Certified Ethical Hacker - CEH
Certified Ethical Hacker CEHv9 Course
Outline
Course Description
The Certified Ethical Hacker program is the pinnacle of the most desired information security training program any information security professional will ever want to be in. To master the hacking technologies, you will need to become one, but an ethical one! The accredited course provides the advanced hacking tools and techniques used by hackers and information security professionals alike to break into an organization. As we put it, “To beat a hacker, you need to think like a hacker”. This course will immerse you into the Hacker Mindset so that you will be able to defend against future attacks. The security mindset in any organization must not be limited to the silos of a certain vendor, technologies or pieces of equipment. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50
This ethical hacking course puts you in the driver’s seat of a
hands-on environment with a systematic process. Here, you will be exposed to an
entirely different way of achieving optimal information security posture in
their organization; by hacking it! You will scan, test, hack and secure your
own systems. You will be taught the five phases of ethical hacking and the ways
to approach your target and succeed at breaking in every time! The five phases
include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and
covering your tracks.
Underground
Hacking
Tools
The hacking tools and techniques in each of these five phases
are provided in detail in an encyclopedic approach to help you identify when an
attack has been used against your own targets. Why then is this training called
the Certified Ethical Hacker Course? This is because by using the same
techniques as the bad guys, you can assess the security posture of an
organization with the same approach these malicious hackers use, identify weaknesses
and fix the problems before they are identified by the enemy, causing what
could potentially be a catastrophic damage to your respective organization.
We live in an age where attacks are all susceptible and come from
anyplace at any time and we never know how skilled, well-funded, or persistent
the threat will be. Throughout the CEH course, you will be immersed in a
hacker's mindset, evaluating not just logical, but physical security. Exploring
every possible point of entry to find the weakest link in an organization. From
the end user, the secretary, the CEO, miss-configurations, vulnerable times
during migrations even information left in the dumpster.
Who Should Attend
The Certified Ethical Hacking training course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure
The Certified Ethical Hacking training course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure
Duration: 5 Days (9:00 AM – 5:00 PM)
Exam Info
Number of Questions:
125
Test Duration: 4 Hours
Test Format: Multiple
Choice
Test Delivery: ECC
EXAM, VUE
Exam Prefix: 312-50 (ECC
EXAM), 312-50 (VUE)
Certification
The Certified Ethical Hacker exam 312-50. Students need to pass the online Prometric exam to receive CEH certification.
The Certified Ethical Hacker exam 312-50. Students need to pass the online Prometric exam to receive CEH certification.
Skills Measured
The exam 312-50 tests CEH candidates on the following 18
domains.
Introduction to
Ethical Hacking
Footprinting and
Reconnaissance
Scanning Networks
Enumeration
System Hacking
Malware Threats
Sniffing
Social Engineering
Denial of Service
Session Hijacking
Hacking Webservers
Hacking Web
Applications
SQL Injection
Hacking Wireless
Networks
Hacking Mobile
Platforms
Evading IDS,
Firewalls, and Honeypots
Cloud Computing
Cryptography
Section
|
Knowledge of
|
Weight
|
No. of Q.
|
|
Background
|
A
|
networking
technologies (e.g., hardware, infrastructure)
|
4%
|
5
|
B
|
Web
Technologies (e.g., web 2.0, skype)
|
|||
C
|
Systems
Technologies
|
|||
D
|
Communication
Protocols
|
|||
E
|
Malware
Operations
|
|||
F
|
Mobile
Technologies (e.g., smart phones)
|
|||
G
|
Telecommunication
Technologies
|
|||
H
|
backups
and archiving (e.g., local, network)
|
|||
Analysis/Assessment
|
A
|
Data
Analysis
|
13%
|
16
|
B
|
Systems
Analysis
|
|||
C
|
Risk
Assessments
|
|||
D
|
Technical
Assessment Methods
|
|||
Security
|
A
|
Systems
Security Controls
|
25%
|
31
|
B
|
Application/Fileserver
|
|||
C
|
Firewalls
|
|||
D
|
Cryptography
|
|||
E
|
Network
Security
|
|||
F
|
Physical
Security
|
|||
G
|
Threat
Modeling
|
|||
H
|
Verification
Procedures (e.g.,false positive/negative validation)
|
|||
I
|
Social
Engineering (human factors manipulation)
|
|||
J
|
Vulnerability
Scanners
|
|||
K
|
Security
Policy Implications
|
|||
L
|
Privacy/Confidentiality
(with regard to engagement)
|
|||
M
|
Biometrics
|
|||
N
|
Wireless
Access Technology (e.g., networking, RFID, Blue tooth)
|
|||
O
|
Trusted
Networks
|
|||
P
|
Vulnerabilities
|
|||
Tools/Systems/Programs
|
A
|
Network/Host Based Intrusion
|
||
B
|
Network/Wireless Sniffers (e.g., WireShark, Airsnort)
|
|||
C
|
Access Control Mechanisms (e.g., smart cards)
|
|||
D
|
Cryptography Techniques (e.g., IPsec, SSL, PGP)
|
|||
E
|
Programming Languages (e.g. C++, Java, C#, C)
|
|||
F
|
Scripting Languages (e.g., PHP, Java script)
|
|||
G
|
Boundary Protection Appliances (e.g., DMZ)
|
|||
H
|
Network Topologies
|
|||
I
|
Subnetting
|
|||
J
|
Port Scanning (e.g., NMAP)
|
|||
K
|
Domain Name System (DNS)
|
|||
L
|
Routers/Modems/Switches
|
|||
M
|
Vulnerability Scanner (e.g., Nessus, Retina)
|
|||
N
|
Vulnerability Management and Protection Systems (e.g.,
Foundstone, Ecora)
|
|||
O
|
Operating Environments (e.g., Linux, Windows, Mac)
|
|||
P
|
Antivirus Systems and Programs
|
|||
Q
|
Log Analysis Tools
|
|||
R
|
Security Models
|
|||
S
|
Exploitation Tools
|
|||
T
|
Database Structures
|
|||
Procedures/Methodology
|
A
|
Cryptography
|
20%
|
25
|
B
|
Public key Infrastructure (PKI)
|
|||
C
|
Security Architecture (SA)
|
|||
D
|
Service Oriented Architecture (SOA)
|
|||
E
|
Information Security Incident Management
|
|||
F
|
N-tier Application Design
|
|||
G
|
TCP/IP Networking (e.g., network routing)
|
|||
H
|
Security Testing Methodology
|
|||
Regulation/Policy
|
Security Policies
|
4%
|
5
|
|
Compliance Regulations (e.g., PCI)
|
||||
Ethics
|
A
|
Professional Code of Conduct
|
2%
|
3
|
B
|
Appropriateness of Hacking Activities
|