Details
CEH v12 Certified Ethical Hacker Study Guide with 750 Practice Test Questions
Sybex Study Guide 1. Aufl.
|
42,99 € |
|
| Verlag: | Wiley |
| Format: | EPUB |
| Veröffentl.: | 12.04.2023 |
| ISBN/EAN: | 9781394186914 |
| Sprache: | englisch |
| Anzahl Seiten: | 768 |
DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.
Beschreibungen
<p><b>The latest version of the official study guide for the in-demand CEH certification, now with 750 Practice Test Questions</b></p> <p>Information security and personal privacy remains a growing concern for businesses in every sector. And even as the number of certifications increases, the Certified Ethical Hacker, Version 12 (CEH v12) maintains its place as one of the most sought-after and in-demand credentials in the industry.</p> <p>In <i>CEH v12 Certified Ethical Hacker Study Guide with 750 Practice Test Questions</i>, you’ll find a comprehensive overview of the CEH certification requirements. Concise and easy-to-follow instructions are combined with intuitive organization that allows you to learn each exam objective in your own time and at your own pace. The Study Guide now contains more end of chapter review questions and more online practice tests. This combines the value from the previous two-book set including a practice test book into a more valuable Study Guide.</p> <p>The book offers thorough and robust coverage of every relevant topic, as well as challenging chapter review questions, even more end of chapter review questions to validate your knowledge, and Exam Essentials, a key feature that identifies important areas for study. There are also twice as many online practice tests included. You’ll learn about common attack practices, like reconnaissance and scanning, intrusion detection, DoS attacks, buffer overflows, wireless attacks, mobile attacks, Internet of Things vulnerabilities, and more. It also provides:</p> <ul> <li>Practical, hands-on exercises that reinforce vital, real-world job skills and exam competencies</li> <li>Essential guidance for a certification that meets the requirements of the Department of Defense 8570 Directive for Information Assurance positions</li> <li>Complimentary access to the Sybex online learning center, complete with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms</li> </ul> <p>The <i>CEH v12 Certified Ethical Hacker Study Guide with 750 Practice Test Questions</i> is your go-to official resource to prep for the challenging CEH v12 exam and a new career in information security and privacy.</p>
<p>Introduction xvii</p> <p>Assessment Test xxv</p> <p><b>Chapter 1 Ethical Hacking 1</b></p> <p>Overview of Ethics 2</p> <p>Overview of Ethical Hacking 5</p> <p>Attack Modeling 6</p> <p>Cyber Kill Chain 7</p> <p>Attack Lifecycle 8</p> <p>MITRE ATT&CK Framework 10</p> <p>Methodology of Ethical Hacking 12</p> <p>Reconnaissance and Footprinting 12</p> <p>Scanning and Enumeration 12</p> <p>Gaining Access 13</p> <p>Maintaining Access 14</p> <p>Covering Tracks 14</p> <p>Summary 15</p> <p><b>Chapter 2 Networking Foundations 17</b></p> <p>Communications Models 19</p> <p>Open Systems Interconnection 20</p> <p>TCP/IP Architecture 23</p> <p>Topologies 24</p> <p>Bus Network 24</p> <p>Star Network 25</p> <p>Ring Network 26</p> <p>Mesh Network 27</p> <p>Hybrid 28</p> <p>Physical Networking 29</p> <p>Addressing 29</p> <p>Switching 30</p> <p>IP 31</p> <p>Headers 32</p> <p>Addressing 34</p> <p>Subnets 35</p> <p>TCP 37</p> <p>UDP 40</p> <p>Internet Control Message Protocol 41</p> <p>Network Architectures 42</p> <p>Network Types 43</p> <p>Isolation 44</p> <p>Remote Access 45</p> <p>Cloud Computing 46</p> <p>Storage as a Service 47</p> <p>Infrastructure as a Service 48</p> <p>Platform as a Service 49</p> <p>Software as a Service 51</p> <p>Internet of Things 53</p> <p>Summary 54</p> <p>Review Questions 56</p> <p><b>Chapter 3 Security Foundations 59</b></p> <p>The Triad 61</p> <p>Confidentiality 61</p> <p>Integrity 63</p> <p>Availability 64</p> <p>Parkerian Hexad 65</p> <p>Information Assurance and Risk 66</p> <p>Policies, Standards, and Procedures 69</p> <p>Security Policies 69</p> <p>Security Standards 70</p> <p>Procedures 71</p> <p>Guidelines 72</p> <p>Organizing Your Protections 72</p> <p>Security Technology 75</p> <p>Firewalls 76</p> <p>Intrusion Detection Systems 80</p> <p>Intrusion Prevention Systems 83</p> <p>Endpoint Detection and Response 84</p> <p>Security Information and Event Management 86</p> <p>Being Prepared 87</p> <p>Defense in Depth 87</p> <p>Defense in Breadth 89</p> <p>Defensible Network Architecture 90</p> <p>Logging 91</p> <p>Auditing 93</p> <p>Summary 95</p> <p>Review Questions 96</p> <p><b>Chapter 4 Footprinting and Reconnaissance 101</b></p> <p>Open Source Intelligence 103</p> <p>Companies 103</p> <p>People 112</p> <p>Social Networking 115</p> <p>Domain Name System 129</p> <p>Name Lookups 130</p> <p>Zone Transfers 136</p> <p>Passive DNS 138</p> <p>Passive Reconnaissance 142</p> <p>Website Intelligence 145</p> <p>Technology Intelligence 150</p> <p>Google Hacking 150</p> <p>Internet of Things (IoT) 152</p> <p>Summary 154</p> <p>Review Questions 157</p> <p><b>Chapter 5 Scanning Networks 161</b></p> <p>Ping Sweeps 163</p> <p>Using fping 163</p> <p>Using MegaPing 165</p> <p>Port Scanning 167</p> <p>nmap 168</p> <p>masscan 184</p> <p>MegaPing 186</p> <p>Metasploit 188</p> <p>Vulnerability Scanning 190</p> <p>OpenVAS 192</p> <p>Nessus 203</p> <p>Looking for Vulnerabilities with Metasploit 209</p> <p>Packet Crafting and Manipulation 210</p> <p>hping 211</p> <p>packETH 214</p> <p>fragroute 217</p> <p>Evasion Techniques 218</p> <p>Evasion with nmap 221</p> <p>Protecting and Detecting 223</p> <p>Summary 224</p> <p>Review Questions 226</p> <p><b>Chapter 6 Enumeration 231</b></p> <p>Service Enumeration 233</p> <p>Countermeasures 236</p> <p>Remote Procedure Calls 236</p> <p>SunRPC 237</p> <p>Remote Method Invocation 239</p> <p>Server Message Block 242</p> <p>Built- in Utilities 243</p> <p>nmap Scripts 247</p> <p>NetBIOS Enumerator 249</p> <p>Metasploit 250</p> <p>Other Utilities 254</p> <p>Countermeasures 257</p> <p>Simple Network Management Protocol 258</p> <p>Countermeasures 259</p> <p>Simple Mail Transfer Protocol 260</p> <p>Countermeasures 263</p> <p>Web- Based Enumeration 264</p> <p>Countermeasures 271</p> <p>Summary 272</p> <p>Review Questions 274</p> <p><b>Chapter 7 System Hacking 279</b></p> <p>Searching for Exploits 281</p> <p>System Compromise 285</p> <p>Metasploit Modules 286</p> <p>Exploit- DB 290</p> <p>Gathering Passwords 292</p> <p>Password Cracking 295</p> <p>John the Ripper 296</p> <p>Rainbow Tables 298</p> <p>Kerberoasting 300</p> <p>Client- Side Vulnerabilities 305</p> <p>Living Off the Land 307</p> <p>Fuzzing 308</p> <p>Post Exploitation 313</p> <p>Evasion 313</p> <p>Privilege Escalation 314</p> <p>Pivoting 319</p> <p>Persistence 322</p> <p>Covering Tracks 326</p> <p>Summary 332</p> <p>Review Questions 334</p> <p><b>Chapter 8 Malware 339</b></p> <p>Malware Types 341</p> <p>Virus 341</p> <p>Worm 342</p> <p>Trojan 344</p> <p>Botnet 344</p> <p>Ransomware 345</p> <p>Dropper 347</p> <p>Fileless Malware 348</p> <p>Polymorphic Malware 348</p> <p>Malware Analysis 349</p> <p>Static Analysis 350</p> <p>Dynamic Analysis 361</p> <p>Automated Malware Analysis 370</p> <p>Creating Malware 371</p> <p>Writing Your Own 372</p> <p>Using Metasploit 375</p> <p>Obfuscating 381</p> <p>Malware Infrastructure 382</p> <p>Antivirus Solutions 384</p> <p>Persistence 385</p> <p>Summary 386</p> <p>Review Questions 388</p> <p><b>Chapter 9 Sniffing 393</b></p> <p>Packet Capture 394</p> <p>tcpdump 395</p> <p>tshark 401</p> <p>Wireshark 403</p> <p>Berkeley Packet Filter 408</p> <p>Port Mirroring/Spanning 410</p> <p>Detecting Sniffers 410</p> <p>Packet Analysis 412</p> <p>Spoofing Attacks 417</p> <p>ARP Spoofing 418</p> <p>DNS Spoofing 422</p> <p>DHCP Starvation Attack 424</p> <p>sslstrip 425</p> <p>Spoofing Detection 426</p> <p>Summary 428</p> <p>Review Questions 430</p> <p><b>Chapter 10 Social Engineering 435</b></p> <p>Social Engineering 436</p> <p>Pretexting 438</p> <p>Social Engineering Vectors 440</p> <p>Identity Theft 441</p> <p>Physical Social Engineering 442</p> <p>Badge Access 442</p> <p>Man Traps 444</p> <p>Biometrics 445</p> <p>Phone Calls 446</p> <p>Baiting 447</p> <p>Tailgating 448</p> <p>Phishing Attacks 448</p> <p>Contact Spamming 452</p> <p>Quid Pro Quo 452</p> <p>Social Engineering for Social Networking 453</p> <p>Website Attacks 454</p> <p>Cloning 454</p> <p>Rogue Attacks 457</p> <p>Wireless Social Engineering 458</p> <p>Automating Social Engineering 461</p> <p>Summary 464</p> <p>Review Questions 466</p> <p><b>Chapter 11 Wireless Security 471</b></p> <p>Wi- Fi 472</p> <p>Wi- Fi Network Types 474</p> <p>Wi- Fi Authentication 477</p> <p>Wi- Fi Encryption 478</p> <p>Bring Your Own Device 483</p> <p>Wi- Fi Attacks 484</p> <p>Bluetooth 495</p> <p>Scanning 496</p> <p>Bluejacking 498</p> <p>Bluesnarfing 498</p> <p>Bluebugging 498</p> <p>Bluedump 499</p> <p>Bluesmack 499</p> <p>Mobile Devices 499</p> <p>Mobile Device Attacks 500</p> <p>Summary 504</p> <p>Review Questions 506</p> <p><b>Chapter 12 Attack and Defense 511</b></p> <p>Web Application Attacks 512</p> <p>OWASP Top 10 Vulnerabilities 514</p> <p>Web Application Protections 524</p> <p>Denial- of- Service Attacks 526</p> <p>Bandwidth Attacks 527</p> <p>Slow Attacks 529</p> <p>Legacy 531</p> <p>Application Exploitation 531</p> <p>Buffer Overflow 532</p> <p>Heap Spraying 534</p> <p>Application Protections and Evasions 535</p> <p>Lateral Movement 536</p> <p>Defense in Depth/Defense in Breadth 538</p> <p>Defensible Network Architecture 540</p> <p>Summary 542</p> <p>Review Questions 544</p> <p><b>Chapter 13 Cryptography 549</b></p> <p>Basic Encryption 551</p> <p>Substitution Ciphers 551</p> <p>Diffie–Hellman 553</p> <p>Symmetric Key Cryptography 555</p> <p>Data Encryption Standard 555</p> <p>Advanced Encryption Standard 556</p> <p>Asymmetric Key Cryptography 558</p> <p>Hybrid Cryptosystem 559</p> <p>Nonrepudiation 559</p> <p>Elliptic Curve Cryptography 560</p> <p>Certificate Authorities and Key Management 562</p> <p>Certificate Authority 562</p> <p>Trusted Third Party 565</p> <p>Self- Signed Certificates 566</p> <p>Cryptographic Hashing 569</p> <p>PGP and S/MIME 571</p> <p>Disk and File Encryption 572</p> <p>Summary 576</p> <p>Review Questions 578</p> <p><b>Chapter 14 Security Architecture and Design 581</b></p> <p>Data Classification 582</p> <p>Security Models 584</p> <p>State Machine 584</p> <p>Biba 585</p> <p>Bell–LaPadula 586</p> <p>Clark–Wilson Integrity Model 586</p> <p>Application Architecture 587</p> <p>n- tier Application Design 588</p> <p>Service- Oriented Architecture 591</p> <p>Cloud- Based Applications 593</p> <p>Database Considerations 595</p> <p>Security Architecture 598</p> <p>Zero- Trust Model 602</p> <p>Summary 604</p> <p>Review Questions 606</p> <p><b>Chapter 15 Cloud Computing and the Internet of Things 611</b></p> <p>Cloud Computing Overview 612</p> <p>Cloud Services 616</p> <p>Shared Responsibility Model 621</p> <p>Public vs. Private Cloud 623</p> <p>Grid Computing 624</p> <p>Cloud Architectures and Deployment 625</p> <p>Responsive Design 629</p> <p>Cloud- Native Design 629</p> <p>Deployment 631</p> <p>Dealing with REST 633</p> <p>Common Cloud Threats 639</p> <p>Access Management 639</p> <p>Data Breach 641</p> <p>Web Application Compromise 642</p> <p>Credential Compromise 643</p> <p>Insider Threat 645</p> <p>Internet of Things 646</p> <p>Fog Computing 651</p> <p>Operational Technology 652</p> <p>The Purdue Model 654</p> <p>Summary 655</p> <p>Review Questions 657</p> <p><b>Appendix Answers to Review Questions 661</b></p> <p>Chapter 2: Networking Foundations 662</p> <p>Chapter 3: Security Foundations 663</p> <p>Chapter 4: Footprinting and Reconnaissance 666</p> <p>Chapter 5: Scanning Networks 669</p> <p>Chapter 6: Enumeration 672</p> <p>Chapter 7: System Hacking 675</p> <p>Chapter 8: Malware 678</p> <p>Chapter 9: Sniffing 681</p> <p>Chapter 10: Social Engineering 683</p> <p>Chapter 11: Wireless Security 686</p> <p>Chapter 12: Attack and Defense 688</p> <p>Chapter 13: Cryptography 691</p> <p>Chapter 14: Security Architecture and Design 693</p> <p>Chapter 15: Cloud Computing and the Internet of Things 695</p> <p>Index 699</p>
<p><b>ABOUT THE AUTHOR</b> <p><b>RIC MESSIER, CEH, GCIH, GSEC, CISSP, CCSP,</b> is a consultant, educator, and author of numerous books on information security and digital forensics. With decades of experience in information technology and information security, Ric has held the varied roles of programmer, system administrator, network engineer, security engineering manager, VoIP engineer, consultant, and professor and he is currently a Principal Consultant with Mandiant.
<p><b>Your complete Guide to Preparing for the Certified Ethical Hacker version 12 Certification exam</b> <p>CEH<sup>™</sup> v12 Certified Ethical Hacker Study Guide provides you with a hands-on resource for preparing for a challenging and coveted credential. This Sybex Study Guide covers every single domain and subject tested on the CEH certification exam in an easy-to-follow and intuitive format. The chapters—organized by exam objective and with sections mapped to each objective—make it simple to track your progress. This v12 edition is upgraded with more chapter review questions than ever before, the always enlightening Exam Essentials, and in total you’ll get 750 test practice questions all designed to help you pass this critical exam on your first try. From common attack practices to intrusion detection and DoS attacks, you’ll find everything you need to know in this comprehensive guide. <p><b>Coverage of 100% of all exam objectives in this Study Guide means you’ll be ready for:</b> <ul><li>Footprinting and Reconnaissance</li> <li>Enumeration and Network Scanning</li> <li>Systems Hacking</li> <li>Malware Prevention and Protection</li> <li>Social Engineering</li> <li>Wireless Security</li> <li>Cryptography</li></ul> <p><b>ABOUT THE CERTIFIED ETHICAL HACKER PROGRAM</b> <p>The Certified Ethical Hacker v12 credential demonstrates your expertise with the latest commercial-grade hacking tools, techniques, and methodologies used by hackers and information security professionals, as well as your commitment to the ethical deployment of those tools. <p><b>Interactive learning environment</b> <p>Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, simply visit <b>www.wiley.com/go/sybextestprep</b>, register your book to receive your unique PIN, and instantly gain one year of FREE access after activation to: <ul><li><b>Interactive test bank</b> now with double the practice exams as the previous editions for 4 total practice exams to help you identify areas where further review is needed. Get more than 90% of the answers correct, and you’re ready to take the certification exam.</li> <li><b>100 electronic flashcards</b> to reinforce learning and last-minute prep before the exam</li> <li><b>Comprehensive glossary</b> in PDF format gives you instant access to the key terms so you are fully prepared</li></ul>
Diese Produkte könnten Sie auch interessieren:
