Post of Shame: Missed the CEH v8 by 3 Points

JoJoCal19JoJoCal19 California KidMod Posts: 2,820 Mod
Failed the CEH v8 by 3 points. Not happy. I feel like two months of study has been wasted. And it's the first certification/license exam I've failed. Through my study of the CEH, I've felt like maybe technical security is not for me, as reading stuff from the world of compliance/audit/governance/controls/risk comes naturally to me, however I felt like it was just much more difficult to study for this exam. I feel like failing this has reinforced that feeling. The sheer amount of information in the study materials is overwhelming. I even did well to memorize the common ports, nmap switches, what the mainstream tools do and in what situation they would be used. I felt really good going into the exam, during it I was feeling decent, not great, not bad, just ok.

Study resources used:

Certified Ethical Hacker (CEH) Cert Guide by Michael Gregg (new one for the v8 )
Official EC Council CEH courseware
Kali Linux and Metasploitable home lab

Admittedly I went light with the labbing, however I did not feel the test questions were overly technical nor would 500 hours of labbing have helped. I'm very disappointed that EC Council does not give you a print out with a score in each of the domains. That's awful in my opinion.

I'm open to any recommendations, thoughts, help. I'm planning on going back to studying. I will immediately switch to the CEH Certified Ethical Hacker All-in-One Exam Guide as that has been the tried and true resource in the past. I'm also going to dedicate a lot more time to labbing, even if I feel that wasnt the major factor in failing.

Alternatively, I'm thinking of just going line by line in the CEH outline/syllabus and studying each topic directly. I've had great success with doing that in the past.
Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up:​ OSCP
Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework

Comments

  • bobloblawbobloblaw Member Posts: 228
    If you want to be 100% sure, buy that Boson exam sim. It's much more difficult than the actual test and actually gives explanations as opposed to just a "right/wrong" quizzer. It was worth the $100 for my peace of mind since the exam was $600 total.
  • scaredoftestsscaredoftests Security +, ITIL Foundation, MPT, EPO, ACAS, HTL behind youMod Posts: 2,752 Mod
    Nothing to be ashamed about.
    Never let your fear decide your fate....
  • emerald_octaneemerald_octane Member Posts: 613
    bobloblaw wrote: »
    If you want to be 100% sure, buy that Boson exam sim. It's much more difficult than the actual test and actually gives explanations as opposed to just a "right/wrong" quizzer. It was worth the $100 for my peace of mind since the exam was $600 total.

    This! The boson exam had me confused when I was going through the questions. I said "what on earth, where are these coming from?"

    But sure enough they're spot on! Couldn't have passed without them since it really tests if you know the info.
  • LostpacketLostpacket Member Posts: 25 ■■■□□□□□□□
    Very sorry to hear about that. Soooo close. I can just imagine how you feel. I applaud you for not wasting any time dwelling on it and instead just planning on what you are going to do to pass it.

    I really think the AIO books are great. The practice exam book does a great job of explaining why each answer is right or wrong.

    “You build on failure. You use it as a stepping stone. Close the door on the past. You don’t try to forget the mistakes, but you don’t dwell on it. You don’t let it have any of your energy, or any of your time, or any of your space.” - Johnny Cash

    You'll crush it next time.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■□□□□
    How about moving away from Study Guides?

    I never felt study guide will a good thing to be use as a primary resources. How you consider to read Chapter 3 onwards of counter hack reloaded and latest edition hacking exposed to be use along with the study guide?

    Anyway, since you failed by 3 score, making the mark again would be really easy for you.
  • impelseimpelse Member Posts: 1,233 ■■■■□□□□□□
    Boson was good, it drilled good strong points to answer those questions.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,820 Mod
    Thanks for the input on Boson. I will probably pick them up after I'm done with my read through of the AIO book.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,820 Mod
    Also can anyone tell me how deep I should be thinking on the exam questions? I think part of the reason I missed several questions was due to me getting in that CISSP exam state of mind. I kept trying to think through and reason things out. Maybe I made it more difficult than it needed to be.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    Agree with the other posters here. Nothing to be ashamed of. You passed your CISSP on first attempt...and that is one that a LOT of people have trouble on. Its a lesson that most people in this industry have to learn at some point...and that is...how to determine when you're actually ready for the exam.

    Did you do any practice tests?

    I generally try to avoid taking tests unless I'm consistently scoring WAY above the pass line. Taking more difficult practice exams like Boson's would probably be a good approach too (though I haven't personally used them). Keep your chin up though. It obviously interests you or you wouldn't have started down this path. So just try a different approach.
  • bobloblawbobloblaw Member Posts: 228
    Questions are direct. Blow through the AIO and Boson quizzer, and you're gonna railroad the test on the second pass.

    I got an 88 on it and I blazed through the test, but I was very prepared. Learned my lesson when I took the Sec+ without really studying after CISSP, and got a 751. Passing is a 750. :)
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    bobloblaw wrote: »
    Questions are direct. Blow through the AIO and Boson quizzer, and you're gonna railroad the test on the second pass.

    I got an 88 on it and I blazed through the test, but I was very prepared. Learned my lesson when I took the Sec+ without really studying after CISSP, and got a 751. Passing is a 750. :)

    You took Sec+ after CISSP? I feel like a comment like that should automatically be followed by an explanation, lol.
  • bobloblawbobloblaw Member Posts: 228
    Work paid for it. I got my A+ after that. Next up Network+. I'm doing everything backwards (those are really just for WGU).
  • da_vatoda_vato Member Posts: 445
    JoJoCal19 wrote: »
    Also can anyone tell me how deep I should be thinking on the exam questions? I think part of the reason I missed several questions was due to me getting in that CISSP exam state of mind. I kept trying to think through and reason things out. Maybe I made it more difficult than it needed to be.

    I can tell you that you are on the right track with that thought. I found this test really difficult in that for lack of better words I had to "dumb it down." The level of thinking is not similar to the CISSP. I was really frustrated with this exam and the CHFI because of their structuring and sub-par grammar. If you're doing this for the MSISA the transender quizzes were lousy. I wish I had known about Boson, I would have given them a try.

    The scope of this test alone is mind boggling.... 19 domains... really? some questions are really deep in the weeds asking you about a proper commands or output and the choices have an extremely subtle difference. Then some questions are so darn obvious that you second guess yourself as the answer you think it is could not possibly be that obvious.

    I'd be interested to hear your thoughts about the Boson exams.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,662 Admin
    da_vato wrote: »
    The scope of this test alone is mind boggling.... 19 domains... really?
    CEHv8 has 20 modules now. icon_shaking.gif
    da_vato wrote: »
    some questions are really deep in the weeds asking you about a proper commands or output and the choices have an extremely subtle difference. Then some questions are so darn obvious that you second guess yourself as the answer you think it is could not possibly be that obvious.
    It sounds like the questions are weighted, with some being worth more points than others.
    da_vato wrote: »
    I'd be interested to hear your thoughts about the Boson exams.
    I mentioned in another thread that the Boson CEHv8 practice exam are currently based on CEHv7 references. Some of the CEH modules only have a few questions, while other modules have quite a few. Boson also claims that any topic you may see in its CEHv8 practice exams is not necessarily found in the actual CEHv8 objectives. I'd like to see a question-by-question comparison with the Security+ practice exam to see how many questions are duplicated between the two products.
  • da_vatoda_vato Member Posts: 445
    That would make sense since I called ECCouncil and asked about the specific differences between v7 & v8 (material-wise) and they said they added a wireless chapter to their book. The person I spoke with said that they didn't revamp a whole lot of the material as whole.

    I'd be curious to see the same...
  • certerocertero Member Posts: 18 ■□□□□□□□□□
    IMO the recommendations for Matt Walker AIO and Boson are great advice. They helped me tremendously. I don't think heavy labbing would really help with this test. I also used the official EC council i learn package which contains ALOT of labs and personally I found them worthless. I took V7 and I know they added a couple domains to the test. The AIO and Boson are still geared for V7 but I still think that they would be money well spent. To address your question about over analyzing the questions. I think that this could be quite possible. I know after the test I felt like there were at least a couple of questions that I dissected WAY too much. My experience with the exam is that once you know the stuff the answers just kind of popped out. Although there were a couple of questions that none of the study materials I used would have prepared me for there were really only a couple of those. Good luck!
  • diggitlediggitle Member Posts: 118 ■■■□□□□□□□
    I'm using the Michael Gregg CEH book, and the CEH Study android app. The boot camp I went to for the CEH at New Horizons that provided all the official material wasn't all that good. Just a book with thousands of slides. The course didn't go over anything either just the instructor talking about how cool hacking is. Most of the enrollees were asking thousands of basic net+ questions which slowed everything down. It's a good thing it was paid for by my GI bill or i would have been mad. I figure since I'm taking the test through Pearson VUE why not use their official certification book. I notice a vast difference between Prometric and Vue test. I've learned to use the material by that testing company.


    Michael Gregg: ISBN-13: 978-0789751270
    CEH Study: https://play.google.com/store/apps/details?id=com.pintarify.ceh
    c colon i net pub dubdubdub root
  • diggitlediggitle Member Posts: 118 ■■■□□□□□□□
    I just failed with a 66% today icon_sad.gif. It was the last 40 questions I know it was.

    Tools/Systems/Programs -- It had to be from this. It's weighted 32%


    A
    network/host based intrusion


    B
    network/wireless sniffers (e.g., WireShark, Airsnort)


    C
    access control mechanisims (e.g., smart cards)


    D
    cryptography techniques (e.g., IPsec, SSL, PGP)


    E
    programming languages (e.g. C++, Java, C#, C)


    F
    scripting languages (e.g., PHP, Java script)


    G
    boundary protection appliances (e.g., DMZ)


    H
    network topologies


    I
    subnetting


    J
    port scanning (e.g., NMAP)


    K
    domain name system (DNS)


    L
    routers/modems/switches


    M
    vulnerability scanner (e.g., Nessus, Retina)


    N
    vulnerability management and protection systems (e.g., Foundstone, Ecora)


    O
    operating environments (e.g., Linux, Windows, Mac)


    P
    antivirus systems and programs


    Q
    log analysis tools


    R
    security models


    S
    exploitation tools


    T
    database structures

    c colon i net pub dubdubdub root
  • daviddwsdaviddws MCSA x2, MCITP, CIOS, CSIS, CNIP, CSSS, CLNP MCTS, MTA, MCP,  ITILv3, LPIC-1, VCA-WM, SCLA, CTS,  Member Posts: 303 ■■■□□□□□□□
    JoJoCal19 wrote: »
    Failed the CEH v8 by 3 points. Not happy. I feel like two months of study has been wasted. And it's the first certification/license exam I've failed. Through my study of the CEH, I've felt like maybe technical security is not for me, as reading stuff from the world of compliance/audit/governance/controls/risk comes naturally to me, however I felt like it was just much more difficult to study for this exam. I feel like failing this has reinforced that feeling. The sheer amount of information in the study materials is overwhelming. I even did well to memorize the common ports, nmap switches, what the mainstream tools do and in what situation they would be used. I felt really good going into the exam, during it I was feeling decent, not great, not bad, just ok.


    hang in there! Good things don't come easy. No doubt if you study some more you will pass the 2nd time!
    ________________________________________
    M.I.S.M:
    Master of Information Systems Management
    M.B.A: Master of Business Administration
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,662 Admin
    I'm taking the CEH (ANSI) exam this Saturday. Now you've made me nervous. I hope I don't regret not buying the 2nd edition of the Matt Walker book for CEHv8.

    Now excuse me while I go cram on tools and command lines.
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,820 Mod
    diggitle wrote: »
    I just failed with a 66% today icon_sad.gif. It was the last 40 questions I know it was.

    Well the one thing we have in common other than just barely failing is that we both used the Michael Gregg book. After reading the Matt Walker CEH AIO (v7) I can tell it's a much better book than the Michael Gregg book. The Gregg book is like a good on the job reference.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Heracles004Heracles004 Member Posts: 50 ■■□□□□□□□□
    I took the CEH V8 a few weeks ago and I used the Matt Walker book to study along with the FEDVTE videos and some questions from Skillport. I tried to use the official courseware book but I had no love for it (stopped 70pgs in). I walked out with a comfortable 95%. I can't comment on the Gregg book but Walker is spot on. Use the AIO.
  • diggitlediggitle Member Posts: 118 ■■■□□□□□□□
    I will use the Matt Walker book. I've rescheduled it for June 10th. $500 icon_sad.gif
    c colon i net pub dubdubdub root
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,820 Mod
    diggitle wrote: »
    I will use the Matt Walker book. I've rescheduled it for June 10th. $500 icon_sad.gif

    Yea I've moved to the Matt Walker book too. I will follow that up with the Official CEH Review guide as it seems to be a concise book mapped directly to what the CEH v7 exam objectives were. From everything I've seen not much has changed.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
Sign In or Register to comment.