What is an Ethical Hacker? To beat a hacker, you need to think like one! Ethical Hacking is often referred to as the process of penetrating one s own computer/s or computers to which one has official permission to do so as to determine if vulnerabilities exist and to undertake preventive, corrective, and protective countermeasures before an actual compromise to the system takes place. Become a Certified Ethical Hacker A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The purpose of the CEH credential is to: Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures. Inform the public that credentialed individuals meet or exceed the minimum standards. Reinforce ethical hacking as a unique and self-regulating profession. Certification Target Audience The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Exam Information The CEH exam (312-50) is available at the ECC Exam Centre and Pearson Vue testing centers. For VUE, please visit http://www.vue.com/eccouncil. EC-Council reserves the right to revoke the certification status of candidates that do not comply to all EC-Council examination policies found here.
CEH Exam Details CEH Exam Details Duration 4 Hours Questions 125
CEH Exam Blueprint v2.0 EC-Council
Sec on Knowledge of: Weight Number of I. Background A. networking technologies (e.g., hardware, infrastructure) 4% 5 B. web technologies (e.g., web 2.0, skype) C. systems technologies D. communi ca on protocol s E. malware opera ons F. mobile technologies (e.g., smart phones) G. telecommunica on technologies H. backups and archiving (e.g., local, network) II. Analysis/Assessment A. data analysis 13% 16 B. systems analysis C. risk assessments D. technical assessment methods III. Security A. systems security controls 25% 31 B. applica on/file server C. firewalls D. cryptography E. network security F. physical security G. threat modeling H. verifica on procedures (e.g., false posi ve/nega ve valida on) I. social engineering (human factors manipula on) J. vulnerability scanners K. security policy implica ons L. privacy/confiden ality (with regard to engagement) M. biometrics N. wireless access technology (e.g., networki ng, RFID, Bl uetooth) O. trus ted networks P. vulnerabili es CEH Exam Blueprint 1
Sec on Knowledge of: Weight Number of IV. Tools / Systems / A. network/host based intrusion 32% 40 Programs B. network/wireless sniffers (e.g., WireShark, Airsnort) C. access control mechanisims (e.g., smart cards) D. cryptography techniques (e.g., IPsec, SSL, PGP) E. programming languages (e.g. C++, Java, C#, C) F. scrip ng languages (e.g., PHP, Java script) G. boundary protec on appliances H. network topologies I. subne ng J. port scanning (e.g., NMAP) K. domain name system (DNS) L. routers/modems/switches M. vulnerability scanner (e.g., Nessus, Re na) N. vulnerability management and protec on systems (e.g., Founds tone, Ecora) O. opera ng environments (e.g., Linux, Windows, Mac) P. an virus systems and programs Q. log analysis tools R. security models S. exploita on tools T. database structures V. Procedures / A. cryptography 20% 25 Methodology B. public key infrastructure (PKI) C. Securi ty Archi tecture (SA) D. Service Oriented Architecture E. informa on security incident F. N- er applica on design G. TCP/IP networking (e.g., network rou ng) H. security tes ng methodology VI. Regula on/policy A. security policies 4% 5 B. compliance regula ons (e.g., PCI) VII. Ethics A. professional code of conduct 2% 3 B. appropriateness of hacking CEH Exam Blueprint 2