I'm hoping a moderator can answer a few questions for me. I'm going through Sean's CEH book and there are a few of things that are fairly worrysome. For one, MANY of the questions in the book provide answers that in one way shape or another fit as an answer to the question; and in most of those cases there's only extremely (imho) small differences in the answers.
Here's a couple of examples:
Example 1: A _____ is an offline attack.
The provided answers are:
a cracking attack
a rainbow attack
a birthday attack
or a hashing attack.
You kind've are cracking the password, and a hashing attack could be read as you are performing an attack against the hash which could also be offline (though technically yes, I do know there are online services that do provide that). I think the proper way to read the question is what tool are you using to perform the attack instead of what category of operating are you falling under...
Example 2: A good defense against password guessing is __________
The provided answers are:
Use of NTLM
A good password policy can ensure good passwords. Fingerprints in place of words/phrases would eliminate passwords all together (though this one wasn't mentioned, and either way, it's much less likely what the question is looking for).
Are the given answers on the exam as bad as these? And these are just 2, the book so far has had numerous questions with answers like these. To me, a test should provide answers that if you understood the material it should be dead obvious. But I understand the material and I'm finding I need to read between the lines and figure out stuff that is being asked that isn't even printed on the paper just to figure out what specifically the question is looking for.
Also, I understand I need to know the port numbers and their TCP/UDP statuses for various known services. However, in Chapter 8: Trojans, Viruses, Worms,, and Covert Channels, are we expected to know all of the names, ports, and TCP/UDP statuses of each and every Trojan (ex: Back Orifice, BO2k, Beast, etc.) listed? The Exam Essentials doesn't say it, but there really wasn't anything in this section stating they were just there for personal information purposes.
How much of the exam is an informational dump? I went through all the IT Pro TV videos (which were GREAT btw, I really enjoyed the occasional banter between Mike and Sean) But as I'm reading through the book there is a METRIC-TON of stuff the videos didn't cover that could all be used on an information-dump style test. I was under the impression the CEH is mostly a conceptual test, where yes you need to know the basic tools (nmap, ping, etc.) and ports of known services, etc. but the book is kind've insane.
Thanks in advance!