EC-Council CEH

Certified Ethical Hacker Domain 7: Ethics

July 8, 2019 by Howard Poston

About the Domain

The final domain of the current version of the Certified Ethical Hacker exam is focused on the ethics of hacking. This domain is tested by three questions on the exam, or 2.17% of the total 125 questions. The goal of these questions is to assess whether the applicant is aware of the expected behaviors of an ethical hacker, as well as when performing hacking activities is or is not appropriate.

What’s Covered

As the smallest section of the exam, Domain 7 is not divided into multiple subdomains. This domain is designed to test a CEH applicant’s knowledge of information security ethics.

Ethics of Information Security

Despite being in the name of the certification, the ethics section on the CEH exam is pretty small. The goal of this section of the exam is to ensure that candidates know how to act in a professional manner and only perform hacking when the appropriate provisions have been put into place.

The EC-Council has an official Code of Ethics that you will be required to review and sign before taking your exam. It consists of 19 points that essentially boil down to not doing anything immoral, unethical or that would reflect badly upon yourself, your organization or the ethical hacking community.

The main thing tested in this section is when hacking is appropriate. In short, you should never perform any hacking activities without the consent of the target. Many of these questions will essentially ask if a little hack is appropriate in the case when a full penetration test is not appropriate. In all cases, an agreement between the ethical hacker and the target should be in place before any penetration testing activities begin.

How to Prepare

The best way to prepare for this section of the exam is to read the EC-Council’s Code of Ethics. Before you are allowed to begin your exam, you will need to sign for the fact that you have read and agree to be bound by the terms of the Code of Ethics. In general, these questions are pretty straightforward as long as you keep in mind that you should never attempt to hack someone without their explicit permission to do so.



CEH Exam Blueprint v2.0, EC-Council

CEH Exam Blueprint v3.0, EC-Council

Code of Ethics, EC-Council

Posted: July 8, 2019
Articles Author
Howard Poston
View Profile

Howard Poston is a cybersecurity researcher with a background in blockchain, cryptography and malware analysis. He has a master's degree in Cyber Operations from the Air Force Institute of Technology and two years of experience in cybersecurity research and development at Sandia National Labs. He currently works as a freelance consultant providing training and content creation for cyber and blockchain security.

Leave a Reply

Your email address will not be published. Required fields are marked *