CEH Glossary Deck 2

Question 1

access point (AP)

Answer 1

A wireless LAN device that acts as a central point for all wireless traffic.

The AP is connected to both the wireless LAN and the wired LAN, providing wireless clients access to network resources.

Question 2

accountability

Answer 2

The ability to trace actions performed on a system to a specific user or system entity.

Question 3

acknowledgment (ACK)

Answer 3

A TCP flag notifying an originating station that the preceding packet (or packets) has been received.

Question 4

active attack

Answer 4

An attack that is direct in nature—usually where the attacker injects something into, or otherwise alters, the network or system target.

Question 5

bastion host

Answer 5

A computer placed outside a firewall to provide public services to other Internet sites and hardened to resist external attacks.

Question 6

biometrics

Answer 6

A measurable, physical characteristic used to recognize the identity, or to verify the claimed identity, of an applicant.

Facial images, fingerprints, and handwriting samples are all examples of biometrics.

Question 7

bit flipping

Answer 7

A cryptographic attack where bits are manipulated in the cipher text to generate a predictable outcome in the plain text once it is decrypted.

Question 8

Challenge Handshake Authentication Protocol (CHAP)

Answer 8

An authentication method on point-to-point links, using a three-way handshake and a mutually agreed-upon key.

Question 9

CIA triad

Answer 9

Confidentiality, integrity, and availability. These are the three fundamental aspects of security.

Question 10

cipher text

Answer 10

Text or data in its encrypted form; the result of plain text being input into a cryptographic algorithm.

Question 11

client

Answer 11

A computer process that requests a service from another computer and accepts the server’s responses.

Question 12

database

Answer 12

An organized collection of data.

Question 13

decryption

Answer 13

The process of transforming cipher text into plain text through the use of a cryptographic algorithm.

Question 14

defense in depth

Answer 14

An information assurance strategy in which multiple layers of defense are placed throughout an information technology system.

Question 15

Electronic Code Book (ECB)

Answer 15

A mode of operation for a block cipher, with the characteristic that each possible block of plain text has a defined corresponding cipher-text value, and vice versa.

Question 16

electronic serial number

Answer 16

Created by the U.S. Federal Communications Commission to uniquely identify mobile devices; often represented as an 11-digit decimal number or 8-digit hexadecimal number.

Question 17

encapsulation

Answer 17

The process of attaching a particular protocol header and trailer to a unit of data before transmission on the network.

It occurs at Layer 2 of the OSI reference model.

Question 18

Fast Ethernet

Answer 18

An Ethernet networking system transmitting data at 100 million bits per second (Mbps), ten times the speed of an earlier Ethernet standard.

Derived from the Ethernet 802.3 standard, it is also known as 100BaseT.

Question 19

Fiber Distributed Data Interface (FDDI)

Answer 19

LAN standard, defined by ANSI X3T9.5, specifying a 100-Mbps token-passing network using fiber-optic cable and a dual-ring architecture for redundancy, with transmission distances of up to 2 kilometers.

Question 20

File Allocation Table (FAT)

Answer 20

A computer file system architecture used in Windows, OS/2, and most memory cards.

Question 21

Government Access to Keys (GAK)

Answer 21

An attempt through key disclosure laws to have software companies provide copies of all keys to the government, which will be used only when a warrant is provided during law enforcement efforts.

Question 22

gray hat

Answer 22

A skilled hacker who straddles the line between white hat (hacking only with permission and within guidelines) and black hat (malicious hacking for personal gain).

Gray hats sometime perform illegal acts to exploit technology with the intent of achieving better security.

Question 23

gray-box testing

Answer 23

A penetration test in which the ethical hacker has limited knowledge of the intended target(s).

Designed to simulate an internal but non-system-administrator-level attack.