Exam 312-50 v5 Details:

Questions: 150
Time: 240 Minutes
Passing Score: 70%
Format: Multiple choice
Cost: $250.00
Other Requirements: 2 Years Exp, Must sign an Ethics Agreement.
Renewal: None.

Editors' Quick Thoughts

This cert is hot. It is the fastest growing security cert in the industry. Although there were only a few books, practice exams and instructional videos currently on the market, 2006 seemed to be the year that changed all that. The real training gem is found at one of many boot camp style, week long classes such as those taught by Jack Koziol at the InfoSec Institute in Chicago. Whether you plan on taking the exam or not, this is cool stuff to do in person. If you do plan on taking the exam, please read EC-Council's warning below. You must take your training at an authorized training facility like The Training Camp where EH-Net Members get discounts. Also keep in mind that v4 is being phased out. v5 of the courseware is available now in the US and on Nov 1, 2006 worldwide. The exam will be readily available in January of 2007. You will be able to take v4 of the exam until June 1, 2007. Check out the forum on the Official v5 Course Modules for a list of what to study. As far as the exam itself, if you are a hardcore penetration tester or 'ethical' hacker, than this will be just enough to test your baseline skills. If you are new to this game, you may find it a little daunting. Overall, we recommend this as a great mid-level technical cert. Why mid-level? This is clearly not management stuff, and it's not for the beginner. It's real, hands-on security technology. It does have a heavy focus on the tools of the trade and how to use them. But using them is only half of the equation. Being able to analize and report on the collected data is a slightly more advanced topic that is now in the domain of EC-Council's newest cert, ECSA (EC-Council Certified Security Analyst). If you don't have the time or the money to attend training, there are options for a self-study route. Either way, this is a fun way to get your feet wet in this growing industry.

From the Horse's Mouth (EC-Council's Web Site Content):

If you want to stop hackers from invading your network, first you've got to invade their minds.

Computers around the world are systematically being victimized by rampant hacking. This hacking is not only widespread, but is being executed so flawlessly that the attackers compromise a system, steal everything of value and completely erase their tracks within 20 minutes.

The goal of the ethical hacker is to help the organization take preemptive measures against malicious attacks by attacking the system himself; all the while staying within legal limits. This philosophy stems from the proven practice of trying to catch a thief, by thinking like a thief. As technology advances and organization depend on technology increasingly, information assets have evolved into critical components of survival.

If hacking involves creativity and thinking 'out-of-the-box', then vulnerability testing and security audits will not ensure the security proofing of an organization. To ensure that organizations have adequately protected their information assets, they must adopt the approach of 'defense in depth'. In other words, they must penetrate their networks and assess the security posture for vulnerabilities and exposure.

The definition of an Ethical Hacker is very similar to a Penetration Tester. The Ethical Hacker is an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods as a Hacker. Hacking is a felony in the United States and most other countries. When it is done by request and under a contract between an Ethical Hacker and an organization, it is legal. The most important point is that an Ethical Hacker has authorization to probe the target.

The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.

To achieve the Certified Ethical Hacker Certification, you must pass the CEH exam 312-50:

• Ethical Hacking and Countermeasures (312-50) Course Outline v5
   
• Click here to view CEH certification path
   
• Click here to view CEH certification FAQ
   
• Click here to view CEH exam FAQ
   
• Click here to download CEH brochure (7.2mb PDF document)
   
• Click here to visit EC-Council Roll of Honor page

WARNING: Students are warned against attending CEH training at unauthorized training centers. Only those who attend CEH training at EC-Council ATCs are eligible for CEH certification. Also you will be required to show proof of official CEH training attendance when you apply for EC-Council's LPT certification and Master of Security Science (MSS) degree program. Please e-mail us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it to check the authorized validity of a training center.

More from EC-Council.

EH-Net Resources

• Book Recommendations
• Related Forums

• Related News Feed