What Is CEH? - ITU Online

What Is CEH?

Quick Answers To Common Questions

What Is CEH?

The Certified Ethical Hacker (CEH) is a professional certification provided by the EC-Council to IT professionals, proving their proficiency in ethical hacking. This certification covers a wide range of topics within the realm of cyber security, including but not limited to penetration testing, network security, and the identification of vulnerabilities within a system. The aim of the CEH is to certify individuals in the ethical hacking methodology, ensuring they have the knowledge and skills to protect and secure information systems against malicious attacks.

CEH Associated Exams

  • Certification Name: Certified Ethical Hacker (CEH)
  • Exam Code: 312-50
  • Exam Format: Multiple choice questions
  • Number of Questions: 125
  • Duration: 4 hours
  • Delivery Method: ECC Exam, VUE
  • Passing Score: Varies, as EC-Council uses a scaled scoring method

CEH Exam Costs

The cost to take the CEH exam varies depending on the training package chosen but typically ranges from $1,199 to $1,999. This cost may include training materials and courses, in addition to the exam voucher.

CEH Exam Objectives

  • Introduction to Ethical Hacking
  • Footprinting and Reconnaissance
  • Scanning Networks
  • Enumeration
  • Vulnerability Analysis
  • System Hacking
  • Malware Threats
  • Sniffing
  • Social Engineering
  • Denial-of-Service
  • Session Hijacking
  • Evading IDS, Firewalls, and Honeypots
  • Hacking Web Servers
  • Hacking Web Applications
  • SQL Injection
  • Hacking Wireless Networks
  • Hacking Mobile Platforms
  • Cloud Computing
  • Cryptography
Certified Ethical Hacker V12

Cybersecurity Ethical Hacker

To truly harness the full power of ethical hacking, explore ITU’s outstanding course.

Frequently Asked Questions Related to What Is CEH?

What prerequisites are needed for the CEH certification?

A strong foundational knowledge in networking and information security is recommended. Alternatively, attending official training through the EC-Council can waive the two-year work experience requirement in information security.

How long is the CEH certification valid?

The CEH certification is valid for three years. Certification holders must earn 120 Continuing Education credits within this period to maintain their certification status.

Can I take the CEH exam without attending the official training?

Yes, if you have at least two years of work experience in information security, you can apply for eligibility to take the exam without attending the official training by paying an eligibility fee.

What is the difference between CEH Practical and CEH (ANSI)?

The CEH (ANSI) certification focuses on knowledge and comprehension of ethical hacking methodologies, whereas the CEH Practical is a rigorous six-hour practical exam that tests your ability to perform hacking techniques and methodologies in real-world scenarios.

How can I prepare for the CEH exam?

Preparation can include self-study through official CEH study guides and practice exams, attending official training provided by EC-Council or its authorized training centers, and gaining practical experience in penetration testing and ethical hacking techniques.

Key Term Knowledge Base: Key Terms Related to Certified Ethical Hacker (CEH)

Understanding the key terms related to Certified Ethical Hacker (CEH) is crucial for anyone entering the field of cybersecurity, especially those aspiring to become ethical hackers. CEH is a professional designation offered by the EC-Council (International Council of E-Commerce Consultants) that certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. Ethical hackers are trained to look for weaknesses and vulnerabilities in target systems, using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). This knowledge base is essential for navigating the complex landscape of cybersecurity, understanding the threats and vulnerabilities that exist in modern networks, and developing the skills required to protect and secure digital assets.

Ethical HackingThe practice of bypassing system security to identify potential data breaches and threats in a network. The ethical hacker uses the same techniques as a malicious hacker but in a lawful and legitimate manner to assess the security posture of a target system.
EC-CouncilThe International Council of E-Commerce Consultants, an organization that offers certification for information security professionals, including the Certified Ethical Hacker (CEH) certification.
Penetration TestingThe process of testing a computer system, network, or web application to find vulnerabilities that an attacker could exploit.
Vulnerability AssessmentThe process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.
Social EngineeringA tactic that attackers use to trick individuals into revealing sensitive information, such as passwords or bank information.
PhishingA type of social engineering attack often used to steal user data, including login credentials and credit card numbers.
MalwareMalicious software designed to harm or exploit any programmable device, service, or network.
RansomwareA type of malicious software designed to block access to a computer system until a sum of money is paid.
FirewallA network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Intrusion Detection System (IDS)A device or software application that monitors a network or systems for malicious activity or policy violations.
CryptographyThe practice and study of techniques for secure communication in the presence of third parties called adversaries.
SQL InjectionA code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
Denial of Service (DoS)An interruption of an authorized user’s access to any system or network, typically one caused with malicious intent.
Distributed Denial of Service (DDoS)A type of attack where multiple compromised systems are used to target a single system causing a Denial of Service (DoS) attack.
Trojan HorseA type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users’ systems.
RootkitA collection of malicious software tools that enable unauthorized access to a computer or area of its software and often mask its existence or the existence of other software.
SpywareSoftware that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive.
KeyloggerA type of surveillance technology used to monitor and record each keystroke typed on a specific computer’s keyboard.
White HatA hacker who gains access to systems with a view to fix the identified weaknesses. They may also perform penetration testing and vulnerability assessments.
Black HatA hacker who violates computer security for personal gain or maliciousness.
Grey HatA hacker who is in between white hat and black hat. They may violate ethical standards or principles, but without the malicious intent ascribed to black hat hackers.
Security AuditAn evaluation of how well your security policies protect your company’s assets while identifying any weaknesses that need to be addressed.
BackdoorA means to access a computer system or encrypted data that bypasses the system’s customary security mechanisms.
ExploitA piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).
Patch ManagementThe process of managing patches or upgrades for software applications and technologies. A patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it.
Zero-Day ExploitA cyber attack that occurs on the same day a weakness is discovered in software. At that point, it’s exploited before a fix becomes available from its creator.

This list covers foundational concepts in ethical hacking and cybersecurity, providing a solid starting point for further exploration and study in the field.

LIFETIME All-Access IT Training

All Access Lifetime IT Training

Upgrade your IT skills and become an expert with our All Access Lifetime IT Training. Get unlimited access to 12,000+ courses!
Total Hours
2,619 Training Hours
13,281 On-demand Videos


Add To Cart
All Access IT Training – 1 Year

All Access IT Training – 1 Year

Get access to all ITU courses with an All Access Annual Subscription. Advance your IT career with our comprehensive online training!
Total Hours
2,627 Training Hours
13,409 On-demand Videos


Add To Cart
All-Access IT Training Monthly Subscription

All Access Library – Monthly subscription

Get unlimited access to ITU’s online courses with a monthly subscription. Start learning today with our All Access Training program.
Total Hours
2,619 Training Hours
13,308 On-demand Videos

$14.99 / month with a 10-day free trial