Ethical Hacking and Countermeasures Exam CEH

certified ethical hacker exam

Exam Details

Credits Towards Certification

Certified Ethical Hacker 8

Exam Details
  • Number of Questions: 125
  • Passing Score: 70%
  • Test Duration: 4 hours
  • Test Format: Multiple choice
  • Test Delivery:
  • Web based via Prometric Prime (Exam Prefix - 312-50)
  • Authorized Prometric Testing Centers (Exam Prefix - EC0-350)
  • Vue Testing Center (Exam Prefix - 312-50)


Exam Code

Exam Code

The exam code varies when taken at different testing centers.
  • Exam 312-50: Web based ‘Prometric Prime’ at Accredited Training Centers (ATC).
  • Exam EC0-350: Proctored test at Authorized Prometric Testing Centers (APTC) globally.
  • Exam 312-50: VUE Testing centers

Skills Measured

Skills Measured

The exam 312-50 tests CEH candidates on the following 19 domains.
  • Introduction to Ethical Hacking
  • Footprinting and Reconnaissance
  • Scanning Networks
  • Enumeration
  • System Hacking
  • Trojans and Backdoors
  • Viruses and Worms
  • Sniffers
  • Social Engineering
  • Denial of Service
  • Session Hijacking
  • Hacking Webservers
  • Hacking Web Applications
  • SQL Injection
  • Hacking Wireless Networks
  • Evading IDS, Firewalls, and Honeypots
  • Buffer Overflow
  • Cryptography
  • Penetration Testing

CEH (312-50)Exam

Section Knowledge of: Weight Number of Questions
A networking technologies (e.g., hardware, infrastructure)
B webtechnologies (e.g., web 2.0, skype)
C systems technologies
D communication protocols
E malware operations
F mobile technologies (e.g., smart phones)
G telecommunication technologies
H backups and archiving (e.g., local, network)
4% 5
A data analysis
B systems analysis
C risk assessments
D technical assessment methods
13% 16
A systems security controls
B application/fileserver
C firewalls
D cryptography
E network security
F physical security
G threat modeling
H verification procedures (e.g.,false positive/negative validation)
I social engineering (human factors manipulation)
J vulnerability scanners
K security policy implications
L privacy/confidentiality (with regard to engagement)
M biometrics
N wireless access technology (e.g., networking, RFID, Blue tooth)
O trusted networks
P vulnerabilities
25% 31
A network/host based intrusion
B network/wireless sniffers (e.g., WireShark, Airsnort)
C access control mechanisims (e.g., smart cards)
D cryptography techniques (e.g., IPsec, SSL, PGP)
E programming languages (e.g. C++, Java, C#, C)
F scripting languages (e.g., PHP, Java script)
G boundary protection appliances (e.g., DMZ)
H network topologies
I subnetting
J port scanning (e.g., NMAP)
K domain name system (DNS)
L routers/modems/switches
M vulnerability scanner (e.g., Nessus, Retina)
N vulnerability management and protection systems (e.g., Foundstone, Ecora)
O operating environments (e.g., Linux, Windows, Mac)
P antivirus systems and programs
Q log analysis tools
R security models
S exploitation tools
T database structures
32% 40
A cryptography
B public key infrastructure (PKI)
C Security Architecture (SA)
D Service Oriented Architecture (SOA)
E information security incident management
F N-tier application design
G TCP/IP networking (e.g., network routing)
H security testing methodology
20% 25
A security policies
B compliance regulations (e.g., PCI)
4% 5
A professional code of conduct
B appropriateness of hacking activities
2% 3