Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certified Ethical Hacker CEH/Acronyms/Part 1

Acronym study

CEH Acronyms — Part 1 of 2

Terms 1–30 of 32 CEH acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

Part 1 of 2Part 2 →

Term 1

Active reconnaissance

Active reconnaissance is the process of directly interacting with a target system or network to gather information, often through scanning and probing.

Full entry →
Full Active reconnaissance glossary entry →

Term 2

Bluetooth Hacking

Bluetooth hacking is the unauthorised access or manipulation of a device through its Bluetooth wireless connection.

Full entry →
Full Bluetooth Hacking glossary entry →

Term 3

Covering Tracks

Covering tracks is the process attackers use to hide their activity and remove evidence of a security breach after gaining unauthorized access to a system.

Full entry →
Full Covering Tracks glossary entry →

Term 4

Cross Site Scripting XSS

Cross Site Scripting (XSS) is a web security vulnerability where an attacker injects malicious scripts into web pages viewed by other users, enabling theft of data or session hijacking.

Full entry →
Full Cross Site Scripting XSS glossary entry →

Term 5

CSRF

Cross-Site Request Forgery is an attack that tricks a user into performing an unwanted action on a web application where they are currently authenticated.

Full entry →
Full CSRF glossary entry →

Term 6

CVSS Scoring

CVSS Scoring is a standardized framework for rating the severity of security vulnerabilities, helping organizations prioritize fixes based on a numeric score from 0 to 10.

Full entry →
Full CVSS Scoring glossary entry →

Term 7

DNS enumeration

DNS enumeration is the process of systematically querying a Domain Name System (DNS) server to gather information about a target domain, including its subdomains, IP addresses, and mail server records.

Full entry →
Full DNS enumeration glossary entry →

Term 8

Evil Twin Attack

An evil twin attack is a type of wireless hacking where a fake Wi-Fi access point mimics a legitimate one to trick users into connecting, allowing the attacker to intercept traffic and steal data.

Full entry →
Full Evil Twin Attack glossary entry →

Term 9

Exploit Databases

An exploit database is a curated collection of known software vulnerabilities, proof-of-concept exploit code, and security research findings used by ethical hackers and security professionals to test and defend systems.

Full entry →
Full Exploit Databases glossary entry →

Term 10

File Inclusion Attacks

File inclusion attacks exploit web application vulnerabilities to load remote or local files, often allowing attackers to execute code, steal data, or compromise a server.

Full entry →
Full File Inclusion Attacks glossary entry →

Term 11

LDAP Enumeration

LDAP Enumeration is the process of querying a Lightweight Directory Access Protocol server to gather information about users, groups, computers, and other network resources in an organization.

Full entry →
Full LDAP Enumeration glossary entry →

Term 12

NetBIOS Enumeration

NetBIOS Enumeration is the process of gathering information from a Windows system using the NetBIOS protocol to discover shares, users, and system details over a network.

Full entry →
Full NetBIOS Enumeration glossary entry →

Term 13

Nmap Scanning

Nmap scanning is a method used to discover devices running on a network and find open ports, services, and security weaknesses.

Full entry →
Full Nmap Scanning glossary entry →

Term 14

OSINT Techniques

OSINT techniques are methods used to collect information from publicly available sources for security assessments or investigations.

Full entry →
Full OSINT Techniques glossary entry →

Term 15

OWASP Top 10

The OWASP Top 10 is a regularly updated list of the most critical security risks to web applications, published by the Open Web Application Security Project (OWASP) to help developers and security professionals prioritize and mitigate common vulnerabilities.

Full entry →
Full OWASP Top 10 glossary entry →

Term 16

Passive reconnaissance

Passive reconnaissance is the process of gathering information about a target system or network without directly interacting with it, using publicly available sources and stealthy observation.

Full entry →
Full Passive reconnaissance glossary entry →

Term 17

Password Cracking

Password cracking is the process of using software tools or techniques to recover unknown passwords from stored data or by guessing them systematically.

Full entry →
Full Password Cracking glossary entry →

Term 18

Persistence Mechanisms

Techniques used by attackers to maintain long-term access to a compromised system after an initial breach.

Full entry →
Full Persistence Mechanisms glossary entry →

Term 19

Port Scanning Techniques

Port scanning techniques are methods used to probe a computer or network to discover which network ports are open and which services are running on those ports.

Full entry →
Full Port Scanning Techniques glossary entry →

Term 20

Privilege escalation

Privilege escalation is when a user or attacker gains more access or control over a system than they are supposed to have.

Full entry →
Full Privilege escalation glossary entry →

Term 21

RFID Hacking

RFID hacking is the practice of exploiting security weaknesses in Radio Frequency Identification systems to read, clone, or manipulate data on RFID tags without authorization.

Full entry →
Full RFID Hacking glossary entry →

Term 22

Rootkit Installation

Rootkit installation is the process by which an attacker places hidden malicious software on a system to gain persistent, stealthy administrative access while avoiding detection by the operating system and security tools.

Full entry →
Full Rootkit Installation glossary entry →

Term 23

Service Enumeration

Service enumeration is the process of actively connecting to a target system to identify running services, open ports, and detailed information about those services for security assessment.

Full entry →
Full Service Enumeration glossary entry →

Term 24

Session Hijacking

Session hijacking is an attack where a cybercriminal steals or takes over a user's active session with a web application, allowing the attacker to pretend to be that user without needing their password.

Full entry →
Full Session Hijacking glossary entry →

Term 25

SNMP Enumeration

SNMP Enumeration is the process of querying a device's Simple Network Management Protocol service to extract information about its configuration, running processes, user accounts, and network connections.

Full entry →
Full SNMP Enumeration glossary entry →

Term 26

Social Engineering Recon

Social Engineering Recon is the phase where an attacker gathers information about a target by manipulating people, not computers, to reveal secrets or access.

Full entry →
Full Social Engineering Recon glossary entry →

Term 27

SQL injection

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries an application makes to its database, often to read, modify, or destroy data.

Full entry →
Full SQL injection glossary entry →

Term 28

Steganography

Steganography is the practice of hiding a secret message inside an ordinary, non-secret file such as an image, audio, or video to keep the message hidden from casual observers.

Full entry →
Full Steganography glossary entry →

Term 29

Vulnerability assessment

A vulnerability assessment is a systematic review of security weaknesses in an information system, evaluating if the system is susceptible to any known vulnerabilities, assigning severity levels, and recommending remediation or mitigation.

Full entry →
Full Vulnerability assessment glossary entry →

Term 30

WHOIS lookup

WHOIS lookup is a query and response protocol used to search databases that store the registration information of domain names and IP address blocks.

Full entry →
Full WHOIS lookup glossary entry →
Part 2 →

Acronym parts

Part 1currentPart 2

Study resources

All CEH Acronyms→CEH Practice Tests→CEH Study Guide→Exam Domains→