CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [4]
■ On form-based tests (non-adaptive), because the hard questions will eat up the most time, save them for last. You can move forward and backward through the exam.
■ For the latest pricing on the exams and updates to the registration procedures, visit EC-Council's website at www. eccounci 1 . org.
The CEH Exam Objectives
At the beginning of each chapter in this book, we have included the complete listing of the CEH objectives as they appear on EC-Council's website. These are provided for easy reference and to assure you that you are on track with the objectives.
Ethics and Legality
■ Understand ethical hacking terminology.
■ Define the job role of an ethical hacker.
■ Understand the different phases involved in ethical hacking.
■ Identify different types of hacking technologies.
■ List the five stages of ethical hacking.
■ What is hacktivism?
■ List different types of hacker classes.
■ Define the skills required to become an ethical hacker.
■ What is vulnerability research?
■ Describe the ways of conducting ethical hacking.
■ Understand the legal implications of hacking.
■ Understand 18 U.S.C. % 1030 US Federal Law.
Exam objectives are subject to change at anytime without prior notice and at EC-Council's sole discretion. Please visit the CEH Certification page of EC-Council's website (www. eccounci l . org/312-50. htm) for the most current listing of exam objectives.
Footprinting
■ Define the term footprinting.
■ Describe information gathering methodology.
■ Describe competitive intelligence.
■ Understand DNS enumeration.
■ Understand Whois, ARIN lookup.
■ Identify different types of DNS records.
■ Understand how traceroute is used in footprinting.
■ Understand how e-mail tracking works.
■ Understand how web spiders work.
Scanning
■ Define the terms port scanning, network scanning, and vulnerability scanning.
■ Understand the CEH scanning methodology.
■ Understand ping sweep techniques.
■ Understand nmap command switches.
■ Understand SYN, stealth, XMAS, NULL, IDLE and FIN scans.
■ List TCP communication flag types.
■ Understand war dialing techniques.
■ Understand banner grabbing and OF fingerprinting techniques.
■ Understand how proxy servers are used in launching an attack.
■ How does anonymizers work?
■ Understand HTTP tunneling techniques.
■ Understand IP spoofing techniques.
Enumeration
■ What is enumeration?
■ What is meant by null sessions?
■ What is SNMP enumeration?
■ What are the steps involved in performing enumeration?
System Hacking
■ Understanding password cracking techniques.
■ Understanding different types of passwords.
■ Identify various password cracking tools.
■ Understand escalating privileges.
■ Understanding keyloggers and other spyware technologies.
■ Understand how to hide files.
■ Understand rootkits.
■ Understand steganography technologies.
■ Understand how to covering your tracks and erase evidence.
Trojans and Backdoors
■ What is a Trojan?
■ What is meant by overt and covert channels?
■ List the different types of Trojans.
■ What are the indications of a Trojan attack?
■ Understand how Netcat Trojan works.
■ What is meant by wrapping?
■ How do reverse connecting Trojans work?
■ What are the countermeasure techniques in preventing Trojans?
■ Understand Trojan evading techniques.
Sniffers
■ Understand the protocols susceptible to sniffing.
■ Understand active and passive sniffing.
■ Understand ARP poisoning.
■ Understand ethereal capture and display filters.
■ Understand MAC flooding.
■ Understand DNS spoofing techniques.
■ Describe sniffing countermeasures.
Denial of Service
■ Understand the types of DoS attacks.
■ Understand how a DDoS attack works.
■ Understand how BOT s/BOTNETs work.
■ What is smurf attack?
■ What is SYN flooding?
■ Describe the DoS/DDoS countermeasures .
Social Engineering
■ What is social engineering?
■ What are the common types of attacks?
■ Understand dumpster