Certified Ethical Hacker Study Guide.pdf

(6841 KB) Pobierz
Covers all Exam Objectives for CEHv6
Includes Real-World Scenarios, Hands-On Exercises, and
Leading-Edge Exam Prep Software Featuring:
• Custom Test Engine
• Hundreds of Sample Questions
• Electronic Flashcards
• Entire Book in PDF
CEH
STUDY GUIDE
Exam 312-50
Exam EC0-350
Certified
Ethical Hacker
Kimberly Graves
SERIOUS SKILLS.
CEH: Certified Ethical Hacker Study Guide
CEH (312-50) Objectives
Objective
Ethics and Legality
Understand ethical hacking terminology
Define the job role of an ethical hacker
Understand the different phases involved in ethical hacking
Identify different types of hacking technologies
List the 5 stages of ethical hacking
What is hacktivism?
List different types of hacker classes
Define the skills required to become an ethical hacker
What is vulnerability research?
Describe the ways of conducting ethical hacking
Understand the legal implications of hacking
Understand 18 U.S.C. § 1030 US Federal Law
Footprinting
Define the term footprinting
Describe information gathering methodology
Describe competitive intelligence
Understand DNS enumeration
Understand Whois, ARIN lookup
Identify different types of DNS records
Understand how traceroute is used in footprinting
Understand how email tracking works
Understand how web spiders work
Scanning
Define the terms port scanning, network scanning, and vulnerability scanning
Understand the CEH scanning methodology
Understand Ping Sweep techniques
Understand nmap command switches
Understand SYN, Stealth, XMAS, NULL, IDLE, and FIN scans
List TCP communication flag types
Understand war dialing techniques
Understand banner grabbing and OF fingerprinting techniques
Understand how proxy servers are used in launching an attack
How do anonymizers work?
Understand HTTP tunneling techniques
Understand IP spoofing techniques
Chapter
1
1
1
1
1
1
1
1
1
1
1
1
2
2
2
2
2
2
2
2
2
3
3
3
3
3
3
3
3
3
3
3
3
Objective
Enumeration
What is enumeration?
What is meant by null sessions?
What is SNMP enumeration?
What are the steps involved in performing enumeration?
System Hacking
Understanding password cracking techniques
Understanding different types of passwords
Identifying various password cracking tools
Understand escalating privileges
Understanding keyloggers and other spyware technologies
Understand how to hide files
Understanding rootkits
Understand steganography technologies
Understand how to cover your tracks and erase evidence
Trojans and Backdoors
What is a Trojan?
What is meant by overt and covert channels?
List the different types of Trojans
What are the indications of a Trojan attack?
Understand how “Netcat” Trojan works
What is meant by “wrapping”?
How do reverse connecting Trojans work?
What are the countermeasure techniques in preventing Trojans?
Understand Trojan evading techniques
Sniffers
Understand the protocol susceptible to sniffing
Understand active and passive sniffing
Understand ARP poisoning
Understand Ethereal capture and display filters
Understand MAC flooding
Understand DNS spoofing techniques
Describe sniffing countermeasures
Denial of Service
Understand the types of DoS Attacks
Understand how DDoS attack works
Understand how BOTs/BOTNETs work
What is a “Smurf” attack?
What is “SYN” flooding?
Describe the DoS/DDoS countermeasures
Chapter
3
3
3
3
4
4
4
4
4
4
4
4
4
5
5
5
5
5
5
5
5
5
6
6
6
6
6
6
6
7
7
7
7
7
7
Exam specifications and content are subject to change at any time without prior
notice and at the EC-Council’s sole discretion. Please visit EC-Council’s website
(www.eccouncil.org) for the most current information on their exam content.
Objective
Social Engineering
What is social engineering?
What are the common types of attacks?
Understand dumpster diving
Understand reverse social engineering
Understand insider attacks
Understand identity theft
Describe phishing attacks
Understand online scams
Understand URL obfuscation
Social engineering countermeasures
Session Hijacking
Understand spoofing vs. hijacking
List the types of session hijacking
Understand sequence prediction
What are the steps in performing session hijacking?
Describe how you would prevent session hijacking
Hacking Web Servers
List the types of web server vulnerabilities
Understand the attacks against web servers
Understand IIS Unicode exploits
Understand patch management techniques
Understand Web Application Scanner
What is the Metasploit Framework?
Describe web server hardening methods
Web Application Vulnerabilities
Understanding how a web application works
Objectives of web application hacking
Anatomy of an attack
Web application threats
Understand Google hacking
Understand web application countermeasures
Web-Based Password Cracking Techniques
List the authentication types
What is a password cracker?
How does a password cracker work?
Understand password attacks – classification
Understand password cracking countermeasures
SQL Injection
What is SQL injection?
Understand the steps to conduct SQL injection
Understand SQL Server vulnerabilities
Describe SQL injection countermeasures
Chapter
2
2
2
2
2
2
2
2
2
2
7
7
7
7
7
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
8
9
9
9
9

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin