Introduction
The EC-Council Certified Ethical Hacker (CEH) exam has become one of the leading ethical hacking and cybersecurity certifications available today. CEH is recognized by the industry as providing candidates with a solid foundation of hands-on security testing skills and knowledge. The CEH exam covers a broad range of security concepts to prepare candidates for the technologies that they are likely to be working with if they move into a role that requires hands-on security testing.
Let’s talk some about what this book is. It offers you the information for what you need to know to pass the CEH exam. It’s highly recommended that you spend time with the tools and software discussed in the book. You should also complete a number of practice tests to become more comfortable with the type of questions you will see on the exam and get used to completing 125 questions in four hours. Depending on your personal study habits or learning style, you might benefit from buying this book and taking a class.
Note
After completing the CEH exam, candidates may elect to attempt the CEH Practical exam. Individuals who possess the CEH credential will be able to sit for the CEH Practical exam. This exam will test their limits in unearthing vulnerabilities across major operating systems, databases, and networks. The CEH Practical exam is a six-hour, hands-on exam that requires you to demonstrate the application of ethical hacking techniques, such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, and web app hacking.
Cert Guides are meticulously crafted to give you the best possible learning experience for the particular characteristics of the technology covered and the actual certification exam. The instructional design implemented in the Cert Guides reflects the nature of the CEH certification exam. The Cert Guides provide you with the factual knowledge base you need for the exams, and then take it to the next level with exercises and exam questions that require you to engage in the analytic thinking needed to pass the CEH exam.
EC-Council recommends that typical candidates for this exam have a minimum of 2 years of experience in IT security. In addition, EC-Council recommends that candidates have preexisting knowledge of networking, TCP/IP, and basic computer knowledge.
Now, let’s briefly discuss what this book is not. It is not a book designed to teach you advanced hacking techniques or the latest hack. This book’s goal is to prepare you for the CEH 312-50 exam, and it is targeted to those with some networking, OS, and systems knowledge. It provides basics to get you started in the world of ethical hacking and prepare you for the exam. Those wanting to become experts in this field should be prepared for additional reading, training, and practical experience.
How to Use This Book
This book uses several key methodologies to help you discover the exam topics on which you need more review, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those topics. Therefore, this book does not try to help you pass the exams only by memorization; instead, it is designed to help you truly learn and understand the topics.
The book includes many features that provide different ways to study so you can be ready for the exam. If you understand a topic when you read it but do not study it any further, you probably will not be ready to pass the exam with confidence. The features included in this book give you tools that help you determine what you know, review what you know, better learn what you don’t know, and be well prepared for the exam. These tools include the following:
“Do I Know This Already?” Quizzes: Each chapter begins with a quiz that helps you determine the amount of time you need to spend studying that chapter. The answers are provided in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”
Foundation Topics: These are the core sections of each chapter. They explain the tools and hacking concepts, and explain the configuration of both for the topics in that chapter.
Exam Preparation Tasks: This section lists a series of study activities that you should complete after reading the “Foundation Topics” section. Each chapter includes the activities that make the most sense for studying the topics in that chapter. The activities include the following:
Review All Key Topics: The Key Topic icon appears next to the most important items in the “Foundation Topics” section of the chapter. The Review All Key Topics activity lists the key topics from the chapter and their page numbers. Although the contents of the entire chapter could be on the exam, you should definitely know the information listed in each key topic. Review these topics carefully.
Define Key Terms: Although certification exams might be unlikely to ask a question such as “Define this term,” the CEH 312-50 exam requires you to learn and know a lot of tools and how they are used. This section lists some of the most important terms from the chapter, asking you to write a short definition and compare your answer to the Glossary.
Exercises: One or more sample exercises at the end of many chapters list a series of tasks for you to practice, which apply the lessons from the chapter in a real-world setting.
Review Questions: Each chapter includes review questions to help you confirm that you understand the content you just covered. The answers are provided in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”
Companion Website
This book’s companion website gives you access to the Pearson Test Prep practice test software (both online and Windows desktop versions) with two full practice exams and a PDF of the Glossary. To access the companion website, follow these steps:
Register your book by going to http://www.pearsonitcertification.com/register and entering the ISBN: 9780789760524.
Respond to the challenge questions.
Go to your account page and click the Registered Products tab.
Click the Access Bonus Content link under the product listing.
Pearson Test Prep Practice Test Software
This book comes complete with the Pearson Test Prep practice test software containing two full exams. These practice tests are available to you either online or as an offline Windows application. To access the practice exams that were developed with this book, please see the instructions in the card inserted in the sleeve in the back of the book. This card includes a unique access code that enables you to activate your exams in the Pearson Test Prep software.
Accessing the Pearson Test Prep Software Online
The online version of this software can be used on any device with a browser and connectivity to the Internet, including desktop machines, tablets, and smartphones. To start using your practice exams online, follow these steps:
Select Pearson IT Certification as your product group.
Enter your email/password for your account. If you don’t have a Pearson IT Certification account, you will need to establish one by going to http://www.pearsonitcertification.com/join.
In the My Products tab, click the Activate New Product button.
Enter the access code printed on the insert card in the back of your book to activate your product.
The product will now be listed in your My Products page. Click the Exams button to launch the exam settings screen and start your exam.
Accessing the Pearson Test Prep Software Offline
If you want to study offline, you can download and install the Windows version of the Pearson Test Prep software. There is a download link for this software on the book’s companion website, or you can enter this link in your browser:
http://www.pearsonitcertification.com/content/downloads/pcpt/engine.zip
To access the book’s companion website and the software, follow these steps:
Register your book by going to http://www.pearsonitcertification.com/register and entering the ISBN: 9780789760524.
Respond to the challenge questions.
Go to your account page and click the Registered Products tab.
Click the Access Bonus Content link under the product listing.
Click the Install Pearson Test Prep Desktop Version link under the Practice Exams section of the page to download the software.
After the software finishes downloading, unzip all the files on your computer.
Double-click the application file to start the installation and follow the onscreen instructions to complete the registration.
When the installation is complete, launch the application and click the Activate Exam button on the My Products tab.
Click the Activate a Product button in the Activate Product Wizard.
Enter the unique access code found on the card in the sleeve in the back of your book and click the Activate button.
Click Next, and then click Finish to download the exam data to your application.
You can now start using the practice exams by selecting the product and clicking the Open Exam button to open the exam settings screen.
Note that the offline and online versions will synch together, so saved exams and grade results recorded on one version will be available to you on the other as well.
Customizing Your Exams
When you are in the exam settings screen, you can choose to take exams in one of three modes:
Study Mode: Study Mode allows you to fully customize your exams and review the answers as you are taking the exam. This is typically the mode you would use first to assess your knowledge and identify information gaps.
Practice Exam Mode: Practice Exam Mode locks certain customization options because it is presenting a realistic exam experience. Use this mode when you are preparing to test your exam readiness.
Flash Card Mode: Flash Card Mode strips out the answers and presents you with only the question stem. This mode is great for late-stage preparation when you want to challenge yourself to provide answers without the benefit of seeing multiple-choice options. This mode will not provide the detailed score reports that the other two modes will, so it should not be used if you are trying to identify knowledge gaps.
In addition to these three modes, you will be able to select the source of your questions. You can choose to take exams that cover all the chapters, or you can narrow your selection to a single chapter or the chapters that make up specific parts in the book. All chapters are selected by default. If you want to narrow your focus to individual chapters, deselect all the chapters and then select only those on which you want to focus in the Objectives area.
You can also select the exam banks on which to focus. Each exam bank comes complete with a full exam of questions that cover topics in every chapter. The two exams printed in the book are available to you as well as two additional exams of unique questions. You can have the test engine serve up exams from all four banks or from just one individual bank by selecting the desired banks in the exam bank area.
You can make several other customizations to your exam from the exam settings screen, such as the time of the exam, the number of questions served up, whether to randomize questions and answers, whether to show the number of correct answers for multiple-answer questions, or whether to serve up only specific types of questions. You can also create custom test banks by selecting only questions that you have marked or questions on which you have added notes.
Updating Your Exams
If you are using the online version of the Pearson Test Prep software, you should always have access to the latest version of the software as well as the exam data. If you are using the Windows desktop version, every time you launch the software, it will check to see if there are any updates to your exam data and automatically download any changes that were made since the last time you used the software. This requires that you are connected to the Internet at the time you launch the software.
Sometimes, due to many factors, the exam data may not fully download when you activate your exam. If you find that figures or exhibits are missing, you may need to manually update your exams.
To update a particular exam you have already activated and downloaded, click the Tools tab and then click the Update Products button. Again, this is an issue only with the desktop Windows application.
If you want to check for updates to the Pearson Test Prep exam engine software, Windows desktop version, click the Tools tab and then click the Update Application button. This will ensure that you are running the latest version of the software engine.
Premium Edition eBook and Practice Tests
This book includes an exclusive offer for 70 percent off the Premium Edition eBook and Practice Tests edition of this title. See the coupon code included with the cardboard sleeve for information on how to purchase the Premium Edition.
End-of-Chapter Review Tools
Chapters 1 through 11 each have several features in the “Exam Preparation Tasks” and “Review Questions” sections at the end of the chapter. You might have already worked through these in each chapter. However, you might also find it helpful to use these tools again as you make your final preparations for the exam.
Goals and Methods
The most important and obvious goal of this book is to help you pass the CEH exam. In fact, if the primary objective of this book was different, the book’s title would be misleading. However, the methods used in this book to help you pass the CEH exam are designed to also make you much more knowledgeable about how penetration testers do their job. Although this book and the practice tests together have more than enough questions to help you prepare for the actual exam, the method in which they are used is not to simply make you memorize as many questions and answers as you possibly can.
One key methodology used in this book is to help you discover the exam topics and tools that you need to review in more depth. Remember that the CEH exam will expect you to understand not only hacking concepts but also common tools. So, this book does not try to help you pass by memorization, but helps you truly learn and understand the topics, and when specific tools should be used. This book will help you pass the CEH exam by using the following methods:
Helping you discover which test topics you have not mastered
Providing explanations and information to fill in your knowledge gaps
Supplying exercises and scenarios that enhance your ability to recall and deduce the answers to test questions
Providing practice exercises on the topics and the testing process via test questions in the practice tests
Who Should Read This Book?
This book is not designed to be a general security book or one that teaches network defenses. This book looks specifically at how attackers target networks, what tools attackers use, and how these techniques can be used by ethical hackers. Overall, this book is written with one goal in mind: to help you pass the exam.
Why should you want to pass the CEH exam? Because it’s one of the leading entry-level ethical hacking certifications. It is also featured as part of DoD Directive 8140, and having the certification might mean a raise, a promotion, or other recognition. It’s also a chance to enhance your résumé and to demonstrate that you are serious about continuing the learning process and that you’re not content to rest on your laurels. Or one of many other reasons.
Strategies for Exam Preparation
Although this book is designed to prepare you to take and pass the CEH certification exam, there are no guarantees. Read this book, work through the questions and exercises, and when you feel confident, take the practice exams and additional exams provided in the test software. Your results should tell you whether you are ready for the real thing.
When taking the actual certification exam, make sure that you answer all the questions before your time limit expires. Do not spend too much time on any one question. If you are unsure about the answer to a question, answer it as best as you can, and then mark it for review.
Remember that the primary objective is not to pass the exam but to understand the material. When you understand the material, passing the exam should be simple. Knowledge is a pyramid; to build upward, you need a solid foundation. This book and the CEH certification are designed to ensure that you have that solid foundation.
Regardless of the strategy you use or the background you have, the book is designed to help you get to the point where you can pass the exam with the least amount of time required. For instance, there is no need for you to practice or read about scanning and Nmap if you fully understand the tool already. However, many people like to make sure that they truly know a topic and therefore read over material that they already know. Several book features will help you gain the confidence that you need to be convinced that you know some material already, and to help you know what topics you need to study more.
How This Book Is Organized
Although this book could be read cover to cover, it is designed to be flexible and allow you to easily move between chapters and sections of chapters to cover the material that you need more work with. Chapter 1, “An Introduction to Ethical Hacking,” provides an overview of ethical hacking and reviews some basics. Chapters 2 through 11 are the core chapters. If you do intend to read them all, the order in the book is an excellent sequence to use.
The core chapters, Chapters 2 through 11, cover the following topics:
Chapter 2, “The Technical Foundations of Hacking”: This chapter discusses basic techniques that every security professional should know. This chapter reviews TCP/IP and essential network knowledge.
Chapter 3, “Footprinting and Scanning”: This chapter discusses the basic ideas behind target selection and footprinting. The chapter reviews what type of information should be researched during footprinting and how passive and active footprinting and scanning tools should be used.
Chapter 4, “Enumeration and System Hacking”: This chapter covers enumeration, a final chance to uncover more detailed information about a target before system hacking. System hacking introduces the first step at which the hacker is actually exploiting a vulnerability in systems.
Chapter 5, “Social Engineering, Malware Threats, and Vulnerability Analysis”: This chapter examines social engineering, all types of malware, including Trojans, worms, viruses, how malware is analyzed, and how vulnerabilities are tracked and mitigated.
Chapter 6, “Sniffers, Session Hijacking, and Denial of Service”: This chapter covers sniffing tools, such as Wireshark. The chapter examines the difference in passive and active sniffing. It also reviews session hijacking and DoS, DDoS, and botnet techniques.
Chapter 7, “Web Server Hacking, Web Applications, and Database Attacks”: This chapter covers the basics of web server hacking, different web application attacks, and how SQL injection works.
Chapter 8, “Wireless Technologies, Mobile Security, and Attacks”: This chapter examines the underlying technology of wireless technologies, mobile devices, Android, iOS, and Bluetooth.
Chapter 9, “IDS, Firewalls, and Honeypots”: This chapter discusses how attackers bypass intrusion detection systems and firewalls. This chapter also reviews honeypots and honeynets and how they are used to jail attackers.
Chapter 10, “Cryptographic Attacks and Defenses”: This chapter covers the fundamentals of attacking cryptographic systems and how tools such as encryption can be used to protect critical assets.
Chapter 11, “Cloud Computing, IoT, and Botnets”: This chapter covers the fundamentals of cloud computing and reviews common cloud modeling types. The chapter reviews common cloud security issues and examines penetration testing concerns. This chapter also covers the principles of IoT security and associated threats. The chapter also examines botnets and how they are used, detected, and dealt with.