Post of Shame: Missed the CEH v8 by 3 Points

JoJoCal19

Failed the CEH v8 by 3 points. Not happy. I feel like two months of study has been wasted. And it's the first certification/license exam I've failed. Through my study of the CEH, I've felt like maybe technical security is not for me, as reading stuff from the world of compliance/audit/governance/controls/risk comes naturally to me, however I felt like it was just much more difficult to study for this exam. I feel like failing this has reinforced that feeling. The sheer amount of information in the study materials is overwhelming. I even did well to memorize the common ports, nmap switches, what the mainstream tools do and in what situation they would be used. I felt really good going into the exam, during it I was feeling decent, not great, not bad, just ok.

Study resources used:

Certified Ethical Hacker (CEH) Cert Guide by Michael Gregg (new one for the v8 )
Official EC Council CEH courseware
Kali Linux and Metasploitable home lab

Admittedly I went light with the labbing, however I did not feel the test questions were overly technical nor would 500 hours of labbing have helped. I'm very disappointed that EC Council does not give you a print out with a score in each of the domains. That's awful in my opinion.

I'm open to any recommendations, thoughts, help. I'm planning on going back to studying. I will immediately switch to the CEH Certified Ethical Hacker All-in-One Exam Guide as that has been the tried and true resource in the past. I'm also going to dedicate a lot more time to labbing, even if I feel that wasnt the major factor in failing.

Alternatively, I'm thinking of just going line by line in the CEH outline/syllabus and studying each topic directly. I've had great success with doing that in the past.

bobloblaw

If you want to be 100% sure, buy that Boson exam sim. It's much more difficult than the actual test and actually gives explanations as opposed to just a "right/wrong" quizzer. It was worth the $100 for my peace of mind since the exam was $600 total.

scaredoftests

Nothing to be ashamed about.

emerald_octane

bobloblaw wrote: »

If you want to be 100% sure, buy that Boson exam sim. It's much more difficult than the actual test and actually gives explanations as opposed to just a "right/wrong" quizzer. It was worth the $100 for my peace of mind since the exam was $600 total.

This! The boson exam had me confused when I was going through the questions. I said "what on earth, where are these coming from?"

But sure enough they're spot on! Couldn't have passed without them since it really tests if you know the info.

Lostpacket

Very sorry to hear about that. Soooo close. I can just imagine how you feel. I applaud you for not wasting any time dwelling on it and instead just planning on what you are going to do to pass it.

I really think the AIO books are great. The practice exam book does a great job of explaining why each answer is right or wrong.

“You build on failure. You use it as a stepping stone. Close the door on the past. You don’t try to forget the mistakes, but you don’t dwell on it. You don’t let it have any of your energy, or any of your time, or any of your space.” - Johnny Cash

You'll crush it next time.

LionelTeo

How about moving away from Study Guides?

I never felt study guide will a good thing to be use as a primary resources. How you consider to read Chapter 3 onwards of counter hack reloaded and latest edition hacking exposed to be use along with the study guide?

Anyway, since you failed by 3 score, making the mark again would be really easy for you.

impelse

Boson was good, it drilled good strong points to answer those questions.

JoJoCal19

Thanks for the input on Boson. I will probably pick them up after I'm done with my read through of the AIO book.

JoJoCal19

Also can anyone tell me how deep I should be thinking on the exam questions? I think part of the reason I missed several questions was due to me getting in that CISSP exam state of mind. I kept trying to think through and reason things out. Maybe I made it more difficult than it needed to be.

NovaHax

Agree with the other posters here. Nothing to be ashamed of. You passed your CISSP on first attempt...and that is one that a LOT of people have trouble on. Its a lesson that most people in this industry have to learn at some point...and that is...how to determine when you're actually ready for the exam.

Did you do any practice tests?

I generally try to avoid taking tests unless I'm consistently scoring WAY above the pass line. Taking more difficult practice exams like Boson's would probably be a good approach too (though I haven't personally used them). Keep your chin up though. It obviously interests you or you wouldn't have started down this path. So just try a different approach.

bobloblaw

Questions are direct. Blow through the AIO and Boson quizzer, and you're gonna railroad the test on the second pass.

I got an 88 on it and I blazed through the test, but I was very prepared. Learned my lesson when I took the Sec+ without really studying after CISSP, and got a 751. Passing is a 750.

NovaHax

bobloblaw wrote: »

Questions are direct. Blow through the AIO and Boson quizzer, and you're gonna railroad the test on the second pass.

I got an 88 on it and I blazed through the test, but I was very prepared. Learned my lesson when I took the Sec+ without really studying after CISSP, and got a 751. Passing is a 750.

You took Sec+ after CISSP? I feel like a comment like that should automatically be followed by an explanation, lol.

bobloblaw

Work paid for it. I got my A+ after that. Next up Network+. I'm doing everything backwards (those are really just for WGU).

da_vato

JoJoCal19 wrote: »

Also can anyone tell me how deep I should be thinking on the exam questions? I think part of the reason I missed several questions was due to me getting in that CISSP exam state of mind. I kept trying to think through and reason things out. Maybe I made it more difficult than it needed to be.

I can tell you that you are on the right track with that thought. I found this test really difficult in that for lack of better words I had to "dumb it down." The level of thinking is not similar to the CISSP. I was really frustrated with this exam and the CHFI because of their structuring and sub-par grammar. If you're doing this for the MSISA the transender quizzes were lousy. I wish I had known about Boson, I would have given them a try.

The scope of this test alone is mind boggling.... 19 domains... really? some questions are really deep in the weeds asking you about a proper commands or output and the choices have an extremely subtle difference. Then some questions are so darn obvious that you second guess yourself as the answer you think it is could not possibly be that obvious.

I'd be interested to hear your thoughts about the Boson exams.

JDMurray

da_vato wrote: »

The scope of this test alone is mind boggling.... 19 domains... really?

CEHv8 has 20 modules now.

da_vato wrote: »

some questions are really deep in the weeds asking you about a proper commands or output and the choices have an extremely subtle difference. Then some questions are so darn obvious that you second guess yourself as the answer you think it is could not possibly be that obvious.

It sounds like the questions are weighted, with some being worth more points than others.

da_vato wrote: »

I'd be interested to hear your thoughts about the Boson exams.

I mentioned in another thread that the Boson CEHv8 practice exam are currently based on CEHv7 references. Some of the CEH modules only have a few questions, while other modules have quite a few. Boson also claims that any topic you may see in its CEHv8 practice exams is not necessarily found in the actual CEHv8 objectives. I'd like to see a question-by-question comparison with the Security+ practice exam to see how many questions are duplicated between the two products.

da_vato

That would make sense since I called ECCouncil and asked about the specific differences between v7 & v8 (material-wise) and they said they added a wireless chapter to their book. The person I spoke with said that they didn't revamp a whole lot of the material as whole.

I'd be curious to see the same...

certero

IMO the recommendations for Matt Walker AIO and Boson are great advice. They helped me tremendously. I don't think heavy labbing would really help with this test. I also used the official EC council i learn package which contains ALOT of labs and personally I found them worthless. I took V7 and I know they added a couple domains to the test. The AIO and Boson are still geared for V7 but I still think that they would be money well spent. To address your question about over analyzing the questions. I think that this could be quite possible. I know after the test I felt like there were at least a couple of questions that I dissected WAY too much. My experience with the exam is that once you know the stuff the answers just kind of popped out. Although there were a couple of questions that none of the study materials I used would have prepared me for there were really only a couple of those. Good luck!

diggitle

I'm using the Michael Gregg CEH book, and the CEH Study android app. The boot camp I went to for the CEH at New Horizons that provided all the official material wasn't all that good. Just a book with thousands of slides. The course didn't go over anything either just the instructor talking about how cool hacking is. Most of the enrollees were asking thousands of basic net+ questions which slowed everything down. It's a good thing it was paid for by my GI bill or i would have been mad. I figure since I'm taking the test through Pearson VUE why not use their official certification book. I notice a vast difference between Prometric and Vue test. I've learned to use the material by that testing company.


Michael Gregg: ISBN-13: 978-0789751270
CEH Study: https://play.google.com/store/apps/details?id=com.pintarify.ceh

diggitle

I just failed with a 66% today . It was the last 40 questions I know it was.

Tools/Systems/Programs -- It had to be from this. It's weighted 32%


A
network/host based intrusion


B
network/wireless sniffers (e.g., WireShark, Airsnort)


C
access control mechanisims (e.g., smart cards)


D
cryptography techniques (e.g., IPsec, SSL, PGP)


E
programming languages (e.g. C++, Java, C#, C)


F
scripting languages (e.g., PHP, Java script)


G
boundary protection appliances (e.g., DMZ)


H
network topologies


I
subnetting


J
port scanning (e.g., NMAP)


K
domain name system (DNS)


L
routers/modems/switches


M
vulnerability scanner (e.g., Nessus, Retina)


N
vulnerability management and protection systems (e.g., Foundstone, Ecora)


O
operating environments (e.g., Linux, Windows, Mac)


P
antivirus systems and programs


Q
log analysis tools


R
security models


S
exploitation tools


T
database structures

daviddws

JoJoCal19 wrote: »

Failed the CEH v8 by 3 points. Not happy. I feel like two months of study has been wasted. And it's the first certification/license exam I've failed. Through my study of the CEH, I've felt like maybe technical security is not for me, as reading stuff from the world of compliance/audit/governance/controls/risk comes naturally to me, however I felt like it was just much more difficult to study for this exam. I feel like failing this has reinforced that feeling. The sheer amount of information in the study materials is overwhelming. I even did well to memorize the common ports, nmap switches, what the mainstream tools do and in what situation they would be used. I felt really good going into the exam, during it I was feeling decent, not great, not bad, just ok.

hang in there! Good things don't come easy. No doubt if you study some more you will pass the 2nd time!

JDMurray

I'm taking the CEH (ANSI) exam this Saturday. Now you've made me nervous. I hope I don't regret not buying the 2nd edition of the Matt Walker book for CEHv8.

Now excuse me while I go cram on tools and command lines.

JoJoCal19

diggitle wrote: »

I just failed with a 66% today . It was the last 40 questions I know it was.

Well the one thing we have in common other than just barely failing is that we both used the Michael Gregg book. After reading the Matt Walker CEH AIO (v7) I can tell it's a much better book than the Michael Gregg book. The Gregg book is like a good on the job reference.

Heracles004

I took the CEH V8 a few weeks ago and I used the Matt Walker book to study along with the FEDVTE videos and some questions from Skillport. I tried to use the official courseware book but I had no love for it (stopped 70pgs in). I walked out with a comfortable 95%. I can't comment on the Gregg book but Walker is spot on. Use the AIO.

diggitle

I will use the Matt Walker book. I've rescheduled it for June 10th. $500

JoJoCal19

diggitle wrote: »

I will use the Matt Walker book. I've rescheduled it for June 10th. $500

Yea I've moved to the Matt Walker book too. I will follow that up with the Official CEH Review guide as it seems to be a concise book mapped directly to what the CEH v7 exam objectives were. From everything I've seen not much has changed.