What Is CEH?
The Certified Ethical Hacker (CEH) is a professional certification provided by the EC-Council to IT professionals, proving their proficiency in ethical hacking. This certification covers a wide range of topics within the realm of cyber security, including but not limited to penetration testing, network security, and the identification of vulnerabilities within a system. The aim of the CEH is to certify individuals in the ethical hacking methodology, ensuring they have the knowledge and skills to protect and secure information systems against malicious attacks.
CEH Associated Exams
- Certification Name: Certified Ethical Hacker (CEH)
- Exam Code: 312-50
- Exam Format: Multiple choice questions
- Number of Questions: 125
- Duration: 4 hours
- Delivery Method: ECC Exam, VUE
- Passing Score: Varies, as EC-Council uses a scaled scoring method
CEH Exam Costs
The cost to take the CEH exam varies depending on the training package chosen but typically ranges from $1,199 to $1,999. This cost may include training materials and courses, in addition to the exam voucher.
CEH Exam Objectives
- Introduction to Ethical Hacking
- Footprinting and Reconnaissance
- Scanning Networks
- Enumeration
- Vulnerability Analysis
- System Hacking
- Malware Threats
- Sniffing
- Social Engineering
- Denial-of-Service
- Session Hijacking
- Evading IDS, Firewalls, and Honeypots
- Hacking Web Servers
- Hacking Web Applications
- SQL Injection
- Hacking Wireless Networks
- Hacking Mobile Platforms
- Cloud Computing
- Cryptography
Cybersecurity Ethical Hacker
To truly harness the full power of ethical hacking, explore ITU’s outstanding course.
Frequently Asked Questions Related to What Is CEH?
What prerequisites are needed for the CEH certification?
A strong foundational knowledge in networking and information security is recommended. Alternatively, attending official training through the EC-Council can waive the two-year work experience requirement in information security.
How long is the CEH certification valid?
The CEH certification is valid for three years. Certification holders must earn 120 Continuing Education credits within this period to maintain their certification status.
Can I take the CEH exam without attending the official training?
Yes, if you have at least two years of work experience in information security, you can apply for eligibility to take the exam without attending the official training by paying an eligibility fee.
What is the difference between CEH Practical and CEH (ANSI)?
The CEH (ANSI) certification focuses on knowledge and comprehension of ethical hacking methodologies, whereas the CEH Practical is a rigorous six-hour practical exam that tests your ability to perform hacking techniques and methodologies in real-world scenarios.
How can I prepare for the CEH exam?
Preparation can include self-study through official CEH study guides and practice exams, attending official training provided by EC-Council or its authorized training centers, and gaining practical experience in penetration testing and ethical hacking techniques.
Key Term Knowledge Base: Key Terms Related to Certified Ethical Hacker (CEH)
Understanding the key terms related to Certified Ethical Hacker (CEH) is crucial for anyone entering the field of cybersecurity, especially those aspiring to become ethical hackers. CEH is a professional designation offered by the EC-Council (International Council of E-Commerce Consultants) that certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. Ethical hackers are trained to look for weaknesses and vulnerabilities in target systems, using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). This knowledge base is essential for navigating the complex landscape of cybersecurity, understanding the threats and vulnerabilities that exist in modern networks, and developing the skills required to protect and secure digital assets.
| Term | Definition |
|---|---|
| Ethical Hacking | The practice of bypassing system security to identify potential data breaches and threats in a network. The ethical hacker uses the same techniques as a malicious hacker but in a lawful and legitimate manner to assess the security posture of a target system. |
| EC-Council | The International Council of E-Commerce Consultants, an organization that offers certification for information security professionals, including the Certified Ethical Hacker (CEH) certification. |
| Penetration Testing | The process of testing a computer system, network, or web application to find vulnerabilities that an attacker could exploit. |
| Vulnerability Assessment | The process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. |
| Social Engineering | A tactic that attackers use to trick individuals into revealing sensitive information, such as passwords or bank information. |
| Phishing | A type of social engineering attack often used to steal user data, including login credentials and credit card numbers. |
| Malware | Malicious software designed to harm or exploit any programmable device, service, or network. |
| Ransomware | A type of malicious software designed to block access to a computer system until a sum of money is paid. |
| Firewall | A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. |
| Intrusion Detection System (IDS) | A device or software application that monitors a network or systems for malicious activity or policy violations. |
| Cryptography | The practice and study of techniques for secure communication in the presence of third parties called adversaries. |
| SQL Injection | A code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. |
| Denial of Service (DoS) | An interruption of an authorized user’s access to any system or network, typically one caused with malicious intent. |
| Distributed Denial of Service (DDoS) | A type of attack where multiple compromised systems are used to target a single system causing a Denial of Service (DoS) attack. |
| Trojan Horse | A type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users’ systems. |
| Rootkit | A collection of malicious software tools that enable unauthorized access to a computer or area of its software and often mask its existence or the existence of other software. |
| Spyware | Software that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive. |
| Keylogger | A type of surveillance technology used to monitor and record each keystroke typed on a specific computer’s keyboard. |
| White Hat | A hacker who gains access to systems with a view to fix the identified weaknesses. They may also perform penetration testing and vulnerability assessments. |
| Black Hat | A hacker who violates computer security for personal gain or maliciousness. |
| Grey Hat | A hacker who is in between white hat and black hat. They may violate ethical standards or principles, but without the malicious intent ascribed to black hat hackers. |
| Security Audit | An evaluation of how well your security policies protect your company’s assets while identifying any weaknesses that need to be addressed. |
| Backdoor | A means to access a computer system or encrypted data that bypasses the system’s customary security mechanisms. |
| Exploit | A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). |
| Patch Management | The process of managing patches or upgrades for software applications and technologies. A patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it. |
| Zero-Day Exploit | A cyber attack that occurs on the same day a weakness is discovered in software. At that point, it’s exploited before a fix becomes available from its creator. |
This list covers foundational concepts in ethical hacking and cybersecurity, providing a solid starting point for further exploration and study in the field.
