - Answer- An open source, portable, extensible, orchestration platform developed by Google for managing containerized applications and microservices. It provides a resilient framework for managing distributed containers, generating deployment patterns, and performing failover and redundancy for the applications.
Network Sniffing - Answer- Interception and monitoring of network traffic which is being sent between the two cloud nodes.
Packet Sniffers - Answer- Programs that capture data from information packets as they travel over the Internet or company networks. Captured data is sifted to find confidential or proprietary information.
Side Channel Attack - Answer- An attack where an attacker runs a virtual machine on the same physical host as the victims virtual machine and takes advantage of the shared physical resources (processor cache) to steal data ( cryptographic keys) from
the victim.
