CEH Certified Ethical Hacker Study Guide [Paperback]

Kimberly Graves (Author)

Book Description

ISBN-10: 0470525207 | ISBN-13: 978-0470525203 | Publication Date: April 26, 2010 | Edition: 1

Full Coverage of All Exam Objectives for the CEH Exams 312-50 and EC0-350

Thoroughly prepare for the challenging CEH Certified Ethical Hackers exam with this comprehensive study guide. The book provides full coverage of exam topics, real-world examples, and includes a CD with chapter review questions, two full-length practice exams, electronic flashcards, a glossary of key terms, and the entire book in a searchable pdf e-book.

What's Inside:

• Covers ethics and legal issues, footprinting, scanning, enumeration, system hacking, trojans and backdoors, sniffers, denial of service, social engineering, session hijacking, hacking Web servers, Web application vulnerabilities, and more
• Walks you through exam topics and includes plenty of real-world scenarios to help reinforce concepts
• Includes a CD with an assessment test, review questions, practice exams, electronic flashcards, and the entire book in a searchable pdf

Editorial Reviews

From the Back Cover

Prepare for CEH certification with this comprehensive guide

Learn how to identify security risks to networks and computers as you prepare for the Certified Ethical Hacker version 6 (CEHv6) exam. This in-depth guide thoroughly covers all exam objectives and topics, while showing you how Black Hat hackers think, helping you spot vulnerabilities in systems, and preparing you to beat the bad guys at their own game. Inside, you'll find:

• Full coverage of all exam objectives in a systematic approach, so you can be confident you're getting the instruction you need for the exam

• Practical hands-on exercises to reinforce critical skills

• Real-world scenarios that put what you've learned in the context of actual job roles

• Challenging review questions in each chapter to prepare you for exam day

• Exam Essentials, a key feature in each chapter that identifies critical areas you must become proficient in before taking the exam

• A handy tear card that maps every official exam objective to the corresponding chapter in the book, so you can track your exam prep objective by objective

Look inside for complete coverage of all exam objectives.

About the Author

Kimberly Graves, CEH, CWSP, CWNP, CWNA, has over 15 years of IT experience. She is founder of Techsource Network Solutions, a network and security consulting organization located in the Washington, DC area. She has served as subject matter expert for several certification programs-including the Certified Wireless Network Professional (CWNP) and Intel Certified Network Engineer programs-and has developed course materials for the Department of Veteran Affairs, USAF, and the NSA.

Product Details

• Paperback: 432 pages
• Publisher: Sybex; 1 edition (April 26, 2010)
• Language: English
• ISBN-10: 0470525207
• ISBN-13: 978-0470525203
• Product Dimensions: 9.1 x 7.3 x 1.2 inches
• Shipping Weight: 13.6 ounces (View shipping rates and policies)
• Average Customer Review: 3.9 out of 5 stars  See all reviews (9 customer reviews)
• Amazon Best Sellers Rank: #202,004 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

15 of 18 people found the following review helpful:

2.0 out of 5 stars Poorly written and riddled with inconsistencies., November 4, 2010

By 

Sean - See all my reviews

Amazon Verified Purchase

This review is from: CEH Certified Ethical Hacker Study Guide (Paperback)

I've been shopping Amazon for years but this is the first time I was compelled to leave a review. I've been doing IT security, server administration and general networking for roughly 15 years now. I've read beautifully written, well organized works of genius (Shon Harris - CISSP All-in-one..., Nemeth/Snyder/Hein - Linux Administration Handbook, etc). I've also endured a few slapped-together, ill-composed, tomes of wasted wood.

This book qualifies as the latter. There is little - if any - flow to the way the book is written. It's as if random sentences on a given subject were strung together to complete the book. Throughout the book you find paragraphs that simply restate the information provided in the preceding paragraph. You really get the impression the author was forced to crank this out to meet an early deadline. Assuming you can choke through the text, you'll find numerous contradictions and errors among each chapter's Q&A.

Frankly, I'm stunned Sybex would publish this drivel.

I had no problems with the seller. The used book arrived on schedule and looked brand new.

17 of 22 people found the following review helpful:

2.0 out of 5 stars First Impression, June 20, 2011

By 

likestotinker (California) - See all my reviews

Amazon Verified Purchase

This review is from: CEH Certified Ethical Hacker Study Guide (Paperback)

Disclaimer: I have not finished reading this book, and I'm not sure I want to.

I bought CEH Certified Ethical Hacker Study Guide on Amazon because it is the most recently published (2010) of several CEH study guides and because it has been through more than one edition. Had I been able to leaf through the book for about five minutes, I would have put it back on the shelf.

Consider these passages:

"Most hacking attempts occur from within an organization and are perpetuated by employees, contractors, or others in a trusted position." (p 8)

"Buffer overflows and SQL injection are used primarily against application servers that contain databases of information." (p 11)

If you know enough about information security to see the problems with the above statements, would you want to spend your time reading the rest of this book? More importantly, if you don't know enough about information security to see the problems with the above statements, should you entrust your professional development to this book?

Here's another profound insight:

"Many ethical hackers acting in the role of security professionals use their skills to perform security evaluations or penetration tests. These tests and evaluations have three phases, generally ordered as follows: Preparation, Conduct Security Evaluation, Conclusion." (p 17)

How about a Review Question from the end of Chapter 1:

5. The security, functionality, and ease of use triangle illustrates which concept?
A. As security increases, functionality and ease of use increase.
B. As security decreases, functionality and ease of use increase.
C. As security decreases, functionality and ease of use decrease.
D. Security does not affect functionality and ease of use.

Ready for the answer?

"B. As security increases, it makes it more difficult to use and less functional." (p 29)

Are you catching my drift? If a book has problems like this with the easy concepts, how much confidence should be placed in its more technical sections?

I'm not here to flame Kimberly Graves, who might otherwise be a very fine author. However, based on my experience with the first three chapters, I'm not inclined to commend this book to the potential reader. I really hope there are better study guides out there.

I'll close with a message from Neil Edde, Sybex Vice President and Publisher:

"With each of our titles, we're working hard to set a new standard for the industry. From the paper we print on, to the authors we work with, our goal is to bring you the best books available." (p v)

Keep trying, Neil. And you might consider boosting the copy editing budget while you're at it. Start your editors off with this paragraph:

"Checking for open ports is the second step in the CEH scanning methodology. Port scanning is the method used to check for open ports. The process of port scanning involves probing each port on a host to determine which ports are open..." (p 69)

- - - - -

UPDATE:

Well, I've made it to the fifth chapter, and I AM stopping. Although the book was revised in 2010, it appears that parts of it have not been updated since the heyday of Windows 2000. The text itself reads more like a set of lecturer's notes, hastily pulled together for publication.

As a study guide, it's starting to create more questions than answers about what's going to be on the exam. I may come back to it later, but at this point I'd rather not clutter up my head with useless (and possibly questionable) material.

I would caution the people who are using this text as an introduction to "ethical hacking" -- this book may (or may not) help you get that cert, but it's not giving you a very useful picture of the field. There are much better information security books out there. Unfortunately, none of them appear to be CEH-specific.

I'd recommend skipping the first 100 pages of the CEH Study Guide. Try Gray Hat Hacking (3rd edition) for a far more realistic introduction to the field of ethical hacking. Then go to Hacking Exposed (6th Edition) for coverage of footprinting, scanning, and enumeration. You'll come back to these books anyway, if you stay in this field, so it's not money wasted. Use the CEH Study Guide to help you outline your own crib sheet for the test. But watch out, because a lot of things have seem to have happened since this text was written.

If anyone has run across a well-written, up-to-date CEH book, do us a favor and let us know.

8 of 11 people found the following review helpful:

5.0 out of 5 stars Well done and a good read, July 22, 2010

By 

L. Mangold "lmangold" (Orlando, FL) - See all my reviews
(REAL NAME)   

This review is from: CEH Certified Ethical Hacker Study Guide (Paperback)

I managed to read this book very quickly (2 nights) and found it rather enjoyable. The materials were very well covered within the confines of the CEH exam. This was my primary reference material for the CEH, which I passed. If you DON'T have any previous networking and INFOSEC experience, I would recommend additional study elsewhere.