CEH Chapter 1

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
Across
  1. 1. process to identify analyze and resolve incidents
  2. 4. using AI to identify and block fraudulent transactions
  3. 7. structured framework describing stages of cyber attacks
  4. 12. weakness exploitable by threat actors
  5. 13. authorized security testing to identify vulnerabilities
  6. 14. gathering intelligence from human technical and open sources
  7. 15. verification that user or data is genuine
  8. 18. points where trust levels change in application
  9. 19. actions to investigate contain mitigate and eradicate incidents
  10. 20. monitoring network for abnormal or unauthorized activity
  11. 22. analyzing data patterns to anticipate future threats
  12. 25. restoring systems services and data after incident
  13. 28. identifying active hosts open ports services
  14. 30. framework for managing information security risks
  15. 33. collecting and combining data before exfiltration
  16. 34. attacker enumeration and discovery inside target network
  17. 35. locations where users or attackers access application
  18. 37. severity or impact if risk event occurs
  19. 38. US law requiring federal agency information security programs
  20. 40. uncertainty of potential damage from an adverse event
  21. 41. technology performing repetitive security tasks automatically
  22. 43. multiple security layers protecting information systems
  23. 44. EU regulation protecting personal data and privacy
  24. 45. patterns methods used by threat actors
  25. 46. systems and data accessible when required
  26. 47. chart comparing likelihood and consequence to rate risk
  27. 48. collecting and analyzing threat data for decisions
Down
  1. 2. structured process to identify application security threats
  2. 3. assurance sender cannot deny transmitted message
  3. 5. gaining higher access rights after compromise
  4. 6. pattern of activity showing malicious behavior
  5. 8. chance that a risk event will occur
  6. 9. unknown security flaw exploited before patch
  7. 10. extracting detailed system information through active queries
  8. 11. identifying potential attacks targets and methods before attack
  9. 16. collection and analysis of cyber threat data
  10. 17. hiding malicious traffic inside DNS requests
  11. 21. spotting unusual activity that may indicate attacks
  12. 22. security standard for organizations handling cardholder data
  13. 23. forensic clues suggesting intrusion or malicious activity
  14. 24. assurance information accessible only authorized users
  15. 26. initial information gathering before launching attack
  16. 27. preventing spread of incident to other systems
  17. 29. protection against unauthorized modification of data
  18. 31. using AI to detect botnet behavior and intrusions
  19. 32. layered security approach using multiple controls
  20. 36. misuse of scripts to automate attacks or exfiltration
  21. 39. remote control script placed on a web server
  22. 42. attempt to exploit system security weaknesses