SKILL BENCHMARK

Certified Ethical Hacker Competency

  • 17m
  • 17 questions
The Certified Ethical Hacker Competency benchmark measures whether a learner has working exposure and practice with CEH practices with some experience with many of the CEH scenarios and processes. A learner who scores high on this benchmark demonstrates professional competency in some areas of the CEH discipline. This learner works under the supervision of a more advanced CEH staff.

Topics covered

  • define the five core elements of cybersecurity
  • describe footprinting and recognize the different types of information you can gather in this initial stage of attack
  • describe Google Dorks, recognize some of the useful advanced search features of the Google search engine, and recognize how these features may be used to discover vulnerabilities and sensitive information with our targets
  • describe incident management and what it's designed to accomplish
  • describe risk as it pertains to cybersecurity, recognize the risk levels, and use a risk matrix to visualize risk
  • describe sub-domains, analyze how they can lead to compromise if not properly managed, and recognize tools that can help enumerate a target's sub-domains
  • describe the large portion of the Internet that consists of the dark and deep webs and how to use these mostly unseen resources to discover potentially sensitive info about a target
  • describe the nine steps of the incident handling and response process to help familiarize you with the actions and expectations you may need to take when properly dealing with a security incident
  • recognize how attackers can use wordlists for purposes such as fuzzing and password attacks, the usefulness of custom wordlists, and how to generate a wordlist based on a target's web presence
  • recognize how conducting Open Source Intelligence (OSINT) on social media sites can yield sensitive information through direct investigation or through social engineering
  • recognize how e-mail tracking systems can glean info like IP addresses, geo-location, and host operating systems
  • recognize how the Shodan, Censys, and Thingful search engines can be used to find IoT and other Internet-connected hosts and services, in order to see the larger attack surface of a target
  • recognize how to gather and inspect metadata for possible sensitive info about a target
  • recognize the common motives, goals, and objectives of threat actors
  • recognize tools and tactics that can be used to learn the geographical location of a target
  • use WHOIS and DNS services to gather useful target information
  • utilize job posts and job boards to search out useful target info like what technologies are being used, names of legitimate users, and areas they may be weak due to lack of staffing