EC Council Certified Ethical Hacker

Certification Exam Objectives

Exam 312-50

Version 9.0

CEH is the world’s most advanced certified ethical hacking course that covers 18 of the most current security domains any individual will ever want to know when they are planning to beef-up the information security posture of their organization.

The accredited course provides the advanced hacking tools and techniques used by hackers and information security professionals.

Key Outcomes:

  • Thorough introduction to ethical hacking
  • Exposure to threat vectors and countermeasures
  • Addresses emerging areas of cloud and mobile hacking
  • Prepares you to combat Trojans, malware, backdoors and more
  • Enables you to hack using mobile devices

1.0 Background

  • Networking technologies (hardware, infrastructure)
  • Web technologies (e.g., web 2.0, skype)
  • Systems technologies
  • Communication protocols
  • Malware operations
  • Mobile technologies (smartphones)
  • Telecommunication technologies
  • Backups and archiving (local, network)

2.0 Analysis/Assessment

  • Data analysis
  • Systems analysis
  • Risk assessments
  • technical assessment methods

3.0 Security

  • Systems security controls
  • Application/file server
  • Firewalls
  • Cryptography
  • Network security
  • Physical security
  • Threat modeling
  • Verification procedures (false positive/negative validation)
  • Social engineering (human factors manipulation)
  • Vulnerability scanners
  • Security policy implications
  • Privacy/confidentiality (with regard to engagement)
  • Biometrics
  • Wireless access technology (Networking, RFID, Bluetooth)
  • Trusted networks
  • Vulnerabilities

4.0 Tools/Systems/Programs

  • Network/host based intrusion
  • Network/wireless sniffers (WireShark, Airsnort)
  • Access control mechanisms (Smart cards )
  • Cryptography techniques (IPsec, SSL, PGP)
  • Programming languages (C++, Java, C#, C)
  • Scripting languages (e.g., PHP, Java script)
  • Boundary protection appliances
  • Network topologies
  • Subnetting
  • Ports canning (NMAP)
  • Domain name sys tem (DNS)
  • Routers /modems /switches
  • Vulnerability s canner (Nessus , Retina)
  • Vulnerability management and protection systems (Foundstone, Ecora)
  • Operating environments (Linux, Windows , Mac)
  • Antivirus systems and programs
  • Log analysis tools
  • Security models
  • Exploitation tools
  • Database structures

5.0 Procedures/Methodology

  • Cryptography
  • Public key infrastructure (PKI)
  • Security Architecture (SA)
  • Service Oriented Architecture
  • Information security incident
  • N-tier application design
  • TCP/IP networking (e.g., network routing)
  • Security testing methodology

6.0 Regulation/Policy

  • Security policies
  • Compliance regulations (PCI)

7.0 Ethics

  • Professional code of conduct
  • Appropriateness of hacking