Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CEH Terms - Q, R & S

Certified Ethical Hacker Terms and Definitions - Q, R, S - info tech

QuestionAnswer
A non-numerical, subjective risk evaluation. Used with a qualitive assessment. Qualitive Analysis
A defined measure of service within a network system. Quality of Service (QoS)
Calculations of two components of risk (R). The magnitude of the potential loss (L) and the Probability (P) that the loss will occur. Quantitative Risk Assessment
A backlog of packets stored in buffers and waiting to be forwarded over an interface. Queue
Formerly called Redundant Array of Inexpensive Disks. Multiple disk drives are combined into a logical unit. Data is distributed across the drives in one of several different ways (Levels). RAID (Redundant Array of Independent Disks)
The steps taken to gather evidence and information on the targets you wish to attack. Reconnaissance
A group of penetration testers that assess the security of an organization, which is often unaware of the existence of the team or the exact assignment. Red Team
Access by information systems (or users) communicating from outside the information system security perimeter. Remote Access
A protocol that allows a client computer to request services from a server and the server to return the results. RPC (Remote Procedure Call)
An attack where the hacker repeats a portion of a cryptographic exchange in hopes of fooling the system into setting up a communications channel. Replay Attack
Used to find the domain name associated with an IP address; the opposite of a DNS lookup. Reverse DNS Lookup; reverse lookup
A social engineering attack that manipulates the victim into calling the attacker for help. Revers Social Engineering
A series of documents and notes on standards used, or proposed for use, on the Internet. Each on is identified by a number. RFCs (Request for Comments)
The last portion of the SID that identifies the user to the system in Windows. RID (Resource Identifier)
An encryption standard designed by Joan Daemen and Vencent Rijmen. Chosen by a NIST contest to be the Advanced Encryption Standard (AES). Rijndael
A networking configuration where all nodes are connected in a circle with no terminated ends on the cable. Ring Topology
The potential for damage to or loss of an IT asset. Risk
An informed decision to accept some level of potential damage to or loss of an IT asset. Risk Acceptance
An evaluation conducted to determine the potential for damage to or loss of an IT asset. Risk Assessment
Shifting responsibility from one party to another (i.e., purchasing an insurance policy) Risk Transference
A wireless access point that has been installed on a secure network without authorization from a network administrator. Rogue access Point
An approach to to restricting system access to authorized users and where permissions to perform certain operations are assigned to specific roles. Role-based Access Control
A set of tools that enable administrator level access to a computer or computer network. They are designed to hide the fact that the system has been comprimised. Rootkit
The information contained on a device that gives the instructions for reaching other nodes on the network. Route
A protocol defining packets that are able to be routed by a router. Routed Protocol
A deveice that receives and sends data packets between two or more networks. The packet headers and a table on the device provide the necessary information to decide which interface to use to forward the packtes. Router
A distant-vector routing protocol that employs the hop count as a routing metric. The maximum number of hops allowed is 15. The "hold down time" is 180 seconds. RIP (Routing Information Protocol)
A standard developed to enable routers to exchange messages containing information about routes to reach subnets in the network. Routing Protocol
A set of rules defined by a system administrator that indicates whether access is allowed or denied to resource objects. Rule-based Access Control
The ________ file in Windows stores all the password hashes for the system. SAM (Security Accounts Manager)
A term used to describe an attacker, who uses simple, easy-to-follow scripts or programs developed by others to attack computer systems and networks, and to deface websites. Script Kiddie
A means of exchanging information from one entity to another using a process that does not provide an attacker the opportunity to intercept or corrupt information. Secure Channel
A standard for encrypting and authenticating MIME data; used primarily for Internet e-mail. S/MIME (Secure Multipurpose Mail Extension)
A protocol that uses a private key to encrypt data before transmitting confidential documents over the Internet. Used widely on E-commerce and banking sites. SSL (Secure Sockets Layer)
An announcement from a software vendor about a discovered security vulnerability in a program. Will often contain instructions for a software patch. Security Bulletins
A principle in security that attempts to use anonymity and secrecy to provide security. The footprint of the entity is kept as small as possible to avoid interest by hackers. Security by Obscurity
A group of experts that handle computer security incidents. Security Incident Response Team (SIRT)
The central part of a computer or communications system's hardware, firmware and software that implements basic security procedures for access to system resources. Security Kernel
A part of a service contract where the level of service is formally defined. May be required as part of an initial penetration test agreement. SLAs (Service Level Agreements)
A value assigned to uniquely identify a single wide area network (WAN) in wireless LANs. These are broadcast by default and provide no encryption or security. SSID (Service Set Identifier)
An attack in which a hacker steps between two ends of an already-established communication session and uses specialized tools to guess sequesnce numbers to take over the channel. Session Hijacking
A method used to prevent IDS detection by dividing the request into multiple parts that are sent in different packets. Session Splicing
A protocol for exchanging packets over a serial line. SLIP (Serial Line Internet Protocol)
A stand-alone computer, kept off the network, that is used for scanning potentially malicious media or software. Sheepdip
Looking over a user's shoulder in order to steal information (such as username and password) Shoulder Surfing
Attacks that take advatage of the built-in code and scripts most off-the-shelf applications come with. Shrink-wrap Code Attacks
The method by which Windows identifies user, group and computer accounts for rights and permissions. SID (Security Identifier)
A hacking method for stealing the cookies used during a session bulid and replaying them for unauthorized connection puposes. Sidejacking
A method for detecting malicious code on a computer by comparing the signatures of known viruses stored in a database. Signature Scanning (AV Scanning)
An Application layer protocol for sending electronic mail between servers. SMTP (Simple Mail Transfer Protocol)
An Application layer protocol for managing devices on a network. SNMP (Simple Network Management Protocol)
Used for exchanging structured information, such as XML-based messages, in the implementation of web services. SOAP (Simple Object Access Protocol)
The monetary value loss expected when a risk event occurs on an asset. Mathematically expressed as; ______ = asset value (AV) x exposure factor (EF) Single Loss Expectancy (SLE) SLE = AV x EF
An ID card with a built in microprecessor and memory chip which transfers data to and from a central computer when inserted into a reader. Smart Card
A denial-of-service attack where a ping is sent to the network's broadcast address from a spoofed IP address of the attack target. The target is then flooded with replies. Smurf Attack
Computer software or hardware than can intercept and log traffic passing over a digital network. Sniffer
A non-technical method of hacking in which sensitive information is gained through the art of manipulating people, both in person, or via computing methods. Social Engineering
A network traffic management technique designed to allow applications to specify the route a packet will take to a final destination, regardless of what the route tables say. Source Routing
An electronic version of junk mail. Unsolicited commercial email sent to numerous recipients. Spam
A method of falsely identifying the source of data packets. It's often used by hackers to make it difficult to trace where an attack originated. Spoofing
A type of malware that covertly collects information about a user. Spyware
A method of network traffic filtering that monitors the entire communications process, including the originator of the session and from which direction it started. Stateful Packet Filtering
The art and science of creating a covert message or image within another message, image, audio or video file. Steganography
A hacker who aims to bring down critical infrastructure for a "cause" and does not worry about the penalties associated with his actions. Suicide Hacker
A class of algorithms for cryptography that use the same cryptographic key for both encryption and decryption. Symmetric Algorithm
A type of denial-of-service attack where a hacker sends thousands of SYN packets to the target with spoofed IP addresses. Syn Flood Attack
A protocol used for sending and receiving log information for nodes on a network. Syslog
Created by: infotech