100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
Certified Ethical Hacker CEH v10 Terms QUESTIONS AND ANSWERS 100 VERIFIED A GUARANTEED $12.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. NU1426
  4.  
  5. NU1426

Exam (elaborations)

Certified Ethical Hacker CEH v10 Terms QUESTIONS AND ANSWERS 100 VERIFIED A GUARANTEED
 0 view  0 purchase
  • Course
  • NU1426
  • Institution
  • NU1426

Certified Ethical Hacker (CEH) v.10 Terms QUESTIONS AND ANSWERS 100% VERIFIED A+ GUARANTEED

Preview 4 out of 85  pages

Document information

  • February 22, 2024
  • 85
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers

Subjects

  • certified
  • ethical
  • hacker

Written for

  • NU1426
All documents for this subject (965)

Seller

avatar-seller
Academik001

Reviews received

Content preview

Certified Ethical Hacker (CEH) v.10 Terms
QUESTIONS AND ANSWERS 100% VERIFIED A+
GUARANTEED

1). Tcp/ip model

 Ans: A set of communications protocols that allows hosts on a network to talk to each other.
Similar in lay out to the OSI model, but simpler and more accurate.

1. Application:
HTTP, FTP, SNMP, SMTP, DNS, POP, IMAP, NNTP, Telnet, SSH, DHCP, etc.
2. Transport:
TCP, UDP
3.Internet:
IP, ICMP
4. Network Access:
ARP, L2TP, STP (Spanning Tree Protocol), HDLC (High-Level Data Link Control), FDDI (Fiber
Distributed Data Interface), etc.


2). Frame

 Ans: A format of bits in a specific order used to communicate with other systems on a network.
They are built from the inside out and rely on information handed down from the upper layers of the
TCP/IP model.

Contents of A Frame (In Order):
Preamble, Start Frame Delimiter (SFD), Destination MAC Address, Source MAC Address, Length/
Type, Data (IP Packet w/Source & Destination IP Addresses), and Frame Check Sequence.


3). Tcp handshake

 Ans: Sets up a communications session by establishing a connection an end station/destination
host.

Three-Way Handshake: SYN, SYN/ACK, ACK
Synchronize Segment (SYN), Synchronize Acknowledgement Segment (SYN/ACK),
Acknowledgement Segment (ACK)


4). Udp (user datagram protocol)


PaperStoc.com Page 1 of 85

,  Ans: Protocol that operates instead of TCP in applications where delivery speed is important
and quality can be sacrificed. "The connectionless fire-and-forget transport protocol."


Protocols that use UDP are TFTP, DNS (for lookups), and DHCP.


5). Security zones: internet

 Ans: Outside the boundary of your network and uncontrolled. Can't apply security policies to this
zone. Governments try to all the time, but your organization can't.


6). Security zones: internet dmz

 Ans: A controlled buffer network between your network and the uncontrolled chaos of the
Internet.

These buffer networks can be placed anywhere inside or outside of various internets and intranets;
wherever an organization desires.


7). Security zones: production network zone

 Ans: A very restricted zone that strictly controls direct access from uncontrolled zones. Doesn't
hold any users.


8). Security zones: intranet zone

 Ans: A controlled zone that has little-to-no heavy restrictions. It's not wide open, but
communication requires fewer strict controls internally.


9). Security zones: management network zone

 Ans: Usually an area rife with VLANs and maybe controlled via IPSec and such. A highly secured
zone with very strict policies.


10). Common vulnerability scoring system (cvss)

 Ans: A published standard used worldwide that provides a way to capture the principal
characteristics of a vulnerability and produce a numerical score reflecting its severity.

That score can then be translated into a qualitative representation (low, medium, high, and critical)
to help organizations properly assess and prioritize their vulnerability management processes.




PaperStoc.com Page 2 of 85

, 11). National vulnerability database (nvd)

 Ans: U.S. government repository of standards-based vulnerability management data represented
using the Security Content Automation Protocol (SCAP). This data enables automation of
vulnerability management, security measurement, and compliance.


12). Ecc vulnerability categories

 Ans: Misconfiguration

Default Installations

Buffer Overflows

Missing Patches (Unpatched Servers)

Design Flaws: Flaws universal to ALL OSes (encryption, data validation, logic flaws, etc.)

Operating System (OS) Flaws


Application Flaws

Open Services: Services that aren't actively used, but remain open on the system due to negligence
or ignorance.

Default Passwords


13). Vulnerability management tools

 Ans: Nessus, GFI Languard, Qualys, Nikto, OpenVAS, and Retina CS


14). Zero-day attack

 Ans: Attack between the time a software vulnerability is discovered and a patch to fix the
problem is released.


15). Threat modeling

 Ans: A process by which developers can understand security threats to a system, determine
risks from those threats, and establish appropriate mitigations.

1. Identify Security Objectives
2. Application Overview



PaperStoc.com Page 3 of 85

, 3. Decompose Application
4. Identify Threats
5. Identify Vulnerabilities


16). Enterprise information security architecture (eisa)

 Ans: Requirements and processes that help determine how an organization's information
systems are built and how they work.


17). Ecc risk management phases

 Ans: 1. Identification
2. Risk Assessment
3. Risk Treatment
4. Risk Tracking
5. Risk Review


18). Security controls

 Ans: Countermeasures security personnel put into place to minimize risks as much as possible
and protect the assets of an organization from threats.

Categories:
Physical, Technical/Logical, or Administrative

Subcategories:
Preventative, Detective, or Corrective


19). Business impact analysis (bia)

 Ans: Identification of the systems and processes critical for business operations and how the
organization would be affected if they were taken down by attackers.


20). Maximum tolerable downtime (mtd)

 Ans: The maximum period of time that a business process can be down before the survival of
the organization is at risk. Provides a means to prioritize the recovery of assets should the worst
occur.


21). Business continuity plan (bcp)




PaperStoc.com Page 4 of 85

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Academik001. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75759 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$12.49
  • (0)
  Add to cart