CEH v11 – Terminology | Questions And Answers Latest {2024- 2025} A+ Graded | 100%
Verified
Confidentiality - This is the assurance that the information is accessible only to authorized individuals.
Integrity - This is the trustworthiness of data or resources in terms of preventing improper or
unauthorized change
Cookie Replay - This is a technique used to impersonate a legitimate user by replaying the
session/cookie that contains the session ID of that user (as long as he/she remains logged in)
Availability - This is assurance that the systems responsible for delivering, storing, and processing
information are accessible when required by the authorized users.
Authenticity - This refers to the characteristic of a communication, document, or any data that ensures
the quality of being genuine
Non-Repudiation - This is the guarantee that the sender of a message cannot later deny having sent the
message and that the recipient cannot deny having received the message
Availability - This is assurance that the systems responsible for delivering, storing, and processing
information are accessible when required by the authorized users.
Authenticity - This refers to the characteristic of a communication, document, or any data that ensures
the quality of being genuine.
Active Attack - This tampers with the data in transit or disrupt communication or services between the
systems to bypass or break into secured systems.
Adversary Behavioral Identification - This involves the identification of the common methods or
techniques followed by an adversary to launch attacks on or to penetrate an organization's network.
,Active Footprinting - This involves gathering information about the target with direct interaction.
ARP Ping Scan - This is when attackers send address resolution request probes to target hosts, and a
response indicates that the host is active.
ACK Flag Probe Scan - Attackers send TCP probe packets set with an ACK flag to a remote device, and
then analyze the header information (TTL and WINDOW field) of received RST packets to determine if
the port is open or closed.
Anonymizer - This is an intermediate server placed between you as the end user, and the website. It is
used to access the website on your behalf and make your web surfing activities untraceable.
Audio Steganography - This refers to hiding secret information in files such as .MP3, .RM, and .WAV.
Advanced Persistent Threat - This is a type of network attack, where an attacker gains unauthorized
access to a target network and remains undetected for a long period of time.
Antivirus Sensor System - This is a collection of computer software that detects and analyzes malicious
code threats such as viruses, worms, and Trojans.
Active Sniffing - This involves injecting Address Resolution Packets into the network to flood the switch's
Content Addressable Memory (CAM) table, which keeps track of host-port connections.
Address Resolution Protocol (ARP) - This is a stateless protocol used for resolving IP addresses to
machine (MAC) addresses.
ARP Spoofing Attack - This involves constructing many forged ARP request and reply packets to overload
the switch.
Application Level Hijacking - This refers to gaining control over the HTTP's user session by obtaining the
session IDs.
,Anomaly Detection - This detects the intrusion based on the fixed behavioral characteristics of the users
and components in a computer system.
Application-Level Firewall - This can filter packets at the application layer of the OSI model (or the
application layer of TCP/IP).
API DDoS Attack - This attack involves saturating an API with a huge volume of traffic from multiple
infected computers (botnet) to delay API services to legitimate users.
Automated Web App Security Testing - This is a technique employed for automating the testing process.
These testing methods and procedures are incorporated into each stage of development to report
feedback constantly.
BluePrinting - This is a footprinting technique performed by an attacker to determine the make and
model of a target Bluetooth-enabled device.
Application Whitelisting - This contains a list of application components such as software libraries,
plugins, extensions, and configuration files, which can be permitted to execute in the system.
Btlejacking - This attack is detrimental to Bluetooth low energy devices. The attacker can sniff, jam, and
take control of the data transmission between BLE devices by performing an MITM attack.
Application Blacklisting - This contains a list of malicious applications or software that are not permitted
to be executed in the system or the network.
Bluejacking - This is the activity of sending anonymous messages over Bluetooth to Bluetooth-enabled
devices, such as laptop and mobile phones, via the OBEX protocol.
Access point - This is used to connect wireless devices to a wireless/wired network.
Bluesnarfing - This is the theft of information from a wireless device through a Bluetooth connection,
often between phones, desktops, laptops, PDAs, and other devices.
, Association - This refers to the process of connecting a wireless device to an AP.
Bluebugging - This involves gaining remote access to a target Bluetooth-enabled device and using its
features without the victim's knowledge or consent.
Agent Smith Attack - This is carried out by luring victims into downloading and installing malicious apps
designed and published by attackers in the form of games, photo editors, or other attractive tools from
third-party app stores such as 9Apps.
BYOD - This refers to a policy that allows an employee to bring their personal devices, such as laptops,
smartphones, and tablets, to their workplace and use them to access the organization's resources by
following the access privileges.
Android Rooting - This process involves exploiting security vulnerabilities in the device firmware and
copying the SU binary to a location in the current process's PATH (e.g., /system/xbin/su) and granting it
executable permissions with the chmod command.
BlueBorne Attack - This attack is performed on Bluetooth connections to gain access and take full
control of the target device.
Asymmetric Encryption - This uses different encryption keys, which are called public and private keys for
encryption and decryption, respectively.
Business Network - This is comprised of a network of systems that offer information infrastructure to
the business.
Advanced Encryption Standard - This is a National Institute of Standards and Technology (NIST)
specification for the encryption of electronic data.
Basic Process Control System (BPCS) - This is responsible for process control and monitoring of the
industrial infrastructure.