Certified Ethical Hacker (CEH) (312-50) Practice Exam

Certified Ethical Hacker (CEH) (312-50) Practice Exam

The Certified Ethical Hacker (CEH) (312-50) certification validates your understanding of the methodologies and techniques employed by malicious hackers and equips you to ethically utilize these skills for penetration testing and security assessments. 

Who should pursue the CEH Certification?

• IT security professionals: Enhance their knowledge of ethical hacking methodologies and penetration testing techniques.
• Security auditors: Gain a deeper understanding of security vulnerabilities and exploit mitigation strategies.
• Network administrators: Improve their skills in identifying and addressing security risks within networks.
• Anyone seeking to:
• Advance their careers in cybersecurity and penetration testing.
• Demonstrate their proficiency in ethical hacking practices.
• Contribute effectively to securing IT infrastructure and protecting against cyberattacks.

Key Roles and Responsibilities:

Individuals with the CEH certification may be involved in various tasks, including:

• Identifying and analyzing vulnerabilities in networks, systems, and applications using ethical hacking techniques.
• Conducting penetration tests to simulate real-world cyberattacks and evaluate an organization's security posture.
• Developing and implementing security controls to mitigate identified vulnerabilities and prevent cyberattacks.
• Creating and maintaining security documentation detailing findings, recommendations, and remediation strategies.
• Collaborating with other IT security professionals to implement effective security measures.

Exam Details:

• Exam Provider: EC-Council (International Council of E-Commerce Consultants)
• Format: Multiple-choice questions
• Number of Questions: 125
• Duration: 240 minutes (4 hours)
• Passing Score: 70%
• Delivery: Testing center or online proctored

Course Outline

Domain 1 - Introduction to Ethical Hacking

• Learning the elements of Information Security
• Learning Cyber Kill Chain Methodology
• Learning Hacker Classes
• Learning MITRE ATT&CK
• Learning concept of Ethical Hacking
• Learning Information Assurance (AI)
• Learning Risk Management and Incident Management
• Learning concept of PCI, DSS, HIPPA, SOX and GDPR

Domain 2 - Introduction to Foot Printing and Reconnaissance

• Learning concept of Footprinting 
• Learning Google Hacking Techniques
• Learning concept of Deep and Dark Web Printing
• Learning Competitive Intelligence Gathering
• Learning Website Footprinting, Website Mirroring, DNS Footprinting 
• Learning Footprinting Tools
• Learning Traceroute Analysis

Domain 3 - Explaining Network Scanning

• Learning Network Scanning
• Learning Host recovery
• Learning Port scanning techniques
• Service Version Discovery and OS Discovery
• Learning  Banner Grabbing
• Learning OS Fingerprinting
• Learning Spooking and Scannig Tools

Domain 4 - Overview of Enumeration Process

• Learning Types of Enumeration (NetBIOS, SNMP, LDAP, NFS, < SMTP, RPC, SMP and FTP)
• Learning DNS Cache Snooping
• Learning DNSSEC Zone Walking
• Learning Enumeration Tools

Domain 5 - Explain Analysis of Vulnerability

• Learning about Vulnerability Research and Assessment Techniques
• Learning about Vulnerability Management Life Cycle
• Learning about Vulnerability Classification
• Learning about Vulnerability Assessment Reports

Domain 6 - Understanding System Hacking

• Learning about Password Cracking, Password Attacks
• Learning about Wire Sniffing
• Learning about Buffer Overflow
• Learning about Privilege Escalation Tools
• Learning about Keylogger, Spyware, Anti-Keyloggers, Anti-Spyware, Rootkits, Anti-Rootkits
• Learning about Steganography Tools and Detection Tools
• Learning about  Clearing Logs, Covering Tracks, Track-Covering Tools

Domain 7 - Overview of Types of Malware Threats

• Learning about Components of Malware
• Learning about Types of Trojans
• Learning about Types of Viruses and Ransomware
• Learning about Malware Analysis, Static Malware Analysis, Dynamic Malware Analysis, Trojan Analysis, Virus Analysis, Fileless Malware Analysis
• Learning about Malware Detection Tools

Domain 8 - Understanding concept of Sniffing

• Learning about Network Sniffing
• Learning about Wiretapping, MAC Flooding, DHCP Starvation Attack
• Learning about ARP Spoofing Attack, ARP Poisoning and ARP Poisoning Tools
• Learning about DNS Poisoning Tools
• Learning about Sniffing Tools and Sniffer Detection Techniques

Domain 9 - Learninging Social Engineering

• Learning about Social Engineering and their Types
• Learning about Phishing and Phishing Tools
• Learning about Insider Threats/ Attacks
• Learning about Identity Theaft

Domain 10 - Overview of Denial-of-Service

• Learning about DoS and DDoS Attack and Techniques and Tools
• Learning about DoS and DDoS Protection Tools

Domain 11 - Understanding the concept of Session Hijack

• Learning about Types of Session Hijacking
• Learning about Session Hijacking Attacks ( Man-in-the-Browser Attack, Client-side Attacks, Session Replay Attacks, Session Fixation Attack, CRIME Attack)
• Learning about Session Hijacking Tools and Detection Methods
• Learning about Session Hijacking Prevention Tools

Domain 12 - Learning to evade IDS, Firewalls, and Honeypots

• Learning about Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
• Learning about Types of Firewalls
• Learning about Honeypot
• Learning about Intrusion Detection and Prevention Tools
• Learning about IDS Evasion Techniques and Firewall Evasion Techniques
• Learning about Honeypot Detection Tools

Domain 13 - Understanding Hacking Web Servers

• Learning about Web Server Operations and Web Server Attacks
• Learning about DNS Server Hijacking
• Learning about Website Defacement and Web Cache Poisoning Attack
• Learning about Web Server Attack Methodology and Web Server Attack Tools
• Learning about Patch Management Tools

Domain 14 - Overview of Hacking Web Applications

• Learning about Web Application Architecture and Threats
• Learning about Web Application Hacking Methodology
• Learning about Web API, Webhooks, and Web Shell
• Learning about Web API Hacking Methodology and Web Application Security

Domain 15 - Learning about SQL Injection

• Learning about Types of SQL Injection
• Learning about SQL Injection Methodology and Tools
• Learning about SQL Injection Detection Tools

Domain 16 - Learning the concept of Hacking Wireless Networks

• Learning about Wireless Terminology
• Learning about Wireless Networks, Encryption and Threats
• Learning about Wireless Hacking Methodology
• Learning about WEP/WPA/WPA2 Cracking Tools
• Learning about Bluetooth Hacking 
• Learning about Bluetooth Threats and Security Tools
• Learning about Wi-Fi Security Auditing Tools

Domain 17 - Explain Hacking Mobile Platform

• Learning about Mobile Platform Attack Vectors
• Learning about App Sandboxing
• Learning about SMS Phishing Attack (SMiShing)
• Learning about Android Rooting and Android Security Tools
• Learning about Jailbreaking
• Learning about iOS, Hacking iOS Devices and iOS Device Security Tools
• Learning about Mobile Device Management (MDM)

Domain 18 - Overview of IoT Hacking

• Learning about loT Architecture
• Learning about loT Communication Models
• Learning about loT Vulnerabilities
• Learning about loT Hacking Methodology
• Learning about IoT Hacking Tools and IoT Security Tools
• Learning about OT Attacks, OT Hacking Methodology, OT Hacking Tools, OT Security Tools

Domain 19 - Learning Cloud Computing

• Learning about Types of Cloud Computing Services
• Learning about Cloud Deployment Models
• Learning about Cloud Service Providers
• Learning about Container, Docker, Kubernetes and  Serverless Computing
• Learning about Cloud Attacks and Cloud Hacking
• Learning about Cloud Network Security
• Learning about Cloud Security Controls and Cloud Security Tools

Domain 20 - Understanding the concept of Cryptography

• Learning about Cryptography and Encryption Algorithms
• Learning about MD5 and MD6 Hash Calculators
• Learning about Cryptography Tools
• Learning about Public Key Infrastructure (PKI),
• Learning about Cryptography Attacks and Key Stretching