Book Image

Certified Ethical Hacker (CEH) v12 312-50 Exam Guide

By : Dale Meredith
Book Image

Certified Ethical Hacker (CEH) v12 312-50 Exam Guide

By: Dale Meredith

Overview of this book

With cyber threats continually evolving, understanding the trends and using the tools deployed by attackers to determine vulnerabilities in your system can help secure your applications, networks, and devices. To outmatch attacks, developing an attacker's mindset is a necessary skill, which you can hone with the help of this cybersecurity book. This study guide takes a step-by-step approach to helping you cover all the exam objectives using plenty of examples and hands-on activities. You'll start by gaining insights into the different elements of InfoSec and a thorough understanding of ethical hacking terms and concepts. You'll then learn about various vectors, including network-based vectors, software-based vectors, mobile devices, wireless networks, and IoT devices. The book also explores attacks on emerging technologies such as the cloud, IoT, web apps, and servers and examines prominent tools and techniques used by hackers. Finally, you'll be ready to take mock tests, which will help you test your understanding of all the topics covered in the book. By the end of this book, you'll have obtained the information necessary to take the 312-50 exam and become a CEH v11 certified ethical hacker.
Table of Contents (23 chapters)
Section 1: Where Every Hacker Starts
Section 2: A Plethora of Attack Vectors
Section 3: Cloud, Apps, and IoT Attacks
Chapter 17: CEH Exam Practice Questions

The benefits of the CEH certification

The US Department of Defense (DoD) issued the directive 8570.1 in 2005 instructing everybody that handles US government IT to have baseline IT certifications, including ethical hacking. This is one of the most important reasons cybersecurity professionals pursue the CEH certification.

Besides being an industry standard, the CEH certification is internationally recognized, making it valid and valuable in IT industries across the world.

It is also a valuable certification on any IT résumé. It means a candidate understands how hackers think, and with everything that's been going on recently as far as hacking and technology are concerned, IT experts with this certification are, and will remain, in high demand.

Is the CEH certification right for you?

You will get the most out of this certification if you are a cybersecurity officer within your company or if you are a penetration tester, internal or external auditor, security professional-standard administrator or consultant site administrator, or a techie home user who wants to know how secure your environment is.

The requirements and the skills you need to become a CEH

There are standards to maintain as a CEH. This includes skills, values, and ethics from the International Council of E-Commerce Consultants (EC-Council) Code of Ethics, which you can find at The most critical of these requirements include the following:

  • Privacy
  • Disclosure
  • Area of expertise
  • Unauthorized usage
  • Authorization
  • Disclosure
  • Project management
  • Knowledge sharing
  • Confidence
  • Legal limits
  • Underground communities

Let's look at them in detail.


Ethical hackers come across information they are not allowed to use, steal, share, modify, change, or destroy. From security numbers to customer databases and intellectual property, their access is unlimited. It is their responsibility to guard that information at all times.


It is not uncommon for ethical hackers to uncover things that are uncomfortable to see, watch, or talk about. If they stumble upon such information or content, their duty is to report it. They owe it to the authorities or the concerned people to disclose everything they discover, however unsettling, gross, grave, or discomforting.

Area of expertise

An ethical hacker should not misrepresent themselves, feigning to know more than they do. Ethical hacking demands honesty about what an ethical hacker can and cannot do and openness about their level of knowledge, skill sets, and limitations. If you lack the necessary experience or training to handle something that's outside your realm, it is ethical to ask the company or employer to get an expert to handle it.

Unauthorized usage

An ethical hacker is to avoid using illegal or unethically obtained software and hardware. Also, if they uncover evidence of unauthorized usage in a company, they should not accept bribes to keep their lips sealed or join in for personal gain.


An ethical hacker needs to limit themselves to using resources, data, and/or information in authorized ways. Also, when working, an ethical hacker lets the company know how they intend to use data or information. They should also ensure that they get consent where necessary and avoid cutting corners.


When an ethical hacker discovers an issue in hardware or software, they verify with or notify the hardware manufacturer that their product is faulty before going public with information about the vulnerability. If the manufacturer does nothing about it, they blow the whistle to save users and share the solution if possible. Some folks would refer to this as a zero-day vulnerability, meaning that the vulnerability has been discovered before the vendor has any idea that it exists.

Project management

Ethical hackers need great management skills to be efficient and to manage their projects effectively. They need to set clear goals, have a reasonable project timeline, and communicate.

Knowledge sharing

Ethical hackers commit to learning, keeping abreast with new developments, sharing new discoveries, engaging fellow EC-Council members, and creating public awareness. They do this by teaching or giving free lectures, spreading information on social media platforms, and enlightening the people they know on securing hardware and software and how to use this knowledge.


Confidence, as an ethical hacker, means you should always present yourself in a professional, honest, and competent manner. This means even when you're competing with someone else for a particular project. In layman's terms, no backstabbing, folks. Now, as we go through the chapters in this book, we're going to be introducing some tools that can be extremely dangerous to networks. As an ethical hacker, you need to make sure that you have experience with any software, tricks, or tools you utilize against a network. An engagement is not the time or place to learn a new tool or technique. You need to be extremely careful. Do not fix issues you discover that are not within the scope of your project. Even if you think you know what's best for your company or their company, you always get guidance and permission for any action. There is no compromise. What we mean by this is that you are in no way going to purposely compromise or cause a company or organization's system to become compromised through the process of your professional dealings with them.

Legal limits

Whatever project an ethical hacker accepts needs to be approved, authorized, and legal. The code of ethics informs all their decisions. They always know what they are doing and what's expected of them; they are aware of their limitations, know what they can and cannot do, and know what's considered fair play and what's malicious.

Underground communities

Ethical hackers commit to not engaging in black-hat activities or associating with communities of black-hat hackers. They don't aid or help black-hat hackers advance their mission; they only engage them to find out what's new, what they know, what they do, and how they think.