Certified Ethical Hacker (CEH) Exam
Questions and Answers
Confidentiality - Answer -The measures taken to prevent disclosure of information or
data to unauthorized individuals or systems.
Integrity - Answer -The methods and actions taken to protect the information from
unauthorized alteration or revision - whether the data is at rest or in transit.
Hash - Answer -A one-way mathematical algorithm that generates a specific, fixed-
length number.
Bit Flipping - Answer -A type of integrity attack where the attacker manipulates bit in the
ciphertext to generate a predictable outcome in the plaintext once it is decrypted.
Availability - Answer -Refers to communications and data being ready for use when
legitimate users need them.
Denial of Service (DoS) Attacks - Answer -Designed to prevent legitimate users from
having access to computer resources.
Ethical Hacker - Answer -Someone who employs the same tools and techniques a
criminal might use, with the customer's full support and approval, in order to secure a
network or system.
Cracker - Answer -Also known as a malicious hacker, uses their skills for either
personal gain or destructive purposes.
White Hats - Answer -These are the ethical hackers, hired by a customer for the specific
goal of testing and improving security.
Black Hats - Answer -These are the bad guys; the crackers, illegally using their skills for
either personal gain or malicious intent.
Gray Hats - Answer -The hardest group to categorize; these people are neither good
nor bad.
, Penetration Test - Answer -A clearly defined, full-scale test of the security controls of a
system or network in order to identify security risks and vulnerabilities and has three
main phases.
Black box testing - Answer -The ethical hacker has zero knowledge of the target of
evaluation (TOE). Simulates an outside attacker, takes the most time to complete, and
is the most expensive option.
White box testing - Answer -The exact opposite of black box testing; pen testers have
full knowledge of the network/system. Simulates a knowledgeable, internal threat.
Gray box testing - Answer -Also known as partial knowledge testing; assumes only that
the attacker is an insider. This type of testing is very valuable because it can
demonstrate privilege escalation from a trusted employee.
Asset - Answer -An item of economic value owned by an organization or individual.
Threat - Answer -Any agent, circumstance, or situation that could cause harm or loss to
an IT asset.
Vulnerability - Answer -Any weakness that could be exploited by a threat to cause
damage to an asset.
United State Code Title 18, Section 1029 - Answer -Criminalizes the misuse of
credentials; including selling devices that make fake credentials and those who traffic
the faked credentials
United States Code Title 18, Section 1030 - Answer -Targets hackers themselves and
criminalizes unauthorized access to computer systems or data. Also addresses and
criminalizes the spread of viruses and malware.
The SPY Act - Answer -Criminalizes the collection of personal information without the
user's consent, the redirection of web servers, and the sending of spam.
Freedom of Information Act - Answer -Serves the people's right to know certain pieces
of information not deemed to be classified.
Privacy Act of 1974 - Answer -States that government agencies cannot disclose
personal information about an individual without the person's consent.
Federal Information Security Management Act (FISMA) - Answer -Requires government
agencies to create security plans, have them accredited at least once every three years,
and periodically asses the security.
USA Patriot Act of 2001 - Answer -Dramatically increased the government's ability to
monitor, intercept, and maintain records on many forms of communication.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller millyphilip. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.99. You're not tied to anything after your purchase.