Ec0-350 Certification Exam Training Materials&Study Guide

Ethical Hacking and Countermeasures (312-50)

New CEHv6 Exam

The CEH v5 exam will be available until June 3rd, 2009 then retired.

Note:

The exam codes EC0-350 are 312-50 are the same exam.
The exam title “Certified Ethical Hacker” and “Ethical Hacking and Countermeasures” are the same
VUE and Prometric systems use different exam codes.
The CEHv4 exam has been retired since June 1st 2007
CEHv5 exam is available on Prometric Prime, APTC and VUE.
Exams at VUE and Prometric APTC requires Eligibility Code. Please visit http://www.eccouncil.org/takeexam.htm for details
Credit Towards Certification

Certified Ethical Hacker
Master of Security Science (MSS)
Exam Details (CEHv6)

Number of Questions: 150
Passing Score: 70%
Test Duration: 4 Hours
Test Format: Multiple Choice
Test Delivery: Prometric Prime
Exam Version: 5
Release Date: November 13th, 2006
Exam Cost: USD 250
Skills Measured

The Exam 312-50 tests CEH candidates on the following 22 domains.

1. Ethics and Legal Issues
2. Footprinting
3. Scanning
4. Enumeration
5. System Hacking
6. Trojans and Backdoors
7. Sniffers
8. Denial of Service
9. Social Engineering
10. Session Hijacking
11. Hacking Web Servers
12. Web Application Vulnerabilities
13. Web Based Password Cracking Techniques
14. SQL Injection
15. Hacking Wireless Networks
16. Virus and Worms
17. Physical Security
18. Hacking Linux
19. IDS, Firewalls and Honeypots
20. Buffer Overflows
21. Cryptography
22. Penetration Testing Methodologies

Ethics and Legality

Ethics and Legality
Understand Ethical Hacking terminology
Define the Job role of an ethical hacker
Understand the different phases involved in ethical hacking
Identify different types of hacking technologies
List the 5 stages of ethical hacking?
What is hacktivism?
List different types of hacker classes
Define the skills required to become an ethical hacker
What is vulnerability research?
Describe the ways in conducting ethical hacking
Understand the Legal implications of hacking
Understand 18 U.S.C. § 1030 US Federal Law
Footprinting

Define the term Footprinting
Describe information gathering methodology
Describe competitive intelligence
Understand DNS enumeration
Understand Whois, ARIN lookup
Identify different types of DNS records
Understand how traceroute is used in Footprinting
Understand how e-mail tracking works
Understand how web spiders work
Scanning

Define the term port scanning, network scanning and vulnerability scanning
Understand the CEH scanning methodology
Understand Ping Sweep techniques
Understand nmap command switches
Understand SYN, Stealth, XMAS, NULL, IDLE and FIN scans
List TCP communication flag types
Understand War dialing techniques
Understand banner grabbing and OF fingerprinting techniques
Understand how proxy servers are used in launching an attack
How does anonymizers work
Understand HTTP tunneling techniques
Understand IP spoofing techniques
Enumeration

What is Enumeration?
What is meant by null sessions
What is SNMP enumeration?
What are the steps involved in performing enumeration?
System hacking

Understanding password cracking techniques
Understanding different types of passwords
Identifying various password cracking tools
Understand Escalating privileges
Understanding keyloggers and other spyware technologies
Understand how to Hide files
Understanding rootkits
Understand Steganography technologies
Understand how to covering your tracks and erase evidences
Trojans and Backdoors

What is a Trojan?
What is meant by overt and covert channels?
List the different types of Trojans
What are the indications of a Trojan attack?
Understand how “Netcat” Trojan works
What is meant by “wrapping”
How does reverse connecting Trojans work?
What are the countermeasure techniques in preventing Trojans?
Understand Trojan evading techniques
Sniffers

Understand the protocol susceptible to sniffing
Understand active and passive sniffing
Understand ARP poisoning
Understand ethereal capture and display filters
Understand MAC flooding
Understand DNS spoofing techniques
Describe sniffing countermeasures
Denial of Service

Understand the types of DoS Attacks
Understand how DDoS attack works
Understand how BOTs/BOTNETS work
What is “smurf” attack
What is “SYN” flooding
Describe the DoS/DDoS countermeasures
Social Engineering

What is Social Engineering?
What are the Common Types of Attacks
Understand Dumpster Diving
Understand Reverse Social Engineering
Understand Insider attacks
Understand Identity Theft
Describe Phishing Attacks
Understand Online Scams
Understand URL obfuscation
Social Engineering countermeasures
Session Hijacking

Understand Spoofing vs. Hijacking
List the types of Session Hijacking
Understand Sequence Prediction
What are the steps in performing session hijacking
Describe how you would prevent session hijacking
Hacking Web Servers

List the types of web server vulnerabilities
Understand the attacks Against Web Servers
Understand IIS Unicode exploits
Understand patch management techniques
Understand Web Application Scanner
What is Metasploit Framework?
Describe Web Server hardening methods
Web Application Vulnerabilities

Understanding how web application works
Objectives of web application hacking
Anatomy of an attack
Web application threats
Understand Google hacking
Understand Web Application Countermeasures
Web Based Password Cracking Techniques

List the Authentication types
What is a Password Cracker?
How does a Password Cracker work?
Understand Password Attacks – Classification
Understand Password Cracking Countermeasures
SQL Injection

What is SQL injection?
Understand the Steps to conduct SQL injection
Understand SQL Server vulnerabilities
Describe SQL Injection countermeasures
Wireless Hacking

Overview of WEP, WPA authentication systems and cracking techniques
Overview of wireless Sniffers and SSID, MAC Spoofing
Understand Rogue Access Points
Understand Wireless hacking techniques
Describe the methods in securing wireless networks
Virus and Worms

Understand the difference between an virus and a Worm
Understand the types of Viruses
How a virus spreads and infects the system
Understand antivirus evasion techniques
Understand Virus detection methods
Physical Security

Physical security breach incidents
Understanding physical security
What is the need for physical security?
Who is accountable for physical security?
Factors affecting physical security
Linux Hacking

Understand how to compile a Linux Kernel
Understand GCC compilation commands
Understand how to install LKM modules
Understand Linux hardening methods
Evading IDS, Honeypots and Firewalls

List the types of Intrusion Detection Systems and evasion techniques
List firewall and honeypot evasion techniques
Buffer Overflows

Overview of stack based buffer overflows
Identify the different types of buffer overflows and methods of detection
Overview of buffer overflow mutation techniques
Cryptography

Overview of cryptography and encryption techniques
Describe how public and private keys are generated
Overview of MD5, SHA, RC4, RC5, Blowfish algorithms
Penetration Testing Methodologies

Overview of penetration testing methodologies
List the penetration testing steps
Overview of the Pen-Test legal framework
Overview of the Pen-Test deliverables
List the automated penetration testing tools

Ec-council Info

Frequently Asked Questions

What is EC-Council?
The International Council of Electronic Commerce Consultants (EC-Council) is a member supported professional organization. The purpose of the EC-Council is to support and enhance the role of individuals and organizations who design, create, manage or market Security and E-Business solutions. We support our members by providing Electronic Commerce Consultant certification as well as educational, technical, placement, member advantage, and discounted services. We enhance our membership by providing a community where discussion and information exchange can operate freely in the context of mutual trust and benefit.

What Certification does EC-Council offer?
EC-Council offers various E-Business and Security certifications. Please visit http://www.eccouncil.org/certification.htm

Does EC-Council offer training?
Not directly. EC-Council has education alliance members worldwide that offer training, often at substantial discounts to EC-Council members. EC-Council is working with education and training organizations worldwide to help insure that quality, affordable education is available. For information about our education alliance members please visit education section.

What is the EC-Council certification all about?
EC-Council offers the popular Certified ethical hacker (CEH) and Computer Hacking Forensic Investigator (CHFI) certifications

Where can I go to get certified?
Numerous educational institutions and training companies will be providing the EC-Council program. Please contact your nearest regional representative for a list of educational institutions in your area who are EC-Council ATCs.

Is EC-Council’s certification vendor neutral?
We work hard to insure that the EC-Council certification standards cover appropriate industry standards while remaining as vendor neutral as possible. Naturally some content is technology or vendor specific, but as a rule, only widely adopted technologies and standards are covered.

Does EC-Council support vendor specific certification?
No.

Does EC-Council support self-study?
Yes. Please visit the education section.

Where do I take the exams?
EC-Council has partnered with industry leader, Prometric and VUE to deliver the exams. Prometric is a worldwide distribution network for computer-based testing services. With more than 2,500 testing centers serving 180 countries, Prometric’s network of testing centers is the largest network in the world.

How are your exams developed?
The EC-Council certification exams has been developed with the highest professional standards. The principles and processes employed by EC-Council conform to the Standards for Education and Psychological Testing. The EC-Council approach has been audited and validated by a psychometricians specializing in professional certification methodology. And all the questions on the certification exams have been reviewed and approved by a group of subject experts on behalf of EC-Council.

What is the job role of a Certified e-Business Professional?
The job role varies. Please check the job roles section.

How can my company become an EC-Council Accredited Training Center?
Please visit ATP section.

How do I start a local EC-Council chapter and what are the benefits?
Please write to us if you are interested in opening EC-Council chapter in your country

What is an EC-Council ATC?
EC-Council ATC is your link to EC-Council’s training and education partners who will be offering the CEH. CHFI and other certification training and testing.

What is your information privacy policy?
EC-Council does not sell or otherwise provide member information to any outside party.

When do I receive my membership welcome kit?
4 to 6 weeks after passing the exams.

How long does earning certification take?
How long it takes is largely up to you. If you choose a route that includes five-day class followed by an exam, then you’ll finish in less than a week. But to do this, you’ll either have to have a depth of knowledge in the relevant security technologies already or select a certification that’s very narrowly focused. The bottom line is that earning certification can take a week, or it can span several months. It’s basically up to you.

CEH Frequently Asked Questions

What is the difference between Exam 312-50 and Exam EC0-350?
EC-Council offers the Certified Ethical Hacker examination over two channels – the EC-Council Accredited Training Center (ATC) and the Authorized Prometric Testing Center (APTC). Only students who undergo training for CEH at any ATC are eligible to appear for the web based Prometric Prime exam (Exam 312-50).

Students who opt to pursue self study can appear for the exam EC0-350 at the Authorized Prometric Testing Center after they fulfill the examination eligibility criteria and produce the voucher number to Prometric.

In all other aspects the exams are identical in source and lead to the certification ‘Certified Ethical Hacker’.

Should I attend training to appear for the CEH exam?
EC-Council recommends that CEH aspirants attend formal classroom training at any of the accredited training centers to reap maximum benefit of the course and have a greater chance at clearing the examinations. The ATC will check your work experience before registering for the class. You are also required to sign a Non-Disclosure Agreement (NDA) when you enroll for the class.

What are the pre-requisites for taking a CEH exam?
If you attend CEH training, you are eligible to appear for the CEH examination. If you opt for self study, you must complete the eligibility form and fax it to EC-council for approval.

Is there any eligibility criteria?
It is mandatory for you to record two years of information security related work experience and get the same endorsed by your employer. In case you do not possess the same you can send us a request detailing your educational background and request for consideration on a case basis.

Why do I have to get approval from EC-Council to appear for the exam without the training?
EC-Council presents the body of knowledge through CEH to educate and assist information security professionals in hacking tools and techniques for legally accepted security testing purposes. It is the social responsibility of EC-Council to ensure that this knowledge is imparted to people with the right intent and obtain assurance that this body of knowledge will not be misused

Where do I purchase the prepaid examination vouchers?
You can place your request for an examination voucher for the Prime Prometric (Exam 312-50) at http://www.eccouncil.org/orders.htm

I have just completed the training. Can I defer taking a test to a later date?
Yes, you can. Ensure that you obtain a certificate of attendance upon completion of the training. You may contact the ATC at a later date and schedule the exam.

I have just completed the training. Can I take the test at a different location?
Yes, you can. You can take the exam at any ATC offering the CEH program by presenting your certificate of attendance. This will be verified against our records and your exam can be scheduled.

Do I have to recertify?
You will need to earn EC-Council Continuing Education Credits (ECE) to maintain the certification. Click here for more information.

Why are there different versions for the exam?
EC-Council certifications are under continuous development. We incorporate new techniques and technology as they are made available and are deemed necessary to meet the course objectives. This is reflected in our examination process as well as students are tested on concepts, techniques and technology.

How many times can I appear for the examination in case I do not pass in the first attempt?
There are no restrictions on the number of times you can appear for the examination, as long as you are able to contact the test center and schedule your exam in advance. There is no waiting period between attempts.

To request for another eligibility voucher to resit for the exam at Prometric APTC, send an e-mail to info@eccouncil.org with scanned copy of the exam score report. You don’t need to go through eligibility application process again.

Can I take the exam at VUE testing centers?
Yes. The 312-50 exam is available at VUE testing centers as well. Just like Prometric APTC, you will need an eligibility number to attempt the exam at VUE. The eligibility number issued for Prometric cannot be used for VUE and vice versa. You can indicate in the eligibility application form which center you will be taking the test. Please visit VUE’s EC-Council testing page at http://www.vue.com/eccouncil

Will EC-Council help me in scheduling the Prometric exam?
You are advised to contact Prometric Registration up to one business day prior to the date of the scheduled exam, before 7pm Central Standard Time.

When will I get my certificate once I pass the certification examination?
You will receive your welcome kit in eight week’s time after you have certified.

How many questions are there in the exam and what is the time duration?
The examination consists of 150 questions. The duration of the test varies according to location and channel. The exam 312-50 offered through Prometric Prime is of four hour duration. The exam EC0-350 offered through Prometric APTC is four hours for English speaking countries (US and others) and four and half hours for Non English speaking countries.

How much should I score to clear the exam?
The passing score is 70%.

I am doing a self study, how do I know I am ready to take the exam? Are there any practice tests?
Yes, you can take our practice tests to become familiar with the examination approach.

Can I purchase practice tests?
CEH exam practice tests are available from http://www.preplogic.com

What kind of questions can I expect in the exam? Do you have any exam pointers?
The examination tests you on security related concepts, hacking techniques and technology. You will be asked to decipher exploit codes, study log files, infer output and apply the knowledge acquired through the course.

Can I review my answers?
You can mark your questions and review your answers before you end the test.

I have completed my CEH certification. What is the next step?
You should go for ECSA/LPT certification track

I have more questions.
Thank you. Send them to info@eccouncil.org

Ec-council Info

EC-Council certifications are designed to provide the foundation needed by every Electronic Commerce and Security Professional. EC-Council curriculum provides broad range of skills and knowledge needed to build and manage an organization’s networking and security operations and to effectively utilize various resources to achieve operation excellence. Read more…

Ec-council Info

Take Exam

EC-Council has partnered with industry leader, Prometric to deliver the certification exams. Prometric is a worldwide distribution network for computer-based testing services. With more than 2,500 testing centers serving 180 countries, Prometric’s network of testing centers is the largest network in the world.
Read more…

Ec-council Info