INTRODUCTION
Welcome back, dear reader! If you’re standing there in your local bookstore, or reviewing these pages on your computer at an online retailer, then I think I’m safe in assuming you fall into one of a few different categories. Some of you may be curious about what a “hacking” study guide book looks like, or are thinking about attempting a new certification or career choice. Some of you may have already taken that decisive leap, started down the path, and are now looking for the next resource to help you along the journey. And some of you reading this may even be simply looking for some credentials for your career—most of this group are true professionals who already know how to do this job, and are just finally ready to get the certification knocked out, whereas a small few are simply looking for a resume bullet (one more certification you can put on your e-mail signature line to impress others).
Regardless of where you stand in your career or desires for this certification, I need to clear the air about a couple things right up front, before you commit to purchasing and reading this book. First and foremost (before I get to the bad stuff), I firmly believe this book will assist you in attaining your CEH certification. The entire team involved in this effort has put a lot of time, energy, thought, research, and bourbon into producing what we feel is the best companion resource guide on the market. I’m proud of it, and proud to have been associated with the professionals who helped put it together.
That said, if you’re looking for a silver bullet—a virtual copy of the exam that you can simply memorize, go take the test, and then forget everything—please stop reading now and go take your chances elsewhere.
Part of the ethics of attaining, and maintaining, a CEH credential is the non-disclosure agreement all candidates sign before attempting the exam. I, and everyone else involved in this project, have taken great pains to provide you with examples of questions designed to test your knowledge of the subject at hand, not to provide you questions to memorize. Those who are looking for that, and use that method to attain the certification, belittle and cheapen the hard work the rest of the community puts into this, and I would be sickened to know of any of them using this work for that purpose.
If you want to pass this exam and have the respect and benefits that come along with holding the certification, you better damn well know how to do the job. The memorization/test-taking junkies out there may get an interview or two with this cert on their resume, but trust me, they’ll be discovered as frauds before they ever get to round 2. This community knows the difference between a contender and a pretender, so don’t try to take shortcuts. Learn the material. Become an expert in it. Then go take the exam. If you’re not willing to put in the effort, maybe you should pick up another line of study, such as online gaming or housecleaning. To quote a really bad 80’s testosterone movie, “There’s always barber college.”
With all that out of the way—and now that I’m talking to the real CEH candidates—I firmly believe this book will help you in your attempt to attain the certification. As always, however, I must caution the rest of you: Relying on a single book—any single book—to pass this exam is a recipe for disaster. Yes, this is a great resource, and you should definitely buy it (right now—don’t wait!). However, you simply will not pass this exam without the time and benefit that can only come from experience. As a matter of fact, EC Council now requires candidates sitting for the exam to have at least two years of IT Security–related experience. Bolster your study in this book with practice, practice, and more practice. You’ll thank me for it later.
Lastly, keep in mind this certification isn’t a walk in the park. Certified Ethical Hacker (CEH) didn’t gain the reputation and value it has by being easy to attain. It’s worth has elevated: It is one of the top certifications a technician can attain, and is now a part of DoD 8570’s call for certification on DoD networks. In short, this certification actually means something to employers, because they know the effort it takes to attain it.
The exam itself—now on version 8—is a four-hour, 125-question grueling marathon that will leave you exhausted when you click the Finish button. EC Council has provided a handbook on the certification and exam (as of this writing, located at https://cert.eccouncil.org/wp-contents/uploads/CEH-Candidate-Handbook-v1.6-31012012.pdf) that provides all you’ll need to know about qualifications, content, and other information about the exam and certification. I’ve included some highlights from this handbook here, detailing the exam and what you’ll need.
To begin, the exam is proctored (that is, you take it in person at an authorized testing facility). As I stated earlier, it’s four hours long and is composed of 125 questions. It’s computer based, and allows you to skip and mark questions to revisit at the end. Your exam score is tabulated immediately after completion, so be sure to review everything before clicking Finish. A passing score is 70%, which means you need to answer at least 88 questions correctly. You can find authorized Prometric or VUE test facilities at their respective websites (www.prometric.com/ec-council and www.vue.com/eccouncil, respectively). Here are more details you’ll need to know:
• Test content: Version 8 of the CEH exam, per EC Council, is designed to test six different tasks and seven different knowledge categories. Tasks listed for the exam include “System Development & Management, System Analysis & Audits, Security Testing/Vulnerabilities, Reporting, Mitigation, and Ethics.” Knowledge categories tested on the exam include “Background, Analysis/Assessment, Security, Tools/ Systems/Programs, Procedures/Methodology, Regulation/Policy, and Ethics.”
• Eligibility: Per EC Council, you must either attend their official training—an official CEH instructor-led training (ILT), computer-based training (CBT), or online live training—or submit an Exam Eligibility Form (along with a $100 nonrefundable fee) proving you’ve been in the Security field for at least two years. In either case, once you’re approved to sit for the exam, EC Council will forward you a code that must be presented at the Authorized Prometric or VUE Testing Center on the date of the exam.
• Forms: Before sitting for the exam, you’ll be required to sign non-disclosure forms and candidate agreement forms (indicating you promise to be ethical in your hacking). If you’re taking the exam without attending any training, you’ll also need to submit the CEH Eligibility Form to [email protected]. The eligibility form requires the signatures of your colleagues and boss(es), and you’ll need to include a copy of valid government-approved identification. EC Council will contact your boss(es) for a follow-up interview to complete the process and verify your eligibility. All forms and submission instructions (fax numbers and e-mail addresses) are available within the handbook itself.
• Test-retake policy: If you fail the first attempt, there is no waiting period—you can immediately retake the test if you wish. On the second, third, and fourth failures, you must wait 14 days before a reattempt. The only other restriction is that you are not allowed to attempt the exam five times within a 12-month period.
• Getting your certification: Per the handbook, “Upon successful attainment of a minimum score, you will be issued your CEHv8 credential and will receive your CEHv8 welcome kit within 4–8 weeks. The CEH credential is valid for 3 year periods, but can be renewed each period by successfully earning EC-Council Continued Education (ECE) credits. All EC-Council-related correspondence will be sent to the email address provided during exam registration. If your email address changes, it is your responsibility to notify [email protected]; failing which you will not be able to receive critical updates from EC-Council.”
Best of luck to you, dear reader. I sincerely hope your exam goes well for you, and your career is filled with great experiences.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.