CEH v10 Vocabulary Test with Complete
Solutions
The five subsections of HIPPA - Answer-Electronic Transaction and Code Sets, Privacy
Rule, Security Rule, National Identifier Requirements, and Enforcement
The Sarbanes-Oxley (SOX) Act - Answer-created to make corporate disclosures more
accurate and reliable in order to protect the public and investors from shady behavior.
There are 11 titles within SOX that handle everything from what financials should be
reported and what should go in them, to protecting against auditor conflicts of interest
and enforcement for accountability.
The Payment Card Industry Data Security Standard (PCI-DSS) - Answer-a security
standard for organizations handling credit cards, ATM cards, and other point-of-sales
cards. The standards apply to all groups and organizations involved in the entirety of the
payment process—from card issuers, to merchants, to those storing and transmitting
card information
What are the 12 requirements for PCI-DSS? - Answer-Install and maintain firewall
configuration to protect data.
Remove vendor-supplied default passwords and other default security features.
Protect stored data.
Encrypt transmission of cardholder data.
Install, use, and update AV (antivirus).
Develop secure systems and applications.
Use "need to know" as a guideline to restrict access to data.
Assign a unique ID to each stakeholder in the process (with computer access).
Restrict any physical access to the data.
Monitor all access to data and network resources holding, transmitting, or protecting it.
Test security procedures and systems regularly.
Create and maintain an information security policy.
COBIT - Answer-Control Objects for Information and Related Technology
ISACA - Answer-Information Systems Audit and Control Association
ITGI - Answer-T Governance Institute
Control Objects for Information and Related Technology (COBIT) was created by the
Information Systems Audit and Control Association (ISACA) and the IT Governance
Institute (ITGI). It categorizes control objectives into the what domains? - Answer-•
Planning and organization
• Acquisition and implementation
, • Delivery and support
• Monitoring and evaluation
ISO/IEC 27001:2013 - Answer-What provides requirements for creating, maintaining,
and improving organizational IS (Information Security) systems. The standard
addresses issues such as ensuring compliance with laws as well as formulating internal
security requirements and objectives.
Hack value - Answer-It is the notion among hackers that something is worth doing or is
interesting
Vulnerability - Answer-Existence of a weakness, design, or implementation error that
can lead to an unexpected event compromising the security of the system. Simply put,
vulnerability is a security loophole that allows an attacker to enter the system by
bypassing various user authentications
Exploit - Answer-A breach of IT system security through vulnerabilities. it also refers to
malicious software or commands that can cause unanticipated behavior of legitimate
software or hardware through attackers taking advantage of the vulnerabilities
Payload - Answer-Payload is the part of an exploit code that performs the intended
malicious action, such as destroying, creating backdoors, and hijacking computers.
Hackers use various methods to execute the payload. For example, they can activate a
logic bomb, execute an infected program, or use an unprotected computer connected to
a network.
authenticity - Answer-the characteristic of a communication, document or any data that
ensures the quality of being genuine
Non-repudiation - Answer-Guarantee that the sender of a message cannot later deny
having sent the message and that the recipient cannot deny having received the
message.
5 zone of ECC - Answer-Internet, Internet DMZ, Production Network Zone, Intranet
Zone, Management Network Zone
7 layers of OSI model - Answer-Application, Presentation, Session, Transport, Network,
Data Link, and Physical
four layers of the TCP/IP stack - Answer-Application, Transport, Internet, and Network
Access
TCP/IP Frame - Answer-Preamble, Start Frame Delimiter(SFD), Destination Address,
Source Address, Length/type, Data,Frame Check Sequence (FCS)
3-way Handshake - Answer-SYN, SYN/ACK, ACK
