CEH study cards

Question 1

Address Resolution Protocol (ARP)

Answer 1

A protocol used to resolve the owner of a given
MAC address when given a specific IP address. The companion to ARP is Reverse Address
Resolution Protocol (RARP).

Question 2

ARP cache poisoning

Answer 2

A technique by which the ARP cache or table on a target system
is altered according to the goals of the attacker. Typically, the goal is to change the path of
traffic or queries.

Question 3

backdoor

Answer 3

The process of using tools such as Telnet to retrieve information for a
service with the goal of identification and capabilities.

Question 4

buffer

Answer 4

A discrete section of memory used to temporarily hold results and instructions during
execution of an application.

Question 5

buffer overflow

Answer 5

An attack in which code is injected into a buffer with the intention of
interrupting or taking over the execution of an application.

Question 6

Common Internet File System (CIFS)/Server Message Block (SMB)

Answer 6

A network filesharing
protocol that is implemented in Microsoft operating systems. CIFS is a more
modern implementation of the SMB protocol.

Question 7

covert channel

Answer 7

A method of transferring data or instructions in a system in a way that is
counter to its intended design or functioning.

Question 8

cross-site scripting (XSS)

Answer 8

A method of breaching security that exploits the technology of
dynamically generated web pages. In this type of attack, a script is delivered along with normal
content to be processed by a victim’s system. Because dynamic websites rely on user input, a
malicious user can input a malicious script into the page by hiding it within legitimate requests.

Question 9

demilitarized zone (DMZ)

Answer 9

A buffer zone between an intranet and the Internet. Typically
constructed with firewalls with the intention of hosting publicly accessible services.

Question 10

egress filtering

Answer 10

A method used to prevent traffic matching certain criteria from exiting
the network. Typically implemented with routers or firewalls.

Question 11

enumeration

Answer 11

A method of exploring the services and resources of a system to ascertain
the nature of the target.

Question 12

firewalking

Answer 12

A method used to discover the configuration and operation of a firewall.

Question 13

footprinting

Answer 13

The gathering of reconnaissance or information about an environment.

Question 14

Fraggle Attack

Answer 14

A UDP-based DoS attack that overwhelms a target with a large amount
of traffic. The attack utilizes an intermediate network between the attacker and the target,
which amplifies the force of the attack.

Question 15

fragmentation

Answer 15

The breaking of packets into smaller pieces. Completely normal in the
operation of a network; however, using a packet crafter, fragmentation may be used to
evade an NIDS or firewall.

Question 16

gray hat

Answer 16

A hacker who may work both offensively and defensively at times. Also considered
to be an individual who was a black hat at one time and later became a white hat. It is
not uncommon for these types of hackers to work for monetary or personal gain.

Question 17

handler

Answer 17

A system that is used to issue commands and other instructions to the members
of a botnet.

Question 18

hash

Answer 18

The fixed-length value that results from a hash function.

Question 19

hash function

Answer 19

An algorithm used to generate a unique fixed-length value for each input.

Question 20

honeynet

Answer 20

A group of systems or networks set up with the intention of looking vulnerable
to attract attackers.

Question 21

honeypot

Answer 21

A single system designed to entice attackers by appearing to be vulnerable.

Question 22

Hypertext Transfer Protocol (HTTP)

Answer 22

A protocol used to exchange unencrypted

information typically involving web pages or web services.

Question 23

Hypertext Transport Protocol Secure (HTTPS)

Answer 23

HTTP that uses SSL to encrypt its

communication.

Question 24

ingress filtering

Answer 24

The method of blocking or allowing traffic based on rules about what is
and isn’t accepted on a network.

Question 25

Internet Protocol Security Architecture (IPsec)

Answer 25

A technology used to provide privacy, | nonrepudiation, integrity, and authentication services.

Question 26

Kerberos

Answer 26

An authentication, authorization, and accounting (AAA) server that is used across platforms and technologies to validate users and systems.

Question 27

land attack

Answer 27

An attack in which a packet is sent to a system with both the source and destination IPs set to the same as those of the victim.

Question 28

logic bomb

Answer 28

A piece of malware that activates only when a predefined condition is met.

Question 29

man-in-the-middle (MitM)

Answer 29

An attack in which a third party inserts themselves between | two parties in order to intercept and/or alter their communications.

Question 30

Network Address Translation (NAT)

Answer 30

A method of directing traffic from multiple private IPs through a single or much smaller group of public IPs. From a security standpoint, NAT prevents or reduces the ability of outside parties to view information about internal systems.

Question 31

Network Basic Input/Output System (NetBIOS)

Answer 31

A set of services used to enhance sharing of information and resources on small networks. NetBIOS has been largely replaced in enterprise environments by other, more secure protocols and services.

Question 32

null session

Answer 32

A vulnerability in Windows that allows for an anonymous connection to the hidden administrator share on a system.

Question 33

overt channel

Answer 33

A mechanism on a system designed and built into a system that represents the way a system is intended to be used

Question 34

ping of death

Answer 34

An attack in which a specially constructed packet is directed toward a system with the intent of creating a DoS. The packet is designed to be fragmented by the network but reassembled by the victim into a size too large for it to handle, thus causing a crash.

Question 35

ping sweep

Answer 35

A network scan in which multiple hosts are targeted with a ping to see if they are up or down. Ping sweeps are normally delivered across a broadcast domain.

Question 36

POODLE attack

Answer 36

An attack that targets vulnerabilities in SSL 3.0 by downgrading TLS sessions first and then exploiting defects in SSL.

Question 37

Post Office Protocol (POP)

Answer 37

A protocol used to retrieve email from an email server.

Question 38

Pretty Good Privacy (PGP)

Answer 38

A peer-to-peer key exchange and encryption system | commonly used with email applications.

Question 39

private key

Answer 39

An encryption key that is held by a single person or organization and used with a corresponding public key. Messages encrypted with the public key can be decrypted with the private key and vice versa.

Question 40

public key

Answer 40

The companion to a private key, but unlike the private key, it is available to all parties.

Question 41

reverse proxy

Answer 41

A host that allows external clients to access internal resources by rewriting URLs, thereby masking the internal resource.

Question 42

Security Accounts Manager (SAM)

Answer 42

A database stored locally on a Windows system that | contains information about users and groups on that system.

Question 43

session hijacking

Answer 43

The taking over of a session between two parties. Can be performed at a network level or at a web application level.

Question 44

sheep dip

Answer 44

A computer specifically set up with the goal of disinfecting or removing malware.

Question 45

Simple Mail Transfer Protocol (SMTP)

Answer 45

A protocol used for the transfer of email and | messages from one system to another.

Question 46

Simple Network Management Protocol (SNMP)

Answer 46

A protocol used to send and receive | messages or traps to and from network devices and an SNMP agent.

Question 47

Smurf Attack

Answer 47

A TCP-based DoS attack designed to overwhelm a target with traffic passed through an intermediate amplifying network.

Question 48

teardrop attack

Answer 48

An attack that relies on crafting packets in a way that creates malformed packets that will cause problems in some systems.

Question 49

User Datagram Protocol (UDP)

Answer 49

A connectionless protocol considered to be a best effort in design. UDP is the opposite of TCP; where TCP offers flow control and acknowledgments, UDP does not.

Question 50

web spider

Answer 50

A software application designed to locate and analyze web content typically used by search engines to catalog and update content.