By: Hugh Shepherd
October 15, 2021
How Hard Is The CEH Exam?
By: Hugh Shepherd
October 15, 2021
Overview of the CEH Certification
The Certified Ethical Hacker (CEH) certification by the EC-Council is a well-known and longstanding credential for penetration testing. The certification demonstrates the holder’s ability to assess a computer system’s level of security by knowing how to exploit its weaknesses and vulnerabilities.
First introduced in 2003 by the International Council of Electronic Commerce Consultants (EC-Council), the CEH was the first certification of its kind for validating the skill of penetration testers. In 2010, the United States Department of Defense made it a requirement for personnel working in network defense roles to hold CEH, a move that added credibility to and demand for the cert.
The CEH (ANSI) exam is 4 hours with 125 multiple-choice questions. The questions from the exam cover various topics from the 20 modules included in the course. These 20 modules cover the following areas:
- Module 01: Introduction to Ethical Hacking
- Module 02: Footprinting and Reconnaissance
- Module 03: Scanning Networks
- Module 04: Enumeration
- Module 05: Vulnerability Analysis
- Module 06: System Hacking
- Module 07: Malware Threats
- Module 08: Sniffing
- Module 09: Social Engineering
- Module 10: Denial-of-Service
- Module 11: Session Hijacking
- Module 12: Evading IDS, Firewalls, and Honeypots
- Module 13: Hacking Web Servers
- Module 14: Hacking Web Applications
- Module 15: SQL Injection
- Module 16: Hacking Wireless Networks
- Module 17: Hacking Mobile Platforms
- Module 18: IoT Hacking
- Module 19: Cloud Computing
- Module 20: Cryptography
The official ECC course material consists of 3000+ pages in the primary document. In addition, there are several other “Hacking Concepts” documents (combined roughly 300 pages of material) that contain mostly foundational information on infosec and IT topics that candidates are expected to have some familiarity with already. This exhaustive amount of information likely poses a challenge to any cyber security professional at any level. Candidates can take a CEH exam prep course not provided by EC-Council, but those candidates must pay an application fee to sit for the exam.
A passing score varies, depending on which version of the exam you take, ranging from 60% to 85%. So, exams with many tough questions may have a passing score as low as 60%, while tests with easier questions may require a score of 78% or higher to pass.
There is a practical exam for the CEH that certifies the hands-on skills of a pentester. This exam is not a requirement to earn the CEH, but by successfully passing the CEH Practical exam, one attains the higher designation of CEH Master.
To sit for the CEH (ANSI) exam, you must apply. To be eligible to apply for the exam, candidates must meet one of the following criteria:
- Hold a CEH certification of version 1 to 7 (NOTE: These are the versions of the exam before ANSI accreditation).
- Or have a minimum of 2-years work experience in an information security domain and need to pay a non-refundable application fee of USD 100.
- Or attend an official EC-Council CEH training course (which includes the required USD 100 application fee in the cost of the course)
Difficulty Comparison to Other Similar Certifications
Several certifications can be used to compare the difficulty level of the CEH exam. Other certs are available in the pentesting discipline, but they may be viewed as a case of comparing “apples to oranges.”
Nevertheless, a basic overview of other certification exams can at least provide a general idea of the difficulty level.
CompTIA Security+- Even though this certification does not specifically focus on penetration testing, it is a comprehensive information security certification that covers many of the foundational topics also covered in the CEH exam, such as network reconnaissance and discovery, cloud-related concepts, and even the Cyber Kill Chain among other topics (SY0-601).
The exam is 90 minutes long with a maximum of 90 multiple choice and performance-based questions. You will need to score at least 750 (on a scale of 100-900) to pass. CompTIA recommends two years of experience in IT administration with a security focus and CompTIA Network+ certification.
CompTIA PenTest+- Next-up is the CompTIA PenTest+ certification, probably the most comparable to the CEH in eligibility requirements and content covered for the exam. Similar to the CEH, the primary objective of the CompTIA PenTest+ certification exam is to validate penetration testing and vulnerability assessment and management skills necessary to determine the resiliency of a network against attacks. The exam is 165 minutes with a maximum of 85 performance-based and multiple-choice questions. A score of at least 750 (on a scale of 100-900) is required to pass.
CompTIA recommends candidates have Network+, Security+, or equivalent knowledge. Plus, a minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, PenTest+ should follow CompTIA Security+ experience.
GIAC Penetration Tester (GPEN) - The GPEN certification is a vendor-neutral penetration testing credential provided by the SANS Institute. Like the other pentesting certs already mentioned, the GPEN’s primary goal is to validate a candidate’s ability to conduct a penetration test effectively using industry best practice techniques and methodologies. The exam consists of practical questions that require the performance of real-world-like tasks that are similar to what would be done by a pentester during an actual engagement.
The SANS Institute does not list any specific prerequisites for the GPEN certification. However, based on the intended audience (e.g., personnel responsible for mitigating vulnerabilities) and the recommended topics, candidates should understand technologies such as Windows and Linux command line, networking, and basic cryptography. The 3-hour proctored exam consists of 82-115 questions with a minimum passing score of 75%.
eLearnSecurity Junior Penetration Tester (eJPT) – The Junior Penetration Tester (eJPT) exam by eLearnSecurity is a more practical exam compared to the all-multiple-choice question exam of the CEH (ANSI). Nevertheless, just like the CEH, the goal of this exam is to validate that candidates possess the essential skills to perform a penetration test and a foundational knowledge of information security basics.
The hands-on practical format does make this a challenging exam. For the exam, you will be given access to a lab environment via a VPN. Candidates have three days to answer 20 questions (i.e., tasks). The exam lab environment is available 24/7 from anywhere and can be paused during the allocated exam time. To pass requires a score of 75% (i.e., 15 out of 20 questions answered correctly). There are no hard requirements to sit for this exam, but the target audience is “advanced” IT professionals that are relatively new to penetration testing.
Even though they are out of scope for this article, several other pentester certifications should be mentioned. These additional pentester certifications include the OSCP, OSCE, and CEPT. However, these are for more advanced penetration testers and/or in a format comparable to the multiple-choice CEH exam.
Out of the certification exams previously discussed (i.e., Security+, PenTest+, GPEN, and eJPT), compared to its most similar peers, the difficulty level and knowledge expectation for the CEH exam is on par with the industry.
How to make the exam less challenging
For most exams, proper preparation is a key indicator of success. Proper preparation includes activities such as attending a class (online or classroom), reviewing study material (e.g., books, study guides, flashcards, notes, labs, etc.), and doing exam practice tests (e.g., test engine, exam simulator). And, most importantly, putting in the time to study the material and learn the concepts covered on the exam.
Additionally, creating a study plan is an excellent strategy to make the exam less challenging. For the CEH exam, EC-Council provides a “blueprint” that contains all the topics covered on the exam and includes the weighting allocated per topic for the 125 questions on the exam.
The CEH exam can be challenging, especially if one is a relative newcomer to penetration testing, has never taken a certification exam before, or just beginning the journey into the world of cyber security and/or information technology in general. Nevertheless, as the adage says, “Proper preparation prevents poor performance.” Keep that in mind as you move forward and prepare for your CEH exam.
Even if you’re a quick study and already familiar with penetration testing, putting in several weeks to review material and get familiar with EC-Council’s viewpoint is recommended. Those not as experienced in penetration testing take the necessary preparation, even if it takes several months. The bottom line - you want to feel confident going into the exam so that you can succeed.
Cybrary offers many other learning resources related to exam preparation for the CEH and pentesting in general. You can explore and sign-up for these learning resources on the Cybrary website.
C|EH – The Ultimate Ethical Hacking Certification https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
Certified Ethical Hacker https://en.wikipedia.org/wiki/Certified_Ethical_Hacker
CompTIA PenTest+ https://www.comptia.org/certifications/pentest
CompTIA Security+ https://www.comptia.org/certifications/security
eJPT Certification https://elearnsecurity.com/product/ejpt-certification/
GIAC Penetration Tester (GPEN) https://www.giac.org/certification/penetration-tester-gpen