CEH-001 Exam Format | CEH-001 Course Contents | CEH-001 Course Outline | CEH-001 Exam Syllabus | CEH-001 Exam Objectives

Number of Questions: 125

Test Duration: 4 Hours

Test Format: Multiple Choice



The Certified Ethical Hacker (CEH) program is the most comprehensive ethical hacking course on the globe to help information security professionals grasp the fundamentals of ethical hacking. The course outcome helps you become a professional who systematically attempts to inspect network infrastructures with the consent of its owner to find security vulnerabilities which a malicious hacker could potentially exploit. The course helps you assess the security posture of an organization by identifying vulnerabilities in the network and system infrastructure to determine if unauthorized access is possible. The CEH is the first of a series of 3 comprehensive courses (CEH, ECSA and the APT course) to help a cyber security professional master penetration testing.



In order to maintain the high integrity of our certifications exams, EC-Council Exams are provided in multiple forms (I.e. different question banks). Each form is carefully analyzed through beta testing with an appropriate sample group under the purview of a committee of subject matter experts that ensure that each of our exams not only has academic rigor but also has “real world” applicability. We also have a process to determine the difficulty rating of each question. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 85%



- Introduction to Ethical Hacking

- Footprinting and Reconnaissance

- Scanning Networks

- Enumeration

- Vulnerability Analysis

- System Hacking

- Malware Threats

- Sniffing

- Social Engineering

- Denial-of-Service

- Session Hijacking

- Evading IDS, Firewalls, and Honeypots

- Hacking Web Servers

- Hacking Web Applications

- SQL Injection

- Hacking Wireless Networks

- Hacking Mobile Platforms

- IoT Hacking

- Cloud Computing

- Cryptography



- Key issues plaguing the information security world, incident management process, and penetration testing

- System hacking methodology, steganography, steganalysis attacks, and covering tracks

- Dierent types of Trojans, Trojan analysis, and Trojan countermeasures

- Working of viruses, virus analysis, computer worms, malware analysis procedure, and countermeasures

- Packet sning techniques and how to defend against sning

- Social Engineering techniques, identify theft, and social engineering countermeasures

- DoS/DDoS attack techniques, botnets, DDoS attack tools, and DoS/DDoS countermeasures

- Various types of footprinting, footprinting tools, and countermeasures

- Enumeration techniques and enumeration countermeasures

- Network scanning techniques and scanning countermeasures

- Session hijacking techniques and countermeasures

- Different types of webserver attacks, attack methodology, and countermeasures

- Different types of web application attacks, web application hacking methodology, and countermeasures

- Wireless Encryption, wireless hacking methodology, wireless hacking tools, and wi-fi security tools

- Mobile platform attack vector, android vulnerabilities, jailbreaking

- iOS, windows phone 8 vulnerabilities, mobile security guidelines, and tools

- Firewall, IDS and honeypot evasion techniques, evasion tools, and countermeasures

- Various cloud computing concepts, threats, attacks, and security techniques and tools

- Different types of cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools

- Various types of penetration testing, security audit, vulnerability assessment, and penetration testing roadmap

- SQL injection attacks and injection detection tools