book

Certified Ethical Hacker (CEH) Study Guide

by Matt Walker

July 2025

Intermediate to advanced

482 pages

16h 19m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

Includes

Includes Quizzes

How to Use This BookGetting Ready: Preparing and Registering for the ExamPreparing for the ExamRegistering for the ExamThe Certification: More Than Just a TestTaking the ExamConventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgmentsDisclaimer
Security 101EssentialsSecurity BasicsMethodologies and FrameworksIntroduction to Ethical HackingHacking TerminologyThe Ethical HackerConclusion
Search EnginesGoogle HackingOther Search Engine TechniquesShodanUsing Web Services and Social Networking SitesWeb ServicesSocial Networking SitesWebsite and Email FootprintingDNS and Whois FootprintingNetwork FootprintingOther ToolsConclusion
FundamentalsTCP/IP NetworkingSubnettingIdentifying TargetsICMPARPPort ScanningPort Scan TypesNmapHping3EvasionVulnerability ScanningEnumerationWindows System BasicsUnix/Linux System BasicsEnumeration Techniques
EssentialsNetwork Knowledge for SniffingActive and Passive SniffingSniffing Tools and TechniquesTechniquesToolsEvasionDevices Aligned Against YouEvasion TechniquesConclusion
Getting StartedWindows Security ArchitectureLinux Security ArchitectureMethodologyHacking StepsAuthentication and PasswordsBuffer OverflowsPrivilege Escalation and Executing ApplicationsHiding Files and Covering Tracks
Web ServersWeb OrganizationsAttack MethodologyWeb Server ArchitectureWeb Server AttacksAttacking Web ApplicationsInjection Attacks Not Named SQLXSSCross-Site Request Forgery (CSRF)CookiesHTTP AttackSQL InjectionSQL QueriesHow SQL Injection Attacks WorkTypes of SQL Injection AttacksCountermeasures
Wireless Terminology, Architecture, and StandardsWireless EncryptionWEPWPA and WPA2WPA3Wireless HackingAttacksWireless Encryption AttacksWireless Sniffing
The Mobile WorldMobile Vulnerabilities and RisksOWASP’s Top 10 Mobile RisksMobile PlatformsMobile AttacksThe Internet of ThingsIoT ArchitectureIoT Vulnerabilities and AttacksCEH’s IoT Hacking MethodologyOperational Technology HackingOT ArchitectureCEH’s OT Attack Methodology
Cloud ComputingCloud Computing Service TypesCloud TerminologyCloud GovernanceCloud SecurityAttacks and HacksConclusion

The “Malware” AttacksDefinitionsTrojansViruses and WormsFileless MalwareMalware AnalysisMitigationRemaining AttacksDenial of ServiceSession Hijacking
Cryptography and Encryption: An OverviewEncryption Algorithms and TechniquesSymmetric EncryptionAsymmetric EncryptionHashing AlgorithmsSteganographyHardware EncryptionPKI, the Digital Certificate, and Digital SignaturesThe PKI SystemDigital CertificatesDigital SignaturesEncrypted Communication and Cryptography AttacksEncrypted CommunicationCryptography Attacks
Social EngineeringHuman-Based AttacksComputer-Based AttacksMobile-Based AttacksPhysical SecurityMitigationAccess ControlsSetting Up Physical Security
AI, Machine Learning, and LLMsAI and SecurityUsing AI as an Ethical HackerFootprinting and EnumerationVulnerability AnalysisSocial EngineeringAI and MalwareAI AttacksOWASP Top 10sThe Injection Attacks
Types of Security AssessmentsPen-Testing ToolsThe Pen TestSecurity Assessment DeliverablesGuidelinesWhat to Do If You Find Something IllegalConclusion

Content preview from Certified Ethical Hacker (CEH) Study Guide

Appendix B. Answer Key

D. Python is the correct choice because its OSI-approved open source license allows it to be used freely, even in commercial settings, and it’s frequently used for automating tasks like scheduling scans. ASP.NET and PHP are geared toward web development, focusing on creating dynamic web pages, which is not the primary function for scheduling system scans. C# is a general-purpose programming language but is not as commonly used for this specific task, nor does it have the same emphasis on open source licensing for scripting as Python.
A. NIST 800-53 is the correct answer as it provides a catalog of security controls specifically designed for US federal information systems, excluding national security-related systems. (Remember that exception—it may help you on the exam.) FITARA is legislation focused on how the US government acquires technology. HIPAA is concerned with protecting the privacy of health information. ISO 17799 is an international standard that outlines security objectives based on best practices, but it’s not specific to US federal systems.
B. The correct step is containment because disconnecting the computer from the network and powering it down are actions to limit the scope and impact of the information spillage. Recovery involves repairing damage after the incident. Eradication focuses on eliminating the cause of the incident, such as malware. Identification is the initial recognition that an incident has occurred.
D. PCI DSS is ...