Certified Ethical Hacker (CEH) certification – Overview of domains
EC-Council’s Certified Ethical Hacker (CEH) exam tests candidates on their knowledge of five ethical hacking phases (Reconnaissance, Gaining Access, Enumeration, Maintaining Access, Covering Your Tracks), various attack vectors and preventative countermeasures.
All topics covered by the certification give an insight into understanding how hackers think and act. Professionals are better positioned to set up a security infrastructure and defend against attacks.
As EC-Council states, “to catch a hacker, you need to think as one;” then, the CEH credential is designed to give professionals the ability to apply the same knowledge and methodologies as malicious hackers, but lawfully legitimately. In essence, “CEH was built to incorporate a hands-on environment and systematic process across every ethical hacking domain and methodology, allowing you to work towards proving the required knowledge and skills needed to perform the job of an ethical hacker.”
Getting ready for the CEH exam
CEH v11 continues to evolve by covering the latest operating systems, tools, tactics, exploits, and technologies used by hackers and information security professionals to break into an organization.
Taking the CEH exam for certification offers theoretical knowledge combined with practical, proctored assessments to ensure that candidates who pass the course have the necessary hacking knowledge that can be leveraged to progress in their careers.
There are two ways to obtain eligibility for attempting the exam. The first option is to complete the EC-Council’s CEHv11 e-Courseware ($850); the second option is to acquire at least two years of work experience in the information security domain, as verified by a supervisor or department lead, pay USD100 as a non-refundable application fee and go through an application process before receiving an eligibility code and paying for the voucher code necessary to register and schedule the test.
The CEH subjects
The CEH credential exams 312-50 (ECC EXAM) and 312-50 (VUE) consist of 125 questions broken into nine different domains:
- Information Security and Ethical Hacking Overview (6%)
- Reconnaissance Techniques (21%)
- System Hacking Phases and Attack Techniques (17%)
- Network and Perimeter Hacking (14%)
- Web Application Hacking (16%)
- Wireless Network Hacking (6%)
- Mobile Platform, IoT, and OT Hacking (8%)
- Cloud Computing (6%)
- Cryptography (6%)
To successfully pass the CEH test, candidates must refer to the Exam Blueprint v4.0.
The actual percentage of questions you must answer correctly varies; the cut scores can range from 60% to 85%, depending on which exam form is challenged.
If successful, candidates will receive their digital ANSI accredited CEH certificate within seven working days.
Passing the exam certifies applicants for three years, during which they must earn EC-Council Continued Education (ECE) credits. Certified members will have to achieve 120 credits to be re-accredited for the next three-year period.
The nine CEH domains
The material covered by the CEH Exam Blueprint v4.0 is divided into nine different domains. Each domain is tested by a minimum of two and a maximum of ten questions representing all subdomains. Below is a brief overview of CEH v4 topics (CEH v11 objectives) covered in each exam section.
- Introduction to Ethical Hacking
This domain covers basic information security and ethical hacking concepts and cyber kill chain, information security controls and standards.
- Footprinting and Reconnaissance
- Scanning Networks
This domain covers footprinting (Website, email, DNS and Whois…), including tools and countermeasures, scanning tools and network diagrams, and enumeration concepts (NetBIOS, SNM, LDAP NTP, NFS, SMTP and DNS enumeration and more techniques and countermeasures).
- Vulnerability Analysis
- System Hacking
- Malware Threats
This important domain is about vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems. It covers assessments, tools and reporting. It also tests system hacking methodology, steganography, steganalysis attacks, covering tracks and different types of malware (Trojan, Virus, worms etc.), system auditing for malware attacks, malware analysis and countermeasures.
- Social Engineering
- Session Hijacking
- Evading IDS, Firewalls, and Honeypots
Another important domain that covers essential topics in the life of an ethical hacker. Subjects include sniffing techniques to discover network vulnerabilities and countermeasures to defend against sniffing; firewalls, IDS and honeypot evasion techniques, evasion tools and techniques to audit a network perimeter for weaknesses, and countermeasures; social engineering techniques and how to identify theft attacks to audit human-level vulnerabilities and which countermeasures can be used; DoS/DDoS attack and protection techniques and tools as well as countermeasures; session hijacking techniques, authentication/authorization and cryptographic weaknesses and countermeasures.
- Hacking Web Servers
- Hacking Web Applications
- SQL Injection
This domain includes a comprehensive web application hacking methodology to audit vulnerabilities in web applications and countermeasures; attack methodology to audit vulnerabilities in web server infrastructure and countermeasures; SQL injection attack techniques, injection detection tools and countermeasures.
- Hacking Wireless Networks
This domain is about wireless encryption, wireless hacking methodology, wireless hacking tools, and Wi-Fi security tools.
- Hacking Mobile Platforms
- IoT and OT Hacking
This domain covers mobile platform attack vectors, android OS vulnerability exploitations, mobile device management, security guidelines and tools. It also addresses threats to IoT and OT platforms and defends IoT and OT devices.
- Cloud Computing
This domain is devoted to cloud computing concepts, container technology, serverless computing, the working of various threats and attacks, and security techniques and tools.
Also, this last domain concentrates on a single topic, covering cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks and cryptanalysis tools.
Preparing for the CEH exam
Multiple options exist for preparing for the CEH exam; the EC-Council, for example, offers its own preparatory course. Other boot camp-style courses are also available for students looking for different learning options that better match their learning needs.
For professionals who prefer self-study, test preparation books allow them to study at their own pace.
Combining these training methods is the best bet for preparing and passing the exam. Though you can’t replace hands-on experience, resources like the CEH textbook are an excellent way to review the theory behind the practice, fill knowledge gaps and facilitate application concepts in the field while working on assignments.
Importance of the Certified Ethical Hacker certification
The Certified Ethical Hacker exam is a great way for someone relatively new to information security to demonstrate knowledge and experience in carrying out penetration testing tasks to current or potential clients or employers.
The CEH credential suits a wide-ranging audience of security officers, auditors, site administrators, warning analysts, pentesters, compliance analysts, security consultants and anyone tasked to protect a network’s integrity through ethical hacking techniques.
The demand for ethical hackers continues to be high; therefore, whether as a red team member, pentester or freelance offensive consultant, this is a good time to be in the field and become certified (EC-Council CEH) to enjoy high job placement and potentially higher compensation rates.
- Certified Ethical Hacker | CEH, EC-Council
- Certified Ethical Hacker, EC-Council
- CEH Exam Blueprint v4.0, EC-Council
- CEH Candidate Handbook v6, EC-Council
- CEHv11 e-Courseware, EC-Council
- CEH (ANSI) Application Process, EC-Council
- CEHv11-Brochure, EC-Council
- CEH textbook, EC-Council
- CEH v11, EC-Council
We've encountered a new and totally unexpected error.
Get instant boot camp pricing
A new tab for your requested boot camp pricing will open in 5 seconds. If it doesn't open, click here.