Exam (elaborations)
CEH v10 EXAM | Questions And Answers Latest {} A+ Graded | 100% Verified
- Course
- Institution
CEH v10 EXAM | Questions And Answers Latest {} A+ Graded | 100% Verified
[Show more]
Content preview
CEH v10 EXAM | Questions And Answers Latest {2024- 2025} A+ Graded | 100% VerifiedOSI Reference Model - Open System Interconnection Reference Model
Divides network communications into 7 distinct layers and conceptually describes how each layer is
used. Divides protocols among layers as well.
Please Do Not Throw Sausage Pizza Away
1) Physical
2) Data Link
3) Network
4) Transport
5) Session
6) Presentation
7) Application
Slide 1-55
TCP/IP - A set of communications protocols that allows hosts on a network to talk to one another
DMZ - Demilitarized Zone: A controlled buffer network between you and the uncontrolled chaos of the
network.
Production Network Zone - A restricted zone that strictly controls direct access from uncontrolled zones.
The PNZ does not hold users.
Intranet Zone - A controlled zone that has little to no heavy restrictions.
Management Network Zone - An area you'd generally find with VLANs and maybe controlled via IPSec.
,Resources for Vulnerabilities - Microsoft Vulnerability Research: technet.microsoft.com
Security Focus: www.securityfocus.com
Hackerstorm: www.hackerstorm.co.uk
Exploit Database: www.exploit-db.com
Security Magazine: www.securitymagazine.com
Trend Micro: www.trendmicro.com
Dark Reading: www.darkreading.com
Vulnerability Categories - Misconfigurations
Default Installations
Buffer Overflows
Unpatched systems
Design Flaws
OS Flaws
App Flaws
Open Services
Default Passwords
Security, Functionality and Usability Triangle -
Hack Value - It is the notion among hackers that something is worth doing or is interesting
vulnerability - A flaw or weakness that allows a threat agent to bypass security.
zero day - An attacker used an undocumented and unknown application exploit to gain access
Payload -
Daisy Chaining -
, Bots -
Doxing -
IRT - Incident Response Team. A group of experts that respond to security incidents. Also known as
CERT, CIRT, or SIRT.
Incident Management - the process responsible for managing how incidents are identified and corrected
Risk Analysis Matrix - A quadrant used to map the likelihood of a risk occurring against the
consequences (or impact) that risk would have.
preventive
Corrective
Detective -
BIA - Business impact analysis: The BIA identifies critical business or mission requirements and includes
elements such as Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs), but it doesn't
identify solutions.
MTD - Maximum Tolerable Downtime--The total time a system can be inoperable before and
organization is severely impacted.
BCP - Business continuity plan. A plan that helps an organization predict and plan for potential outages
of critical services or functions. It includes disaster recovery elements that provide the steps used to
return critical functions to operation after an outage. A BIA is a part of a BCP and the BIA drives
decisions to create redundancies such as failover clusters or alternate sites.
DRP - Disaster recovery plan. A document designed to help a company respond to disasters, such as
hurricanes, floods, and fires. It includes a hierarchical list of critical systems and often prioritizes services
to restore after an outage. Testing validates the plan. Recovered systems are tested before returning
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller oneclass. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.48. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
73091 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now