Home > Articles > Other IT Certifications > CEH

Like this article? We recommend

Like this article? We recommend

Exam Objectives

Exam Objectives

The exam covers the current objectives (obtained directly from the online reference):

Module 01: Introduction to Ethical Hacking

  • Understand the issues plaguing the information security world
  • Understand various hacking terminologies
  • Understand the basic elements of information security
  • Understand the security, functionality and ease of use triangle
  • List the 5 stages of ethical hacking
  • Understand the different type of hacker attacks
  • Define hactivism and understand the classification of hackers
  • Understand who is an ethical hacker
  • How do you become an ethical hacker
  • List the profile of a typical ethical hacker
  • Understand vulnerability research and list the various vulnerability research tools
  • Describe the ways to conduct ethical hacking
  • What are the different ways an ethical hacker tests a target network

Module 02: Hacking Laws

  • Understand the U.S Federal Laws related to Cyber Crime
    • 18 U.S.C. § 1029
    • 18 U.S.C. § 1030
    • 18 U.S.C. § 1362
    • 18 U.S.C. § 1831
    • 18 U.S.C. § 2318
    • 18 U.S.C. § 2320
    • 18 U.S.C. § 2510 et seq
    • 18 U.S.C. § 2701 et seq
    • 47 U.S.C. § 605
    • Understand the SPY ACT
    • Washington: RCW 9A.52.110
    • Florida: § 815.01 to 815.07
    • Indiana: IC 35-43
    • Federal Managers Financial Integrity Act of 1982
    • The Freedom of Information Act: 5 U.S.C. § 552
    • Federal Information Security Management Act (FISMA)
    • The Privacy Act Of 1974: 5 U.S.C. § 552a
    • USA Patriot Act of 2001
    • Government Paperwork Elimination Act (GPEA)
  • Understand the Cyber Crime Law in Mexico
    • Section 30-45-5—Unauthorized computer use
  • Understand the Cyber Crime Laws in Brazil
    • Art. 313-A : Entry of false data into the information system
    • Art. 313-B : Unauthorized modification or alteration of the information system
  • Understand the Cyber Crime Law in Canada
    • Canadian Criminal Code Section 342.1
  • Understand the Cyber Crime Laws in the United Kingdom
    • Computer Misuse Act 1990
    • Police and Justice Act 2006
  • Understand the Cyber Crime Law in Europe
    • Section 1 - Substantive Criminal Law
  • Understand the Cyber Crime Law in Belgium
    • Computer Hacking Article 550(b)
  • Understand the Cyber Crime Law in Denmark
    • Penal Code Section 263
  • Understand the Cyber Crime Laws in France
    • Article 323-1
    • Article 323-2
  • Understand the Cyber Crime Laws in Germany
    • Penal Code Section 202a. Data Espionage
    • Penal Code Section 303a: Alteration of Data
  • Understand the Cyber Crime Law in Greece
    • Criminal Code Article 370C§2
  • Understand the Cyber Crime Law in Italy
    • Penal Code Article 615 ter: Unauthorized access into a computer or telecommunication systems
  • Understand the Cyber Crime Law in Italy
    • Criminal Code Article 138a
  • Understand the Cyber Crime Laws in Norway
    • Penal Code § 145
    • Penal Code §145b
    • Penal Code § 151 b
  • Understand the Cyber Crime Laws in Switzerland
    • Article 143b
    • Article 144b
  • Understand the Cyber Crime Law in Australia
    • The Cybercrime Act 2001
  • Understand the Cyber Crime Law in India
    • The Information Technology Act, 2000
  • Understand the Cyber Crime Law in Japan
    • Law No. 128 of 1999
  • Understand the Cyber Crime Law in Singapore
    • Chapter 50A: Computer misuse Act
  • Understand the Cyber Crime Laws in Korea
    • Chapter VI Stability of the Information and Communications Network: Article 48, Article 49
    • Chapter IX Penal Provisions: Article 61
  • Understand the Cyber Crime Law in Malaysia
    • Computer Crimes Act 1997
  • Understand the Cyber Crime Law in Hong Kong
    • Telecommunication Law

Module 03: Footprinting

  • Define the term Footprinting
  • Understand the areas and information that hackers seek
  • Describe information gathering methodology
  • Understand passive information gathering
  • Understand competitive intelligence and its need
  • Role of financial websites in footprinting
  • Role of job portals in footprinting
  • Understand DNS enumeration
  • Understand Whois, ARIN lookup , Nslookup
  • Identify different types of DNS records
  • Understand how traceroute is used in Footprinting
  • Role of search engines in footprinting
  • Understand how e-mail tracking works
  • Understand how web spiders work
  • List the steps to fake a website

Module 04: Google Hacking

  • Understand the term Google Hacking
  • Understand the Google Hacking Database
  • How can hackers take advantage of the Google Hacking Database
  • Understand the basics of Google Hacking
  • Being anonymous using Cache
  • How can Google be used as a proxy server
  • Understand directory listings
  • Understand server versioning
  • Understand directory traversal
  • Understand incremental substitution
  • Understand the advanced Google operators
  • How to locate exploits and find targets
  • How to track down web servers, login portals and network hardware
  • Understand the various Google Hacking Tools

Module 05: Scanning

  • Define the term port scanning, network scanning and vulnerability scanning
  • Understand the objectives of scanning
  • Understand the CEH scanning methodology
  • Understand Ping Sweep techniques
  • Understand the Firewalk tool
  • Understand Nmap command switches
  • Understand the three way handshake
  • Understand the following Scans: SYN, Stealth, XMAS, NULL, IDLE, FIN, ICMP Echo, List, TCP Connect, Full Open, FTP Bounce, UDP, Reverse Ident, RPC, Window
  • Understand FloppyScan
  • List TCP communication flag types
  • Understand War dialing techniques
  • Understand banner grabbing using OS fingerprinting, Active Stack Fingerprinting, Passive Fingerprinting and other techniques and tools
  • Understand vulnerability scanning using BidiBlah and other hacking tools
  • Draw network diagrams of vulnerable hosts using various tools
  • Understand how proxy servers are used in launching an attack
  • How does anonymizers work
  • Understand HTTP tunneling techniques
  • Understand IP spoofing techniques
  • Understand various scanning countermeasures

Module 06: Enumeration

  • Understand the system hacking cycle
  • Understand Enumeration and its techniques
  • Understand null sessions and its countermeasures
  • Understand SNMP enumeration and its countermeasures
  • Describe the steps involved in performing enumeration

Module 07: System Hacking

  • Understand the different types of password
  • Understand the different types of password attacks
  • Understand password cracking techniques
  • Understand Microsoft Authentication mechanism
  • Describe password sniffing
  • Identifying various password cracking tools
  • What are the various password cracking countermeasures
  • Understand privilege escalation
  • Understand keyloggers and other spyware technologies
  • Understand different ways to hide files
  • Understanding rootkits
  • How do you identify rootkits, list the steps for the same
  • Understand Alternate Data Streams
  • Understand Steganography technologies
  • Understand how to covering your tracks and erase evidences

Module 08: Trojans and Backdoors

  • What is a Trojan
  • Understand overt and covert channels
  • Understand working of Trojans
  • List the different types of Trojans
  • What do Trojan creators look for
  • List the different ways a Trojan can infect a system
  • What are the indications of a Trojan attack?
  • Identify the ports used by Trojan
  • Identify listening ports using netstat
  • What is meant by “wrapping”
  • Understand Reverse Shell Trojan
  • Understand ICMP tunneling
  • Understand various classic Trojans
  • Understand how “Netcat” Trojan works
  • Understand the Trojan horse constructing kit
  • Understand Trojan detection techniques
  • Understand Trojan evading techniques
  • How to avoid a Trojan infection

Module 09: Viruses and Worms

  • Understand virus and its history
  • Characteristics of a virus
  • How does a virus work
  • Understand the motive behind writing a virus
  • Symptoms of virus attack
  • What is a virus hoax
  • Understand the difference between a virus and a worm
  • Understand the life cycle of virus
  • Understand the types of viruses
  • How a virus spreads and infects the system
  • Understand the storage pattern of virus
  • Understand various types of classic virus found in the wild
  • Virus writing technique
  • Virus construction kits
  • Understand antivirus evasion techniques
  • Understand Virus detection methods

Module 10: Sniffers

  • Understand sniffing and protocols vulnerable to it
  • Discuss types of sniffing
  • Understand Address Resolution Protocol (ARP)
  • How does ARP Spoofing work
  • Understand active and passive sniffing
  • Understand ARP poisoning
  • Understand MAC duplicating
  • Understand ethereal capture and display filters
  • Understand MAC flooding
  • Understand DNS spoofing techniques
  • Describe sniffing countermeasures

Module 11: Social Engineering

  • What is Social Engineering
  • Understand human weakness
  • List the different types of social engineering
  • Understand Dumpster Diving
  • Understand Reverse Social Engineering
  • Understand Insider attacks and its countermeasures
  • Understand Social Engineering threats and defense
  • Understand Identity Theft
  • Describe Phishing Attacks
  • Understand Online Scams
  • Understand URL obfuscation
  • Understand social engineering on social networking sites
  • Social Engineering countermeasures

Module 12: Phishing

  • Understand phishing and reasons for its success
  • Different types of phishing
  • Explain the process of phishing
  • List different types of phishing attacks
  • List the anti-phishing tools and countermeasures

Module 13: Hacking Email Accounts

  • List different ways to get information related to e-mail accounts
  • Understand various e-mail hacking tools
  • How to create strong passwords for e-mail accounts
  • Explain Sign-in Seal

Module 14: Denial of Service

  • Understand Denial of Service(DoS) attacks
  • What is the goal of a DoS attack
  • Impact and modes of DoS attack
  • Types of attacks
  • Classify different types of DoS attacks
  • Understand various tools used to launch DoS attacks
  • Understand botnets and their use
  • List the types of bots and their mode of infection
  • Understand how DDoS attack works
  • Characteristics of a DDoS attack
  • Explain the Agent-Handler Model and DDoS IRC Model
  • Understand Reflective DNS attacks
  • How to conduct a DDoS attack
  • Understand Reflected DoS attack
  • Describe the DoS/DDoS countermeasures

Module 15: Session Hijacking

  • Understand session hijacking
  • Understand spoofing vs. hijacking
  • What are the steps to perform session hijacking
  • List the types in session hijacking
  • Understand session hijacking levels
  • Understand sequence number prediction
  • Describe countermeasure to session hijacking

Module 16: Hacking Webservers

  • Understand the working of a webserver
  • How are webservers compromised
  • Understand web server defacement
  • Understand the attacks against web servers
  • List the types of web server vulnerabilities
  • Understand IIS Unicode exploits
  • Understand patch management techniques
  • Understand Web Application Scanner
  • What is Metasploit Framework
  • Understand various webserver testing tools
  • Understand patch management
  • List best practices for patch management
  • Describe Web Server hardening methods
  • Webserver protection checklist

Module 17: Web Application Vulnerabilities

  • Understand the working of a web application
  • Objectives of web application hacking
  • Anatomy of an attack
  • Understand various web application threats and its countermeasures
  • Understand various web application hacking tools

Module 18: Web Based Password Cracking Techniques

  • Understand authentication and authentication mechanisms
  • Rules to select a good password
  • Things to avoid while selecting passwords
  • How to protect passwords
  • How hackers get hold of passwords
  • What is a Password Cracker?
  • How does a Password Cracker work
  • Modus operandi of an attacker using password cracker
  • Understand Password Attacks—Classification
  • Understand Password Cracking Countermeasures

Module 19: SQL Injection

  • What is SQL injection
  • Understand the steps to conduct SQL injection
  • Understand various SQL injection techniques
  • Understand SQL Server vulnerabilities
  • How to test for SQL injection vulnerabilities
  • Understand various SQL injection tools
  • Understand Blind SQL injection and its countermeasures
  • Understand SQL Injection countermeasures
  • How to protect web sites from SQL injection attacks

Module 20: Hacking Wireless Networks

  • Understand wireless network architecture
  • Differentiate between wireless and wired network
  • What are the effects of wireless networks on business
  • Understand the types of wireless networks
  • List the advantage and disadvantage of wireless network
  • Understand various wireless standards
  • Understand various wireless concepts and devices
  • Overview of WEP, WPA, WPA2 authentication systems and cracking techniques
  • Overview of wireless Sniffers and SSID, MAC Spoofing
  • Understand Rogue Access Points
  • Understand wireless hacking techniques
  • Understand TKIP, LEAP
  • Understand MAC Sniffing, AP Spoofing, MITM, DoS attacks
  • Understand phone jammers
  • How to detect a wireless network
  • Understand various wireless hacking tools
  • List the steps to hack a wireless network
  • Understand WIDZ and RADIUS
  • Describe the methods in securing wireless networks

Module 21: Physical Security

  • Physical security breach incidents
  • Understanding physical security
  • Need for physical security
  • Who is accountable for physical security
  • Factors affecting physical security
  • Physical security checklist for organizations
  • Authentication mechanisms
  • How to fake fingerprints
  • Understand wiretapping
  • Understand lock picking
  • Understanding wireless and laptop security
  • Laptop security countermeasures
  • Understand mantrap, TEMPEST
  • List the challenges in ensuring physical security
  • Understand spyware technology

Module 22: Linux Hacking

  • What is the need for a Linux Operating System
  • Linux distributors
  • Understand the basic commands of Linux
  • Understand the Linux file structure and networking commands
  • List the directories in Linux
  • Understand how to install, configure and compile a Linux Kernel
  • Understand installing a Kernel patch
  • Understand GCC compilation commands
  • List vulnerabilities in Linux
  • Why is Linux hacked
  • How to apply patches to vulnerable programs
  • Understand password cracking in Linux
  • Understand IP Tables
  • Basic Linux Operating System Defense
  • Understand how to install LKM modules
  • Understand AIDE
  • Understand Linux hardening methods

Module 23: Evading IDS, Honeypots and Firewalls

  • Understand Intrusion Detection Systems (IDS)
  • Where to place an IDS
  • Ways to detect an intrusion
  • Understand the types of IDS
  • Understand System Integrity Verifiers
  • Understand True/False, Positive/Negative
  • Signature analysis in an IDS
  • List the general indications of a possible intrusion
  • Steps to perform after IDS detects attack
  • List the IDS evasion techniques
  • Understand firewall and its working
  • List the type of firewalls
  • Understand firewalking, banner grabbing
  • IDS and Firewall testing tool
  • What is a honeypot
  • List the types of honeypots, advantage and disadvantage
  • Honeypot placement
  • Differentiate between physical and virtual honeypots
  • Countermeasures to hack attacks

Module 24: Buffer Overflows

  • Why are programs/applications vulnerable to buffer overflow
  • Understand buffer overflows and reasons for attacks
  • List the knowledge required to program buffer overflow exploits
  • Understand stacks, heaps, NOPS
  • Identify the different types of buffer overflows and methods of detection
  • Understand assembly language
  • Overview of shellcode
  • Overview of buffer overflow mutation techniques
  • Writing buffer overflow programs in C
  • Buffer overflow code analysis

Module 25: Cryptography

  • Overview of cryptography and encryption techniques
  • Understand cryptographic algorithms
  • Describe how public and private keys are generated
  • Overview of MD5, SHA, RC4, RC5, Blowfish algorithms
  • Understand digital signature
  • List the components of a digital signature
  • Method of digital signature technology
  • Application of digital signature
  • Understand digital signature standard
  • Digital signature algorithm
  • Overview of digital certificates
  • Understand code breaking methodologies
  • Understand cryptanalysis
  • List the cryptography attacks

Module 26: Penetration Testing Methodologies

  • Overview of penetration testing methodologies
  • Understand security assessments
  • Understand vulnerability assessment and its limitation
  • Understand types of penetration testing
  • Understand risk management
  • Outsourcing penetration testing service
  • List the penetration testing steps
  • Overview of the Pen-Test legal framework
  • Overview of the Pen-Test deliverables
  • List the automated penetration testing tools
  • Best practices
  • Phases of penetration testing

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020