CEH Practice Exam
What is CEH Exam?
According to EC-Council, the creator of the CEH certification “The Certified Ethical Hacker (CEH) is a certification for an information security professional, also known as a white-hat hacker, who systematically tries to inspect network infrastructure with the consent of its owner to find security vulnerabilities that a malicious hacker could potentially exploit.”.
Time Limit: 4 hours
Formats: Multiple Choice
Number question: 125 questions
Passing score: To pass the CEH exam your score needs a minimum of at least a 70% on the exam or get 88 or more of the questions correctly.
What Is on the CEH V11 Exam?
Information Security and Ethical Hacking Overview – 6%
Introduction to Ethical Hacking
– Information Security Overview
– Cyber Kill Chain Concepts
– Hacking Concepts
– Ethical Hacking Concepts
– Information Security Controls
-Information Security Laws and Standards
Reconnaissance Techniques – 21%
Footprinting and Reconnaissance
– Footprinting Concepts
– Footprinting Methodology
– Footprinting through Search Engines
– Footprinting through Web Services
– Footprinting through Social Networking Sites
– Website Footprinting
– Email Footprinting
– Whois Footprinting
– DNS Footprinting
– Network Footprinting
– Footprinting through Social Engineering
– Footprinting Tools
– Footprinting Countermeasures
– Network Scanning Concepts
– Scanning Tools
– Host Discovery
– Port and Service Discovery
– OS Discovery (Banner Grabbing/OS Fingerprinting)
– Scanning Beyond IDS and Firewall
– Draw Network Diagrams
– Enumeration Concepts
– NetBIOS Enumeration
– SNMP Enumeration
– LDAP Enumeration
– NTP and NFS Enumeration
– SMTP and DNS Enumeration
– Other Enumeration Techniques (IPsec, VoIP, RPC, Unix/Linux, Telnet, FTP, TFTP, SMB, IPv6, and BGP enumeration)
– Enumeration Countermeasures
System Hacking Phases and Attack Techniques – 17%
– Vulnerability Assessment Concepts
– Vulnerability Classification and Assessment Types
– Vulnerability Assessment Solutions and Tools
– Vulnerability Assessment Reports
– System Hacking Concepts
– Gaining Access
– Cracking Passwords
– Vulnerability Exploitation
– Escalating Privileges
– Maintaining Access
– Executing Applications
– Hiding Files
– Clearing Logs
– Malware Concepts
– APT Concepts
– Trojan Concepts
– Virus and Worm Concepts
– File-less Malware Concepts
– Malware Analysis
– Malware Countermeasures
– Anti-Malware Software
Network and Perimeter Hacking – 14%
– Sniffing Concepts
– Sniffing Technique: MAC Attacks
– Sniffing Technique: DHCP Attacks
– Sniffing Technique: ARP Poisoning
– Sniffing Technique: Spoofing Attacks
– Sniffing Technique: DNS Poisoning
– Sniffing Tools
– Sniffing Countermeasures
– Sniffing Detection Techniques
– Social Engineering Concepts
– Social Engineering Techniques
– Insider Threats
– Impersonation on Social
– Networking Sites
– Identity Theft
– Social Engineering Countermeasures
– DoS/DDoS Concepts
– DoS/DDoS Attack Techniques
– Case Study
– DoS/DDoS Attack Tools
– DoS/DDoS Countermeasures
– DoS/DDoS Protection Tools
– Session Hijacking Concepts
– Application Level Session Hijacking
– Network Level Session Hijacking
– Session Hijacking Tools
– Session Hijacking Countermeasures
Evading IDS, Firewalls, and Honeypots
– IDS, IPS, Firewall, and Honeypot Concepts
– IDS, IPS, Firewall, and Honeypot Solutions
– Evading IDS
– Evading Firewalls
– IDS/Firewall Evading Tools
– Detecting Honeypots
– IDS/Firewall Evasion Countermeasures
Web Application Hacking – 16%
Hacking Web Servers
– Web Server Concepts
– Web Server Attacks
– Web Server Attack Methodology
– Web Server Attack Tools
– Web Server Countermeasures
– Patch Management
– Web Server Security Tools
Hacking Web Applications
– Web App Concepts
– Web App Threats
– Web App Hacking Methodology
– Footprint Web Infrastructure
– Analyze Web Applications
– Bypass Client-Side Controls
– Attack Authentication Mechanism
– Attack Authorization Schemes
– Attack Access Controls
– Attack Session Management Mechanism
– Preform Injection Attacks
– Attack Application Logic Flaws
– Attack Shared Environments
– Attack Database Connectivity
– Attack Web App Client
– Attack Web Services
– Web API, Webhooks, and Web Shell
– Web App Security
– SQL Injection Concepts
– Types of SQL Injection
– SQL Injection Methodology
– SQL Injection Tools
– Evasion Techniques
– SQL Injection Countermeasures
Wireless Network Hacking – 6%
Hacking Wireless Networks
– Wireless Concepts
– Wireless Encryption
– Wireless Threats
– Wireless Hacking Methodology
– Wireless Hacking Tools
– Bluetooth Hacking
– Wireless Countermeasures
– Wireless Security Tools
Mobile Platform, IoT, and OT Hacking – 8%
Hacking Mobile Platforms
– Mobile Platform Attack Vectors
– Hacking Android OS
– Hacking iOS
– Mobile Device Management
– Mobile Security Guidelines and Tools
IoT and OT Hacking
– IoT Concepts
– IoT Attacks
– IoT Hacking Methodology
– IoT Hacking Tools
– IoT Countermeasures
– OT Concepts
– OT Attacks
– OT Hacking Methodology
– OT Hacking Tools
– OT Countermeasures
Cloud Computing – 6%
– Cloud Computing Concepts
– Container Technology
– Serverless Computing
– Cloud Computing Threats
– Cloud Hacking
– Cloud Security
Cryptography – 6%
– Cryptography Concepts
– Encryption Algorithms
– Cryptography Tools
– Public Key Infrastructure (PKI)
– Email Encryption
– Disk Encryption
CEH Exam FAQs
How many questions are on the CEH v11 exam?
There are 125 questions in the CEH v11 exam
Is the CEH exam hard?
It depends on you. If you have learned the OSCP then you will find the CEH easy(ish). If you have never learned anything about InfoSec and Offensive security principles and technologies, hacker software or otherwise, then you will likely find passing the CEH exam very difficult.
So the advice is to read the courseware thoroughly, go through each slide, and play with all the pen-testing tools at least mentioned in the core tools domains of CEH. Take the exam that is available on the EC-Council website to have a feeling of the real exam which ultimately helps you to prepare for the challenges in real life as well as to clear the examination.
What is the CEH certification salary?
The average annual salary for certified ethical hackers is $82,966, with a range of $46,000 to $143,000. But the amount that you will earn in a CEH position is dependent on your experience. It’s reasonable to earn around $82,900 in an entry-level position with 1 – 4 years of experience. With 5-9 years of experience, that goes up to $89,000. Moreover, CEH positions filled by an experienced professional who is nearing mid-career can expect to earn a six-figure salary.
Does CEH expire?
Yes, your CEH credential is valid for 3 years. You have to earn a total of 120 credits within 3 years of the ECE cycle period to maintain your certification.
How much does the CEH exam cost?
Is CEH certification valuable?
Yes, it is worth the effort and time. Good knowledge of ethical hacking along with CEH certification will boost your job. Certification alone might not support you in getting a job with a high salary.
What happens if you fail the CEH exam?
If a candidate fails an EC-Council exam, he/she can purchase an ECC Exam center voucher to retake the exam at a discounted price.
If a candidate is not able to pass the exam on the first try, no cooling or waiting period is required to attempt the exam for the second time (1st retake).
If a candidate is not able to pass the second try(1st retake), a waiting period of 14 days is required prior to attempting the exam for the third time (2nd retake).
If a candidate is not able to pass the third try (2nd retake), a waiting period of 14 days is required prior to attempting the exam for the fourth time (3rd retake).
If a candidate is not able to pass the fourth try (3rd retake), a waiting period of 14 days is required prior to attempting the exam for the fifth time (4th retake).
A candidate is not permitted to take a given exam more than five times in a 12-month (1 year) period and a waiting period of 12 months will be imposed before being allowed to attempt the exam for the sixth time (5th retake).
Candidates who pass the exam are not permitted to attempt the same version of the exam for the second time.
Can I take the CEH exam from home?
Yes! But things have changed and exams can be taken online – remotely monitored with a proctor watching via webcam and screen-sharing.
Where can I take the CEH test?
The CEH exam (312-50) is available at the ECC Exam Centre and Pearson Vue testing centers. For VUE, please visit https://www.vue.com/eccouncil.
The Passemallis a friendly, accessible choice for learners of all ages and backgrounds to take the test. Get more study guides and practice tests so come join us today!
CISM vs CISSP: Which Certification Should I Take in 2022?
The CISM and CISSP certifications are widely popular among IT workers. Learn more information about CISM vs CISSP in this post to help you decide easier.
The Comprehensive Guide To Earning CISSP CPE Credits in 2022
To maintain their CISSP certification, all CISSP holders must earn continuing professional education (CPE) credits. Read on to know all about CISSP CPE credits.
CASP vs CISSP: Which Certification Should I Take in 2022?
CASP vs CISSP are two popular certifications within the field of information technology. Find out the most suitable certification for you below!