What are the five phases of ethical hacking?
1) Reconnaissance, 2) Scanning & Enumeration, 3) Gaining Access, 4) Maintaining Access, 5) Covering Tracks.
Define “white hat,” “gray hat,” and “black hat” hackers.
White Hat: Ethical hackers with permission.
Gray Hat: May break rules but without malicious intent.
Black Hat: Illegal hackers with malicious intent.
What is the difference between vulnerability assessment and penetration testing?
Vulnerability Assessment: Identifies potential flaws.
Penetration Testing: Actively exploits vulnerabilities to gauge real risk.
Define the concept of “Defense in Depth.”
A strategy of using multiple layers of defense (firewalls, IDS, encryption, policies, etc.) to protect systems.
What is the difference between threat, vulnerability, and risk?
Threat: Potential danger or attacker.
Vulnerability: A weakness that can be exploited.
Risk: The likelihood and impact of a threat exploiting a vulnerability.
What does the CIA triad stand for?
Confidentiality, Integrity, Availability — the core principles of information security.
What is the role of the EC-Council in CEH certification?
The EC-Council develops and administers the CEH exam and certification.