Home > Store

CEH Certified Ethical Hacker Cert Guide, 4th Edition

Register your product to gain access to bonus material or receive a coupon.

CEH Certified Ethical Hacker Cert Guide, 4th Edition

Best Value Purchase

Book + eBook Bundle

  • Your Price: $72.49
  • List Price: $129.98
  • About Premium Edition eBooks
  • The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson Test Prep practice tests.

    Your purchase will deliver:

    • Link to download the Pearson Test Prep exam engine
    • Access code for question database
    • eBook in the following formats, accessible from your Account page after purchase:

    EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    PDF The popular standard, which reproduces the look and layout of the printed page.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

    eBook FAQ

    eBook Download Instructions

More Purchase Options

Book

  • Your Price: $47.99
  • List Price: $59.99
  • Usually ships in 24 hours.

Premium Edition eBook

  • Your Price: $55.99
  • List Price: $69.99
  • About Premium Edition eBooks
  • The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson Test Prep practice tests.

    Your purchase will deliver:

    • Link to download the Pearson Test Prep exam engine
    • Access code for question database
    • eBook in the following formats, accessible from your Account page after purchase:

    EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    PDF The popular standard, which reproduces the look and layout of the printed page.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

    eBook FAQ

    eBook Download Instructions

About

Features

  • Master CEH v11 exam topics
  • Assess knowledge with chapter-ending quizzes
  • Review key concepts with exam preparation tasks
  • Practice with realistic exam questions on the practice test engine

Description

  • Copyright 2022
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 752
  • Edition: 4th
  • Book
  • ISBN-10: 0-13-748998-6
  • ISBN-13: 978-0-13-748998-5

In this best-of-breed study guide, leading experts Michael Gregg and Omar Santos help you master all the topics you need to know to succeed on your Certified Ethical Hacker exam and advance your career in IT security. The authors' concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know.

Every feature of this book supports both efficient exam preparation and long-term mastery:

* Opening topics lists identify the topics you need to learn in each chapter and list EC-Council's official exam objectives
* Key Topics figures, tables, and lists call attention to the information that's most crucial for exam success
* Exam Preparation Tasks enable you to review key topics, define key terms, work through scenarios, and answer review questions...going beyond mere facts to master the concepts that are crucial to passing the exam and enhancing your career

Key Terms are listed in each chapter and defined in a complete glossary, explaining all the field's essential terminology

This study guide helps you master all the topics on the latest CEH exam, including

* Ethical hacking basics
* Technical foundations of hacking
* Footprinting and scanning
* Enumeration and system hacking
* Social engineering, malware threats, and vulnerability analysis
* Sniffers, session hijacking, and denial of service
* Web server hacking, web applications, and database attacks
* Wireless technologies, mobile security, and mobile attacks
* IDS, firewalls, and honeypots
* Cryptographic attacks and defenses
* Cloud computing, IoT, and botnets

Premium Edition

CEH Certified Ethical Hacker Guide, Premium Edition eBook and Practice Test

The exciting new CEH Certified Ethical Hacker Cert Guide, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson Test Prep practice text software. The Premium Edition eBook and Practice Test contains the following items:

* The CEH Certified Ethical Hacker Cert Guide Premium Edition Practice Test, including four practice exams and enhanced practice test features
* PDF and EPUB formats of the CEH Certified Ethical Hacker Cert Guide from Pearson IT Certification, which are accessible via your PC, tablet, and smartphone

 About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson Test Prep practice text software with four full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package
* Enables you to focus on individual topic areas or take complete, timed exams
* Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
* Provides unique sets of exam-realistic practice questions
* Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most
 

Pearson Test Prep practice test software minimum system requirements:
Browsers: Chrome (Windows and Mac), version 40 and above; Firefox (Windows and Mac), version 35 and above; Safari (Mac), version 7 and above; Internet Explorer 10, 11; Microsoft Edge; Opera
Devices: Desktop and laptop computers; tablets running on Android and iOS; smartphones with a minimum screen size of 4.7 inches
 

About the Premium Edition eBook

In this best-of-breed study guide, leading experts Michael Gregg and Omar Santos help you master all the topics you need to know to succeed on your Certified Ethical Hacker exam and advance your career in IT security. The authors' concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know.

Every feature of this book is designed to support both efficient exam preparation and long-term mastery:

* Opening topic lists identify the topics you need to learn in each chapter and list EC-Council's official exam objectives
* Key Topics figures, tables, and lists call attention to the information that's most crucial for exam success
* Exam Preparation Tasks enable you to review key topics, define key terms, work through scenarios, and answer review questions...going beyond mere facts to master the concepts that are crucial to passing the exam and enhancing your career
* Key Terms are listed in each chapter and defined in a complete glossary, explaining all the field's essential terminology

The companion website contains access to the powerful Pearson Test Prep practice test software and four complete exams with access to a large library of exam-realistic questions.

This study guide helps you master all the topics on the latest CEH exam, including
* Ethical hacking basics
* Technical foundations of hacking
* Footprinting and scanning
* Enumeration and system hacking
* Social engineering, malware threats, and vulnerability analysis
* Sniffers, session hijacking, and denial of service
* Web server hacking, web applications, and database attacks
* Wireless technologies, mobile security, and mobile attacks
* IDS, firewalls, and honeypots
* Cryptographic attacks and defenses
* Cloud computing, IoT, and botnets

Sample Content

Sample Pages

Download the sample pages (includes Chapter 3)

Table of Contents

Introduction xxvii
Chapter 1 An Introduction to Ethical Hacking 3
"Do I Know This Already?" Quiz 3
Foundation Topics 7
Security Fundamentals 7
Goals of Security 8
Risk, Assets, Threats, and Vulnerabilities 9
Backing Up Data to Reduce Risk 11
Defining an Exploit 12
Risk Assessment 13
Security Testing 14
No-Knowledge Tests (Black Box) 14
Full-Knowledge Testing (White Box) 15
Partial-Knowledge Testing (Gray Box) 15
Types of Security Tests 15
Incident Response 17
Cyber Kill Chain 18
Hacker and Cracker Descriptions 19
Who Attackers Are 20
Ethical Hackers 21
Required Skills of an Ethical Hacker 22
Modes of Ethical Hacking 23
Test Plans--Keeping It Legal 25
Test Phases 27
Establishing Goals 28
Getting Approval 29
Ethical Hacking Report 29
Vulnerability Research and Bug Bounties--Keeping Up with Changes 30
Ethics and Legality 31
Overview of U.S. Federal Laws 32
Compliance Regulations 34
Payment Card Industry Data Security Standard (PCI-DSS) 36
Summary 36
Exam Preparation Tasks 37
Review All Key Topics 37
Define Key Terms 38
Exercises 38
1-1 Searching for Exposed Passwords 38
1-2 Examining Security Policies 39
Review Questions 39
Suggested Reading and Resources 44
Chapter 2 The Technical Foundations of Hacking 47
"Do I Know This Already?" Quiz 47
Foundation Topics 50
The Hacking Process 50
Performing Reconnaissance and Footprinting 50
Scanning and Enumeration 51
Gaining Access 52
Escalating Privilege 53
Maintaining Access 53
Covering Tracks and Planting Backdoors 54
The Ethical Hacker's Process 54
NIST SP 800-115 56
Operationally Critical Threat, Asset, and Vulnerability Evaluation 56
Open Source Security Testing Methodology Manual 56
Information Security Systems and the Stack 57
The OSI Model 57
Anatomy of TCP/IP Protocols 60
The Application Layer 62
The Transport Layer 66
Transmission Control Protocol 66
User Datagram Protocol 68
The Internet Layer 69
Traceroute 74
The Network Access Layer 77
Summary 78
Exam Preparation Tasks 79
Review All Key Topics 79
Define Key Terms 79
Exercises 80
2-1 Install a Sniffer and Perform Packet Captures 80
2-2 Using Traceroute for Network Troubleshooting 81
Review Questions 81
Suggested Reading and Resources 85
Chapter 3 Footprinting, Reconnaissance, and Scanning 89
"Do I Know This Already?" Quiz 89
Foundation Topics 93
Footprinting 93
Footprinting Methodology 93
Documentation 95
Footprinting Through Search Engines 96
Footprinting Through Social Networking Sites 101
Footprinting Through Web Services and Websites 103
Email Footprinting 106
Whois Footprinting 108
DNS Footprinting 112
Network Footprinting 118
Subnetting's Role in Mapping Networks 119
Traceroute 120
Footprinting Through Social Engineering 121
Footprinting Countermeasures 122
Scanning 122
Host Discovery 123
Port and Service Discovery 124
Nmap 131
SuperScan 139
THC-Amap 139
Hping 140
Port Knocking 140
OS Discovery (Banner Grabbing/OS Fingerprinting) and Scanning
Beyond IDS and Firewall 141
Active Fingerprinting Tools 143
Fingerprinting Services 145
Default Ports and Services 145
Finding Open Services 145
Draw Network Diagrams 148
Summary 151
Exam Preparation Tasks 152
Review All Key Topics 152
Define Key Terms 152
Exercises 153
3-1 Performing Passive Reconnaissance 153
3-2 Performing Active Reconnaissance 154
Review Questions 155
Suggested Reading and Resources 159
Chapter 4 Enumeration and System Hacking 161
"Do I Know This Already?" Quiz 161
Foundation Topics 164
Enumeration 164
Windows Enumeration 164
Windows Security 166
NetBIOS and LDAP Enumeration 167
NetBIOS Enumeration Tools 169
SNMP Enumeration 177
Linux/UNIX Enumeration 183
NTP Enumeration 185
SMTP Enumeration 186
Additional Enumeration Techniques 191
DNS Enumeration 191
Enumeration Countermeasures 192
System Hacking 193
Nontechnical Password Attacks 193
Technical Password Attacks 194
Password Guessing 195
Automated Password Guessing 197
Password Sniffing 197
Keylogging 198
Escalating Privilege and Exploiting Vulnerabilities 199
Exploiting an Application 200
Exploiting a Buffer Overflow 201
Owning the Box 203
Windows Authentication Types 203
Cracking Windows Passwords 205
Linux Authentication and Passwords 209
Cracking Linux Passwords 212
Hiding Files and Covering Tracks 213
Rootkits 214
File Hiding 217
Summary 219
Exam Preparation Tasks 220
Review All Key Topics 220
Define Key Terms 220
Exercise 220
4-1 NTFS File Streaming 220
Review Questions 221
Suggested Reading and Resources 226
Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis 229
"Do I Know This Already?" Quiz 229
Foundation Topics 234
Social Engineering 234
Phishing 235
Pharming 235
Malvertising 236
Spear Phishing 237
SMS Phishing 245
Voice Phishing 245
Whaling 245
Elicitation, Interrogation, and Impersonation (Pretexting) 246
Social Engineering Motivation Techniques 247
Shoulder Surfing and USB Baiting 248
Malware Threats 248
Viruses and Worms 248
Types and Transmission Methods of Viruses and Malware 249
Virus Payloads 251
History of Viruses 252
Well-Known Viruses and Worms 253
Virus Creation Tools 255
Trojans 255
Trojan Types 256
Trojan Ports and Communication Methods 257
Trojan Goals 258
Trojan Infection Mechanisms 259
Effects of Trojans 260
Trojan Tools 261
Distributing Trojans 263
Wrappers 264
Packers 265
Droppers 265
Crypters 265
Ransomware 267
Covert Communications 268
Tunneling via the Internet Layer 269
Tunneling via the Transport Layer 272
Tunneling via the Application Layer 273
Port Redirection 274
Keystroke Logging and Spyware 276
Hardware Keyloggers 277
Software Keyloggers 277
Spyware 278
Malware Countermeasures 279
Detecting Malware 280
Antivirus 283
Analyzing Malware 286
Static Analysis 286
Dynamic Analysis 288
Vulnerability Analysis 290
Passive vs. Active Assessments 290
External vs. Internal Assessments 290
Vulnerability Assessment Solutions 291
Tree-Based vs. Inference-Based Assessments 291
Vulnerability Scoring Systems 292
Vulnerability Scanning Tools 296
Summary 297
Exam Preparation Tasks 298
Review All Key Topics 299
Define Key Terms 300
Command Reference to Check Your Memory 300
Exercises 300
5-1 Finding Malicious Programs 300
5-2 Using Process Explorer 301
Review Questions 303
Suggested Reading and Resources 307
Chapter 6 Sniffers, Session Hijacking, and Denial of Service 311
"Do I Know This Already?" Quiz 311
Foundation Topics 314
Sniffers 314
Passive Sniffing 315
Active Sniffing 316
Address Resolution Protocol 316
ARP Poisoning and MAC Flooding 318
Tools for Sniffing and Packet Capturing 324
Wireshark 324
Other Sniffing Tools 328
Sniffing and Spoofing Countermeasures 328
Session Hijacking 330
Transport Layer Hijacking 330
Identify and Find an Active Session 331
Predict the Sequence Number 332
Take One of the Parties Offline 333
Take Control of the Session 333
Application Layer Hijacking 334
Session Sniffing 334
Predictable Session Token ID 334
On-Path Attacks 335
Client-Side Attacks 335
Browser-Based On-Path Attacks 337
Session Replay Attacks 338
Session Fixation Attacks 338
Session Hijacking Tools 338
Preventing Session Hijacking 341
Denial of Service and Distributed Denial of Service 341
DoS Attack Techniques 343
Volumetric Attacks 343
SYN Flood Attacks 344
ICMP Attacks 344
Peer-to-Peer Attacks 345
Application-Level Attacks 345
Permanent DoS Attacks 346
Distributed Denial of Service 347
DDoS Tools 348
DoS and DDoS Countermeasures 350
Summary 353
Exam Preparation Tasks 354
Review All Key Topics 354
Define Key Terms 354
Exercises 355
6-1 Scanning for DDoS Programs 355
6-2 Spoofing Your MAC Address in Linux 355
6-3 Using the KnowBe4 SMAC to Spoof Your MAC Address 356
Review Questions 356
Suggested Reading and Resources 360
Chapter 7 Web Server Hacking, Web Applications, and Database Attacks 363
"Do I Know This Already?" Quiz 363
Foundation Topics 366
Web Server Hacking 366
The HTTP Protocol 366
Scanning Web Servers 374
Banner Grabbing and Enumeration 374
Web Server Vulnerability Identification 379
Attacking the Web Server 380
DoS/DDoS Attacks 380
DNS Server Hijacking and DNS Amplification Attacks 380
Directory Traversal 382
On-Path Attacks 384
Website Defacement 384
Web Server Misconfiguration 384
HTTP Response Splitting 385
Understanding Cookie Manipulation Attacks 385
Web Server Password Cracking 386
Web Server-Specific Vulnerabilities 386
Comments in Source Code 388
Lack of Error Handling and Overly Verbose Error Handling 389
Hard-Coded Credentials 389
Race Conditions 389
Unprotected APIs 390
Hidden Elements 393
Lack of Code Signing 393
Automated Exploit Tools 393
Securing Web Servers 395
Harden Before Deploying 395
Patch Management 395
Disable Unneeded Services 396
Lock Down the File System 396
Log and Audit 396
Provide Ongoing Vulnerability Scans 397
Web Application Hacking 398
Unvalidated Input 398
Parameter/Form Tampering 399
Injection Flaws 399
Cross-Site Scripting (XSS) Vulnerabilities 400
Reflected XSS Attacks 401
Stored XSS Attacks 402
DOM-Based XSS Attacks 404
XSS Evasion Techniques 405
XSS Mitigations 406
Understanding Cross-Site Request Forgery Vulnerabilities and Related Attacks 408
Understanding Clickjacking 409
Other Web Application Attacks 410
Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations 411
Web-Based Password Cracking and Authentication Attacks 412
Understanding What Cookies Are and Their Use 414
URL Obfuscation 415
Intercepting Web Traffic 417
Securing Web Applications 419
Lack of Code Signing 421
Database Hacking 421
A Brief Introduction to SQL and SQL Injection 422
SQL Injection Categories 427
Fingerprinting the Database 429
Surveying the UNION Exploitation Technique 430
Using Boolean in SQL Injection Attacks 431
Understanding Out-of-Band Exploitation 432
Exploring the Time-Delay SQL Injection Technique 433
Surveying Stored Procedure SQL Injection 434
Understanding SQL Injection Mitigations 434
SQL Injection Hacking Tools 435
Summary 436
Exam Preparation Tasks 437
Review All Key Topics 437
Exercise 438
7-1 Complete the Exercises in WebGoat 438
Review Questions 438
Suggested Reading and Resources 443
Chapter 8 Wireless Technologies, Mobile Security, and Attacks 445
"Do I Know This Already?" Quiz 445
Foundation Topics 449
Wireless and Mobile Device Technologies 449
Mobile Device Concerns 451
Mobile Device Platforms 452
Android 453
iOS 455
Windows Mobile Operating System 456
BlackBerry 457
Mobile Device Management and Protection 457
Bluetooth 458
Radio Frequency Identification (RFID) Attacks 461
Wi-Fi 461
Wireless LAN Basics 462
Wireless LAN Frequencies and Signaling 463
Wireless LAN Security 464
Installing Rogue Access Points 467
Evil Twin Attacks 468
Deauthentication Attacks 468
Attacking the Preferred Network Lists 472
Jamming Wireless Signals and Causing Interference 472
War Driving 472
Attacking WEP 472
Attacking WPA 474
Wireless Networks Configured with Open Authentication 478
KRACK Attacks 479
Attacks Against WPA3 479
Attacking Wi-Fi Protected Setup (WPS) 480
KARMA Attack 481
Fragmentation Attacks 481
Additional Wireless Hacking Tools 482
Performing GPS Mapping 483
Wireless Traffic Analysis 483
Launch Wireless Attacks 483
Crack and Compromise the Wi-Fi Network 484
Securing Wireless Networks 485
Site Survey 485
Robust Wireless Authentication 485
Misuse Detection 486
Summary 487
Exam Preparation Tasks 488
Review All Key Topics 488
Define Key Terms 488
Review Questions 488
Suggested Reading and Resources 489
Chapter 9 Evading IDS, Firewalls, and Honeypots 491
"Do I Know This Already?" Quiz 491
Foundation Topics 495
Intrusion Detection and Prevention Systems 495
IDS Types and Components 495
Pattern Matching 497
Protocol Analysis 500
Heuristic-Based Analysis 500
Anomaly-Based Analysis 500
Global Threat Correlation Capabilities 502
Snort 502
IDS Evasion 506
Flooding 507
Insertion and Evasion 507
Session Splicing 508
Shellcode Attacks 508
Other IDS Evasion Techniques 509
IDS Evasion Tools 510
Firewalls 511
Firewall Types 512
Network Address Translation 512
Packet Filters 513
Application and Circuit-Level Gateways 515
Stateful Inspection 515
Identifying Firewalls 516
Bypassing Firewalls 520
Honeypots 526
Types of Honeypots 528
Detecting Honeypots 529
Summary 530
Exam Preparation Tasks 530
Review All Key Topics 530
Define Key Terms 531
Review Questions 531
Suggested Reading and Resources 536
Chapter 10 Cryptographic Attacks and Defenses 539
"Do I Know This Already?" Quiz 539
Foundation Topics 543
Cryptography History and Concepts 543
Encryption Algorithms 545
Symmetric Encryption 546
Data Encryption Standard (DES) 548
Advanced Encryption Standard (AES) 550
Rivest Cipher 551
Asymmetric Encryption (Public Key Encryption) 551
RSA 552
Diffie-Hellman 552
ElGamal 553
Elliptic-Curve Cryptography (ECC) 553
Digital Certificates 553
Public Key Infrastructure 554
Trust Models 555
Single-Authority Trust 556
Hierarchical Trust 556
Web of Trust 557
Email and Disk Encryption 557
Cryptoanalysis and Attacks 558
Weak Encryption 561
Encryption-Cracking Tools 563
Security Protocols and Countermeasures 563
Steganography 566
Steganography Operation 567
Steganographic Tools 568
Digital Watermark 571
Hashing 571
Digital Signature 573
Summary 574
Exam Preparation Tasks 574
Review All Key Topics 574
Define Key Terms 575
Exercises 575
10-1 Examining an SSL Certificate 575
10-2 Using PGP 576
10-3 Using a Steganographic Tool to Hide a Message 577
Review Questions 577
Suggested Reading and Resources 582
Chapter 11 Cloud Computing, IoT, and Botnets 585
"Do I Know This Already?" Quiz 585
Foundation Topics 588
Cloud Computing 588
Cloud Computing Issues and Concerns 590
Cloud Computing Attacks 592
Cloud Computing Security 593
DevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOps 593
CI/CD Pipelines 596
Serverless Computing 598
Containers and Container Orchestration 598
How to Scan Containers to Find Security Vulnerabilities 600
IoT 601
IoT Protocols 604
IoT Implementation Hacking 606
Botnets 606
Botnet Countermeasures 609
Summary 612
Exam Preparation Tasks 612
Review All Key Topics 612
Define Key Terms 613
Review Questions 613
Suggested Reading and Resources 615
Chapter 12 Final Preparation 619
Hands-on Activities 619
Suggested Plan for Final Review and Study 620
Summary 621
Glossary of Key Terms 623
Appendix A Answers to the "Do I Know This Already?" Quizzes and Review Questions 649
Appendix B CEH Certified Ethical Hacker Cert Guide Exam Updates 685

Index 687

Online Elements:
Appendix C Study Planner
Glossary of Key Terms
9780137489985 TOC 12/15/2021

Updates

Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020