EC-Council CEH

Certified Ethical Hacker (CEH) certification - Overview of domains [updated 2022]

Daniel Brecht
April 26, 2022 by
Daniel Brecht

EC-Council’s Certified Ethical Hacker (CEH) exam tests candidates on their knowledge of five ethical hacking phases (Reconnaissance, Gaining Access, Enumeration, Maintaining Access, Covering Your Tracks), various attack vectors and preventative countermeasures. 

All topics covered by the certification give an insight into understanding how hackers think and act. Professionals are better positioned to set up a security infrastructure and defend against attacks.

As EC-Council states, “to catch a hacker, you need to think as one;” then, the CEH credential is designed to give professionals the ability to apply the same knowledge and methodologies as malicious hackers, but lawfully legitimately. In essence, “CEH was built to incorporate a hands-on environment and systematic process across every ethical hacking domain and methodology, allowing you to work towards proving the required knowledge and skills needed to perform the job of an ethical hacker.”

Earn your CEH, guaranteed!

Earn your CEH, guaranteed!

Get hands-on hacking experience and live expert, instruction. Enroll now to claim your Exam Pass Guarantee!


Getting ready for the CEH exam


CEH v11 continues to evolve by covering the latest operating systems, tools, tactics, exploits, and technologies used by hackers and information security professionals to break into an organization. 

Taking the CEH exam for certification offers theoretical knowledge combined with practical, proctored assessments to ensure that candidates who pass the course have the necessary hacking knowledge that can be leveraged to progress in their careers.

There are two ways to obtain eligibility for attempting the exam. The first option is to complete the EC-Council’s CEHv11 e-Courseware ($850); the second option is to acquire at least two years of work experience in the information security domain, as verified by a supervisor or department lead, pay USD100 as a non-refundable application fee and go through an application process before receiving an eligibility code and paying for the voucher code necessary to register and schedule the test.


The CEH subjects


The CEH credential exams 312-50 (ECC EXAM) and 312-50 (VUE) consist of 125 questions broken into nine different domains:

  1. Information Security and Ethical Hacking Overview (6%)
  2. Reconnaissance Techniques (21%)
  3. System Hacking Phases and Attack Techniques (17%)
  4. Network and Perimeter Hacking (14%)
  5. Web Application Hacking (16%)
  6. Wireless Network Hacking (6%)
  7. Mobile Platform, IoT, and OT Hacking (8%)
  8. Cloud Computing (6%)
  9. Cryptography (6%)

To successfully pass the CEH test, candidates must refer to the Exam Blueprint v4.0.

The actual percentage of questions you must answer correctly varies; the cut scores can range from 60% to 85%, depending on which exam form is challenged.  

If successful, candidates will receive their digital ANSI accredited CEH certificate within seven working days.

Passing the exam certifies applicants for three years, during which they must earn EC-Council Continued Education (ECE) credits. Certified members will have to achieve 120 credits to be re-accredited for the next three-year period.


The nine CEH domains


The material covered by the CEH Exam Blueprint v4.0 is divided into nine different domains. Each domain is tested by a minimum of two and a maximum of ten questions representing all subdomains. Below is a brief overview of CEH v4 topics (CEH v11 objectives) covered in each exam section.


Domain 1: Information Security and Ethical Hacking Overview


  • Introduction to Ethical Hacking

This domain covers basic information security and ethical hacking concepts and cyber kill chain, information security controls and standards.


Domain 2: Reconnaissance Techniques


  • Footprinting and Reconnaissance
  • Scanning Networks
  • Enumeration

This domain covers footprinting (Website, email, DNS and Whois…), including tools and countermeasures, scanning tools and network diagrams, and enumeration concepts (NetBIOS, SNM, LDAP NTP, NFS, SMTP and DNS enumeration and more techniques and countermeasures).


Domain 3: System Hacking Phases and Attack Techniques


  • Vulnerability Analysis
  • System Hacking
  • Malware Threats

This important domain is about vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems. It covers assessments, tools and reporting. It also tests system hacking methodology, steganography, steganalysis attacks, covering tracks and different types of malware (Trojan, Virus, worms etc.), system auditing for malware attacks, malware analysis and countermeasures.


Domain 4: Network and Perimeter Hacking


  • Sniffing
  • Social Engineering
  • Denial-of-Service
  • Session Hijacking
  • Evading IDS, Firewalls, and Honeypots

Another important domain that covers essential topics in the life of an ethical hacker. Subjects include sniffing techniques to discover network vulnerabilities and countermeasures to defend against sniffing; firewalls, IDS and honeypot evasion techniques, evasion tools and techniques to audit a network perimeter for weaknesses, and countermeasures; social engineering techniques and how to identify theft attacks to audit human-level vulnerabilities and which countermeasures can be used; DoS/DDoS attack and protection techniques and tools as well as countermeasures; session hijacking techniques, authentication/authorization and cryptographic weaknesses and countermeasures.


Domain 5: Web Application Hacking


  • Hacking Web Servers
  • Hacking Web Applications
  • SQL Injection

This domain includes a comprehensive web application hacking methodology to audit vulnerabilities in web applications and countermeasures; attack methodology to audit vulnerabilities in web server infrastructure and countermeasures; SQL injection attack techniques, injection detection tools and countermeasures.


Domain 6: Wireless Network Hacking


  • Hacking Wireless Networks

This domain is about wireless encryption, wireless hacking methodology, wireless hacking tools, and Wi-Fi security tools.


Domain 7: Mobile Platform, IoT and OT Hacking


  • Hacking Mobile Platforms
  • IoT and OT Hacking

This domain covers mobile platform attack vectors, android OS vulnerability exploitations, mobile device management, security guidelines and tools. It also addresses threats to IoT and OT platforms and defends IoT and OT devices.


Domain 8: Cloud Computing


  • Cloud Computing

This domain is devoted to cloud computing concepts, container technology, serverless computing, the working of various threats and attacks, and security techniques and tools.


Domain 9: Cryptography


  • Cryptography

Also, this last domain concentrates on a single topic, covering cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks and cryptanalysis tools.


Preparing for the CEH exam


Multiple options exist for preparing for the CEH exam; the EC-Council, for example, offers its own preparatory course. Other boot camp-style CEH training are also available for students looking for different learning options that better match their learning needs. 

For professionals who prefer self-study, test preparation books allow them to study at their own pace. 

Combining these training methods is the best bet for preparing and passing the exam. Though you can’t replace hands-on experience, resources like the CEH textbook are an excellent way to review the theory behind the practice, fill knowledge gaps and facilitate application concepts in the field while working on assignments.

Earn your CEH, guaranteed!

Earn your CEH, guaranteed!

Get hands-on hacking experience and live expert, instruction. Enroll now to claim your Exam Pass Guarantee!


Importance of the Certified Ethical Hacker certification 


The Certified Ethical Hacker exam is a great way for someone relatively new to information security to demonstrate knowledge and experience in carrying out penetration testing tasks to current or potential clients or employers.

The CEH credential suits a wide-ranging audience of security officers, auditors, site administrators, warning analysts, pentesters, compliance analysts, security consultants and anyone tasked to protect a network's integrity through ethical hacking techniques.

The demand for ethical hackers continues to be high; therefore, whether as a red team member, pentester or freelance offensive consultant, this is a good time to be in the field and become certified (EC-Council CEH) to enjoy high job placement and potentially higher compensation rates.





Daniel Brecht
Daniel Brecht

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.