www.wiley.com
.
Library of Congress Control Number: 2021943988
Trademarks: WILEY, the Wiley logo, Sybex, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CEH is a trademark or registered trademark of EC-Council. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
Cover Image: © Getty Images Inc./Jeremy Woodhouse
Cover Design: Wiley
For my best friend, partner, and the best support and cheerleader I could ask for, Robin.
Acknowledgments
Thanks to my agent, Carole, for always looking out for me, and thanks to Robin for always supporting me and keeping me going as I worked through this process. Thanks as well to the Wiley staff, Tom Dinse, and Jim Minatel for their support through the editing of this book.
The publisher wishes to acknowledge the work of Raymond Blockmon, the author of the previous Sybex book CEH v9: Certified Ethical Hacker Version 9 Practice Tests. Although this new book, CEH v11: Certified Ethical Hacker Version 11 Practice Tests, is heavily updated with new and revised questions, Raymond's work on the CEH v9 book laid the foundation that made this new CEH v11 book possible.
About the Author
Ric Messier got started in information security in the early 1980s by discovering a privilege escalation vulnerability on an IBM mainframe that opened the door to the worldwide network of the BITNET for him. Since that time, he has been a programmer, system administrator, network engineer, security consultant, instructor, program director, and penetration tester as well as having led a security engineering team at a global Internet service provider (the company that built the ARPAnet). He has developed many training courses as well as having developed graduate degree programs for two colleges. Additionally, he's taught courses at Brandeis University, Champlain College, University of Colorado at Boulder, and Harvard University. He holds CEH, CCSP, GCIH, GSEC, and CISSP certifications and has previously held CCNA, MCSE, and MCP+I certifications. Additionally, he has a Master of Science degree in Digital forensic science. He is currently a Principal Consultant with Mandiant, a world leader in incident response and security consulting.
About the Technical Editor
Kenneth Tanner is an IT professional with 25+ years of extensive hands-on experience in networking, telecommunications, and systems administration, and the security thereof. He is currently a Senior Technical Instructor at FireEye/Mandiant where he provides instruction on incident response. He has also worked for Hughes Training, The University of Alabama System, and various private companies as a consultant and/or instructor. Kenneth attended the University of Alabama at Birmingham (UAB) in Birmingham, Alabama where he received both a Bachelor and Master of Science degree in Electrical Engineering. He currently holds the following certifications: (ISC)² CISSP, EC-Council CEH, CND and CHFI, CompTIA CASP, PenTest+, CySA+, Security+, and Network+, Cisco CCNA Route and Switch, CCNA Security, CCNA Voice, CCNA CyberOps, and CCDA, Axelos ITIL, Metasploit Pro Certified Specialist, and Nexpose Certified Administrator. He has taught many of the certifications he holds. Kenneth lives in Colorado with his wife, Nadean, and their two children Shelby and Gavin.
Introduction
This exam book is designed to give the CEH candidate a realistic idea of what the CEH exam will look like. As a candidate, you should be familiar with Wireshark, Nmap, and other tools. To get the most out of these exams, you should consider constructing a virtual lab and practicing with the tools to become familiar with viewing the logs that are generated. In preparing for the CEH exam, you will benefit greatly by using YouTube. YouTube is a goldmine of information—and it's free. It is also recommended that you keep up with the latest malware and cybersecurity news provided online. Most cybersecurity-related websites provide insight on the latest vulnerabilities and exploits that are in the wild. Keeping up-to-date with this information will only add value to your CEH knowledge and will help solidify your understanding even more.
What Is a CEH?
The Certified Ethical Hacker exam is to validate that those holding the certification under-stand the broad range of subject matter that is required for someone to be an effective ethical hacker. The reality is that most days, if you are paying attention to the news, you will see a news story about a company that has been compromised and had data stolen, a government that has been attacked, or even enormous denial-of-service attacks, making it difficult for users to gain access to business resources.
The CEH is a certification that recognizes the importance of identifying security issues to get them remediated. This is one way companies can protect themselves against attacks—by getting there before the attackers do. It requires someone who knows how to follow tech-niques that attackers would normally use. Just running scans using automated tools is insuf-ficient because as good as security scanners may be, they will identify false positives—cases where the scanner indicates an issue that isn’t really an issue. Additionally, they will miss a lot of vulnerabilities—false negatives—for a variety of reasons, including the fact that the vulnerability or attack may not be known.
Because companies need to understand where they are vulnerable to attack, they need people who are able to identify those vulnerabilities, which can be very complex. Scanners are a good start, but being able to find holes in complex networks can take the creative intel-ligence that humans offer. This is why we need ethical hackers. These are people who can take extensive knowledge of a broad range of technical subjects and use it to identify vulner-abilities that can be exploited.
The important part of that two-word phrase, by the way, is “ethical.” Companies have protections in place because they have resources they don’t want stolen or damaged. When they bring in someone who is looking for vulnerabilities to exploit, they need to be certain that nothing will be stolen or damaged. They also need to be certain that anything that may be seen or reviewed isn’t shared with anyone else. This is especially true when it comes to any vulnerabilities that have been identified.
The CEH exam, then, has a dual purpose. It not only tests deeply technical knowledge but also binds anyone who is a certification holder to a code of conduct. Not only will you be expected to know the content and expectations of that code of conduct, you will be expected to live by that code. When companies hire or contract to people who have their CEH certification, they can be assured they have brought on someone with discretion who can keep their secrets and provide them with professional service in order to help improve their security posture and keep their important resources protected.
About the Exam
The CEH exam has much the same parameters as other professional certification exams. You will take a computerized, proctored exam. You will have 4 hours to complete 125 questions. That means you will have, on average, roughly 2 minutes per question. The questions are all multiple choice. The exam can be taken through the ECC Exam Center or at a Pearson VUE center.
Should you want to take your certification even further, you could go after the CEH Prac-tical exam. For this exam you must perform an actual penetration test and write a report at the end of it. This demonstrates that in addition to knowing the body of material covered by the exam, you can put that knowledge to use in a practical way. You will be expected to know how to compromise systems and identify vulnerabilities.
To pass the exam, you will have