Certified Ethical Hacker Domain 7: Ethics
About the Domain
The final domain of the current version of the Certified Ethical Hacker exam is focused on the ethics of hacking. This domain is tested by three questions on the exam, or 2.17% of the total 125 questions. The goal of these questions is to assess whether the applicant is aware of the expected behaviors of an ethical hacker, as well as when performing hacking activities is or is not appropriate.
As the smallest section of the exam, Domain 7 is not divided into multiple subdomains. This domain is designed to test a CEH applicant’s knowledge of information security ethics.
Ethics of Information Security
Despite being in the name of the certification, the ethics section on the CEH exam is pretty small. The goal of this section of the exam is to ensure that candidates know how to act in a professional manner and only perform hacking when the appropriate provisions have been put into place.
The EC-Council has an official Code of Ethics that you will be required to review and sign before taking your exam. It consists of 19 points that essentially boil down to not doing anything immoral, unethical or that would reflect badly upon yourself, your organization or the ethical hacking community.
The main thing tested in this section is when hacking is appropriate. In short, you should never perform any hacking activities without the consent of the target. Many of these questions will essentially ask if a little hack is appropriate in the case when a full penetration test is not appropriate. In all cases, an agreement between the ethical hacker and the target should be in place before any penetration testing activities begin.
How to Prepare
The best way to prepare for this section of the exam is to read the EC-Council’s Code of Ethics. Before you are allowed to begin your exam, you will need to sign for the fact that you have read and agree to be bound by the terms of the Code of Ethics. In general, these questions are pretty straightforward as long as you keep in mind that you should never attempt to hack someone without their explicit permission to do so.
CEH Exam Blueprint v2.0, EC-Council
CEH Exam Blueprint v3.0, EC-Council
Code of Ethics, EC-Council