Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CEH - Terms C, D & E

Certified Ethical Hacker Terms and Definitions - C, D, E. - info tech

QuestionAnswer
A storage buffer that transparently stores data so future requests for the same data can be served faster. Cache
Holds all the MAC-address-to-port mappings on a switch. CAM (content addressable memory) table
Contains a person's or entity's public key, serial number, version, subject, algorithm type, issuer, valid dates, and key usage details. Provides Non-Repudiation throughout a system. Also known as a Public Key (_Blank) Certificate (or Digital Certificate)
A trusted entity that issues and revokes public key certificates. CA (Certificate Authority)
An authentication method on point-to-point links, using a three-way handshake and a mutually agree-upon key. CHAP (challenge handshake authentication protocol)
The three aspects of security that make up the "CIA Triangle". Confidentiality - Integrity - Availability
Text or data in its encrypted form. The result of plaintext being put through a cryptographic algorithm. Ciphertext
A computer process that requests a service from another computer/server and accepts the server's responses. Client
A cell phone attack in which the serial number from one cell phone is copied to another in an effort to copy the cell phone. Cloning
A Canonical Name record within DNS, used to provide an alias for a domain name. CNAME record
A backup facility with the electrical and physical components of a computer facility but has no computer equipment in place. Ready to receive the necessary computer equipment in case the user has to move from the main computing facilities. Cold Site
In regards to a Hash Algorithm. When two or more distinct inputs produce the same result. Collision
A domain where all of the systems share the given transport media. Needs to be managed by: CSMA/CD or CSMA/CA Collision Domain
An application layer protocol used primarily by Microsoft Windows. Provides shared access to printers, files and serial ports. Common Internet File System/Server Message Block
A string used for authentication in SNMP. Transmitted in clear text in SNMPv1. In SNMPv3, encryption and other improvements are provided. Community String
Free and Readily available information on an organization that can be gathered about the target's customers, products, and marketing and then used by an attacker. Competitive Intelligence
A social-engineering attack using computer based resources such as email and IRC. Computer-based Attack
The name given to groups of experts that handle computer security incidents. CERT (computer emergency response team)
The security objective that requires that sensitive information is only disclosed to authorized individuals, entities and processes. Confidentiality
Physical socket provided on routers and switches for cable connections between a computer and the router/switch. This allows for configuring and toubleshooting of the device via a terminal emulator or command line-interface. Console Port
An organizations Policy, Plan and Procedures for restoring business operations in the event of emergencies, system falures and disasters. Contingency Plan
Small text files stored on a computer while browsing a website. It maintains information about the user's session and can contain authentication parameters. Can be session based or persistent. Cookies
The rights granted by law to the creator of an original work. Includes the right to copy, distribute and adapt the work and designate authorized users of the work. Copyright
Adjustments applied to a system designed to resolve vulnerabilities and errors soon after discovered. Corrective Controls
Actions, devices, procedures, techniques, or other measures implemented to reduce a vulnerability in a system. Countermeasures
A communication channel being used to secretly transfer information. Covert Channel
A cyber attacker who acts without permission and gives no prior notice to the system owner. Cracker
A comparison metric for different biometric devices and technologies. It's the point where the "false acceptance rate" equals the "false rejection rate" FAR = FRR CER (Crossover Error Rate)
An attack where a hacker injects code into an otherwise legitimate web page. The embedded code is submitted as part of the client's web request and can execute on the user's computer. XSS (cross-site scripting)
A value used to control cyptographic operations, such as encryption, decryption, and signiture generation/verification. Cryptographic Key
The science of protecting information by using techniques to render the information unusable to anyone who does not possess the means to decrypt it. Cryptography
A background process found in Unix, Linux, Solaris and other Unix-based operating systems. Daemon
A method of external testing where serveral systems are used together to carry out an attack. Daisy Chaining
A collection of retrievable data. Can be object based or relational. Database
An outdated symmetric cipher encryption algorithm that's no longer considered secure. Due to the ease that an entire keyspace can be attempted with modern computing, the cracking of this encryption is now very easy. DES (data encryption standard)
Layer 2 of the OSI reference model. It deals with physical addressing, network topology, error detection, and flow control. Data Link Layer (Layer 2 OSI)
Turning Ciphertext into Plaintext via the use of a cryptographic algorithm. Decryption
The information assurance strategy of creating multiple layers of defense across an Information Technology system. Defense in Depth
A middle part of a network. The area where resources are not fully behind a firewall but not fully exposed to the internet and its threats. Web servers typically reside here on otherwise protected networks. DMZ (Demilitarized Zone)
Attacks with the goal of preventing authorized users from accessing services and preventing the normal operation of networks. DoS (Denial of Service)
Controls to detect anomalies or undesirable events occurring on a system. Detective Controls
The use of a private key to encrypt a hash value for identification purposes within a PKI system. The signature is then decoded by the originator's public key. Provides for non-repudiation. Digital Signature
Embedding information into a digital signal in a way that makes it difficult to remove. Digital Watermark
Known as the "dot-dot-slash" ../ attack. An attacker attempts to access restricted directories to execute commands outside the intended web server directories. Directory Traversal
The security posture where the individual user is allowed to specify explicitly the types of access other users may have to information under the user's control. DAC (discretionary access control)
A denial-of-service attack that uses numerous hosts (botnet) to perform the attack. DDoS (Distributed Denial of Service)
Process of using easily accessible DNS records to map a target network's internal hosts. DNS enumeration
A unique hostname. It starts with a root (www.), then the unique name, then a top level (.com .gov .mil etc...). Domain Name
The network of Servers that translate Internet Protocol (IP) addresses into human-friendly, hierarchical Internet Addresses and vice versa. DNS (Domain Name System)
An attack technique that corrupts the DNS server. It tricks the server into receiving fraudulent data and affects users by sending traffic to erroneous or malicious end points. DNS Cache Poisoning
Process of providing a fully qualified domain name (FQDN) to a local name server for resolution to its corresponding IP address. DNS Lookup
Malware designed to install some sort of virus, backdoor, etc., on a target system. Droppers
The responsibility of an organization and its management to provide information security. They must ensure the types of contols, the cost of controls, and the depolyment of the controls are appropriate for the system being protected. Due Care
The steps that must be taken to identify and limit risks to an acceptable level of exposure. Due Diligence
A security attack where the attacker sifts through garbage and recycle bins for information that may be useful for current and future attacks. Dumpster Diving
Secretly listening to the private conversations of others without their knowledge or consent. This can be verbal or electronic (i.e. email, chat, etc.) Eavesdropping
A type 0 ICMP message used to reply to ECHO requests. Used with ping to verify connectivity between hosts. ECHO Reply
A system used by the Securities and Exchange Commission. Companies used this to file SEC required forms and documentation. The database is freely available to the public via the internet and is a potential source of information for hackers. EDGAR Database
Block cipher mode of operation. Each possible block of plaintext has a defined corresponding ciphertext value and vice versa. ECB (Electronic Code Book)
An 11-digit decimal number or 8-digit hexadecimal number to identify mobile devices. Created by the FCC (Federal Communications Commission). Electronic Serial Number
Process of attaching a particular protocol header and trailer to a unit of data before transmission over a network. Happens at layer 2 of the OSI reference model. Encapsulation
The conversion of plaintext to ciphertext via the use of a cryptographic algorithm. Encryption
A software license agreement. The contract between the licensor (copyright owner) and the purchaser (user). Establishes the right to use the software (as well limitations of its use). EULA (End User Licensing Agreement)
In Penetration Testing. The act of querying a device or network segment thoroughly and systematically for information. Enumeration
Baseband LAN specification. Uses the CSMA/CD method of media access control. One of the least expensive and most widely deployed networking standards. Ethernet
A computer security expert who performs security audits and penetration testing on systems and networks but only with the owner's full knowledge and permission. The goal is to increase a system's security posture. Ethical Hacker
Any network incident that prompts some kind of log entry or other notification. Event
Taking advantage of a bug or vulnerability in order to cause unanticipated behaviors or damages to a system or network. Exploit
A potential percentage of loss to an asset if a certain threat is realized. The percentage is assigned by the person assessing the risk. This value is used in the ALE formula if a total loss is not expected. EF (Exposure Factor)
A protocol for authentication used within wireless networks. Originally an authentication extension of PPP (point-to-point protocol). EAP (Extensible Authentication Protocol)
Created by: infotech