CEH v11 Terminology Exam Questions
and Answers
Protocol Anomaly Detection - Answer-In this type of detection, models are built to
explore anomalies in the way in which vendors deploy the TCP/IP specification.
Packet Filtering Firewall - Answer-With these, each packet is compared to a set of
criteria before it is forwarded.
Pure Honeypots - Answer-These emulate the real production network of a target
organization.
Production Honeypots - Answer-These are deployed inside the production network of
the organization along with other production servers.
Port Scanning - Answer-This is used to identify open ports and the services running on
these ports.
Patch - Answer-This is a small piece of software designed to fix problems, security
vulnerabilities, and bugs and improve the performance of a computer program or its
supporting data.
Parabolic Grid Antenna - Answer-This uses the same principle as a satellite dish, but it
does not have a solid dish. It consists of a semi-dish in the form of a grid consisting of
aluminum wires.
Purdue Model / PERA model - Answer-This is widely used to describe internal
connections and dependencies of important components in the ICS networks.
Programmable Logic Controller (PLC) - Answer-This is a small solid-state control
computer where instructions can be customized to perform a specific task.
Platform-as-a-Service (PaaS) - Answer-This offers development tools, configuration
management, and deployment platforms on-demand, which can be used by subscribers
to develop custom applications.
Public Cloud - Answer-In this model, the provider makes services such as applications,
servers, and data storage available to the public over the Internet.
Private Cloud / Internal Cloud / Corporate Cloud - Answer-This is a cloud infrastructure
operated by a single organization and implemented within a corporate firewall.
,Public Key Infrastructure (PKI) - Answer-This is a set of hardware, software, people,
policies, and procedures required to create, manage, distribute, use, store, and revoke
digital certificates.
Pretty Good Privacy (PGP) - Answer-It is often used for data compression, digital
signing, encryption and decryption of messages, emails, files, and directories, and to
enhance the privacy of email communications.
Padding Oracle Attack - Answer-This is when attackers exploit the padding validation of
an encrypted message to decipher the ciphertext.
Quantum Cryptography - Answer-This is processed based on quantum mechanics,
such as quantum key distribution (QKD), using photons instead of mathematics as a
part of encryption.
Reconnaissance - Answer-This refers to the preparation phase where an attacker
gathers information about a target before launching an attack.
Risk - Answer-This refers to the degree of uncertainty or expectation that an adverse
event may cause damage to the system.
Risk Management - Answer-This is the process of reducing and maintaining risk at an
acceptable level by means of a well-defined and actively employed security program.
Risk Identification - Answer-Identifies the sources, causes, consequences, and other
details of the internal and external risks affecting the security of the organization.
Risk Assessment - Answer-Assesses the organization's risk and provides an estimate of
the likelihood and impact of the risk.
Confidentiality - Answer-This is the assurance that the information is accessible only to
authorized individuals.
Integrity - Answer-This is the trustworthiness of data or resources in terms of preventing
improper or unauthorized change
Cookie Replay - Answer-This is a technique used to impersonate a legitimate user by
replaying the session/cookie that contains the session ID of that user (as long as he/she
remains logged in)
Availability - Answer-This is assurance that the systems responsible for delivering,
storing, and processing information are accessible when required by the authorized
users.
Authenticity - Answer-This refers to the characteristic of a communication, document, or
any data that ensures the quality of being genuine
,Non-Repudiation - Answer-This is the guarantee that the sender of a message cannot
later deny having sent the message and that the recipient cannot deny having received
the message
Availability - Answer-This is assurance that the systems responsible for delivering,
storing, and processing information are accessible when required by the authorized
users.
Authenticity - Answer-This refers to the characteristic of a communication, document, or
any data that ensures the quality of being genuine.
Active Attack - Answer-This tampers with the data in transit or disrupt communication or
services between the systems to bypass or break into secured systems.
Adversary Behavioral Identification - Answer-This involves the identification of the
common methods or techniques followed by an adversary to launch attacks on or to
penetrate an organization's network.
Active Footprinting - Answer-This involves gathering information about the target with
direct interaction.
ARP Ping Scan - Answer-This is when attackers send address resolution request
probes to target hosts, and a response indicates that the host is active.
ACK Flag Probe Scan - Answer-Attackers send TCP probe packets set with an ACK
flag to a remote device, and then analyze the header information (TTL and WINDOW
field) of received RST packets to determine if the port is open or closed.
Anonymizer - Answer-This is an intermediate server placed between you as the end
user, and the website. It is used to access the website on your behalf and make your
web surfing activities untraceable.
Audio Steganography - Answer-This refers to hiding secret information in files such as
.MP3, .RM, and .WAV.
Advanced Persistent Threat - Answer-This is a type of network attack, where an
attacker gains unauthorized access to a target network and remains undetected for a
long period of time.
Antivirus Sensor System - Answer-This is a collection of computer software that detects
and analyzes malicious code threats such as viruses, worms, and Trojans.
Active Sniffing - Answer-This involves injecting Address Resolution Packets into the
network to flood the switch's Content Addressable Memory (CAM) table, which keeps
track of host-port connections.
, Address Resolution Protocol (ARP) - Answer-This is a stateless protocol used for
resolving IP addresses to machine (MAC) addresses.
ARP Spoofing Attack - Answer-This involves constructing many forged ARP request
and reply packets to overload the switch.
Application Level Hijacking - Answer-This refers to gaining control over the HTTP's user
session by obtaining the session IDs.
Anomaly Detection - Answer-This detects the intrusion based on the fixed behavioral
characteristics of the users and components in a computer system.
Application-Level Firewall - Answer-This can filter packets at the application layer of the
OSI model (or the application layer of TCP/IP).
API DDoS Attack - Answer-This attack involves saturating an API with a huge volume of
traffic from multiple infected computers (botnet) to delay API services to legitimate
users.
Automated Web App Security Testing - Answer-This is a technique employed for
automating the testing process. These testing methods and procedures are
incorporated into each stage of development to report feedback constantly.
BluePrinting - Answer-This is a footprinting technique performed by an attacker to
determine the make and model of a target Bluetooth-enabled device.
Application Whitelisting - Answer-This contains a list of application components such as
software libraries, plugins, extensions, and configuration files, which can be permitted to
execute in the system.
Btlejacking - Answer-This attack is detrimental to Bluetooth low energy devices. The
attacker can sniff, jam, and take control of the data transmission between BLE devices
by performing an MITM attack.
Application Blacklisting - Answer-This contains a list of malicious applications or
software that are not permitted to be executed in the system or the network.
Bluejacking - Answer-This is the activity of sending anonymous messages over
Bluetooth to Bluetooth-enabled devices, such as laptop and mobile phones, via the
OBEX protocol.
Access point - Answer-This is used to connect wireless devices to a wireless/wired
network.
