CEH v8 FAILED EXAM - Was version 9 - How to Resolve

TK1799_st · October 2015

CEHv8 FAILED EXAM - Was version 9 - How to Resolve

Write an email to EC Councils - Certification Director

[email protected]

I was instructed to contact you immediately in reference to the CEHv8 Exam I took on XX OCT 2015 at (TESTING LOCATION)

Upon opening the exam, I realized that the material I studied from the Official ECC CEH v8 course-ware, the (?) Book for CEHv8, (?) Videos for CEHv8, and the tools provided to practiced with were not the same and I did not pass.

I believe at this point, Pearson Vue and EC Council owe me a new voucher to re-take the CEHv8 Exam. I also do not believe the CEH v9 Exam should not be released in the wild as of yet since there is no current study material available that I could find.

Please get back to me with an answer. I took FRI off from work and now have to take another day off to make this exam happen.

Just to confirm, I signed up and paid for the CEH v8 exam.

(NAME)
__________________________

Can the Admin pin this so that others can see it at the top - I will post updates once I hear back from ECC - I was told from another rep at ECC that they know of the issue and need people to contact them so they can resolve it and get testers the correct v8 Exam.

gespenstern · October 2015

Let's see how it develops.

And just a side note, I wouldn't say that it's uncommon to upgrade exams without releasing new materials for them, I remember Microsoft upgraded their MCSA 2012 exams to 2012 R2, putting there a lot of R2 specific stuff and there were no 2012 R2 prep materials at the time. Moreover, you wouldn't know that if you didn't lurk around specifically and there was a lot of frustration on the boards regarding this as people showed up for exam only to find out that it's totally different than what they were preparing for.

PS Of course it's a bad practice on exam vendor's part. Always release materials first then upgrade exams. Doesn't always happen in real world...

JusCoolin · October 2015

I don't know how far this will go, but I did send an email to the Director and also the Site support as well.

TK1799_st · October 2015

The more people like us that complain - the more will be done to ensure a smooth transition period.

It's like studying for the American Revolution - but getting tested on the French Revolution...both have French elements - but both are VERY different.

They need that transition -- it's only professional to offer that. An entirely new exam is bad form.

OctalDump · October 2015

TK1799_st wrote: »

The more people like us that complain - the more will be done to ensure a smooth transition period.

It's like studying for the American Revolution - but getting tested on the French Revolution...both have French elements - but both are VERY different.

They need that transition -- it's only professional to offer that. An entirely new exam is bad form.

Is it really that bad? It's making me want to do this "v9" exam to see if it has changed. If it wasn't so expensive...

I said over in the other thread, that part of this problem is where a certification exam assumes experience, that the exam purports to validate experience, then changing the exam shouldn't be a huge problem since the experienced people would still be able to pass. Of course the reality is that most certifications aren't done by people with huge amounts of experience, because people with that level of experience don't need the certification that much.

I'm curious to see how this all pans out.

TK1799_st · October 2015

RESPONSE BACK FROM EC COUNCIL:

Thanks for sharing your feedback to us, This feedback has been sent to me so i can assist you and explain the exam format, i am listing my view below and would be happy to hear your comments on it.

1. The CEH exam follows the exam blueprint here https://cert.eccouncil.org/images/doc/CEH-Exam-Blueprint-v2.0.pdf

2. The exam format and pattern have not been changed in any way, we still continue to maintain the exam time and passing score.

3. As far as the quality of the exam is concern, our CEH exam forms are beta tested by a minimum 100 students and are pschometrically validated before they are live.

4. Our exam is updated from to time to capture all the latest skills and knowledge a CEH should have as per industry requirements. So should you see any updated content, it only confirms are test are updated and test the current skills and knowledge the industry expects a CEH to hold.

5. Our exams are written my Subject matter experts and are not build by our in-house teams to ensure our tests focus on measuring the required skills and knowledge.

6. Our courseware/ study material is a guideline that equips you with concepts, tools and techniques of ethical hacking and security assessments. Take note the final title earned by a student who successfully passed the CEH exam is "Certified Ethical Hacker" and does not carry any version no, irrespective of the courseware he used to prepare for the exam.

7. Further a student is required to keep himself updated with the current changes in the market. EC-Council has always encouraged Continuing education and hence we also grant recertification through our ECE policy if this criteria is met.

8. If you still feel there are specific questions that are out of the scope of the exam blue print, please specify which ones so we can take a look at it.

9. Also we have a healthy passing ratio on the test you have attempted.

If there is anything else i can assist you with pleas let me know.

Thank you
Cherylann Vanderhide
Dir. Compliance & Governance
EC-Council.

_____________________________________________

TK1799_st · October 2015

OctalDump wrote: »

Is it really that bad? It's making me want to do this "v9" exam to see if it has changed. If it wasn't so expensive...

I said over in the other thread, that part of this problem is where a certification exam assumes experience, that the exam purports to validate experience, then changing the exam shouldn't be a huge problem since the experienced people would still be able to pass. Of course the reality is that most certifications aren't done by people with huge amounts of experience, because people with that level of experience don't need the certification that much.

I'm curious to see how this all pans out.

If you took the exam prior to OCT - then you had the v8 Exam.

If you took the exam in the last 2 weeks - you had the NEW v9 Exam with all new exploits on it.

I don't have the time to sit and study EVERYTHING that could possibly be on the Exam.

The response from the Director is poor and show incompetence on her part. She's obliviously not certified nor has she studied for and sat for these exams.

Everything I'm reading on other sites and opinions given state this. The entity I work for have recent CEH certified people - I talked to them about what they experienced to what I experienced - totally different...except for the questions that related back to Security+.

binarysoul · October 2015

Having 2nd thoughts about ECC. All the complaints about ECC and the 'exam version' fiasco can't be all wrong, although until yesterday I believed otherwise

TK1799_st · October 2015

I got in touch with the Vice President of EC for North American...

his response....

"Prior to your email I was not aware. Let me assemble some of the facts on my end. I do know there was a recent class with issues at Secure Ninja but there were specific reasons for that and we have addressed that directly with the President of that training center. Let me see what I can find out here. I'm a bit worried you studied with "grey" materials, sybex and CBT nuggets are not endorsed in any way by EC Council and have proven problematic in the past, however your comments clearly go deeper than that. I will investigate and have raised your issue to to the appropriate parties here."

Standing by....

Sch1sm · October 2015

Interesting. Could you post the contact information? It's annoying that when following the actual procedure people are getting fawned off with a standard response from what is reportedly outsourced contractors in India/Taiwan and to get the issue actually investigated you have to seek someone else out.

TK1799_st · October 2015

If anyone has failed the CEH v8 Exam and fully understands that they took v9 material per linking questions to newly released Objective 9 list and the snap shot page....then contact this guy immediately:

Steve Graham <[email protected]>
Steven Graham
Vice President | North America
EC-Council

TK1799_st · October 2015

The lady who is the Certification Director - here's Cherylann Vanderhide LinkedIn:

https://my.linkedin.com/pub/cherylann-vanderhide/48/8bb/101

Malaysia...nice.....

wayne_wonder · October 2015

I've not taken the exam but sent an email saying I won't be taking the exam until sufficient material is out and I got this reply

Hello Wayne,

Please note that the CEH exam follows the exam blueprint here https://cert.eccouncil.org/images/doc/CEH-Exam-Blueprint-v2.0.pdf , The exam development policy is explained at https://cert.eccouncil.org/exam-development-procedure-and-item-challenge.html

Our exam is updated from to time to capture all the latest skills and knowledge a CEH should have as per industry requirements. So should you see any updated content, it only confirms are test are updated and test the current skills and knowledge the industry expects a CEH to hold.

Our exams are written my Subject matter experts and are not build by our in-house teams to ensure our tests focus on measuring the required skills and knowledge. As far as the quality of the exam is concern, our CEH exam forms are beta tested by a minimum 100 students and are psychometrically validated before they are live.

Candidate needs to go through the exam blueprint to prepare for the exam.

I hope this clarification helps.

Thank you.

supasecuritybro · October 2015

I completed the test and failed on Monday. I walked out feeling like I wasn't taking the right test and was about to pony up the money for another test. I am glad I research a little and felt like was validated in my assessment of what happened on Monday when I found these threads. I went ahead and filed an incident on their website and received the same generic response from Cherylann Vanderhide which I am beginning to believe is a canned response people are just sending back. I responded back and received another generic response. I noticed that they responses are not whether or not the proper data bank of question was issued out but just the validity of their process. I am not questioning whether or not the validity of the exam is in question, I just believe that a fair assessment is done when you are checking against the current body of knowledge. As a working professional I am aware of the constant changing landscape and it is my responsibility to maintain my knowledge base fresh. I also believe that the context of examination needs to be on the available body of knowledge you are releasing in order to ensure you are getting everyone on the same baseline. I am strong believer that certifications do not make you the professional but are the baseline at which you are able to determine where a candidate is located on the HUGE sea of our field.

I am hoping to be able to take the exam I studied for or given the new material and a retake of this exam.

TK1799_st · October 2015

supasecuritybro wrote: »

I completed the test and failed on Monday. I walked out feeling like I wasn't taking the right test and was about to pony up the money for another test. I am glad I research a little and felt like was validated in my assessment of what happened on Monday when I found these threads. I went ahead and filed an incident on their website and received the same generic response from Cherylann Vanderhide which I am beginning to believe is a canned response people are just sending back. I responded back and received another generic response. I noticed that they responses are not whether or not the proper data bank of question was issued out but just the validity of their process. I am not questioning whether or not the validity of the exam is in question, I just believe that a fair assessment is done when you are checking against the current body of knowledge. As a working professional I am aware of the constant changing landscape and it is my responsibility to maintain my knowledge base fresh. I also believe that the context of examination needs to be on the available body of knowledge you are releasing in order to ensure you are getting everyone on the same baseline. I am strong believer that certifications do not make you the professional but are the baseline at which you are able to determine where a candidate is located on the HUGE sea of our field.

I am hoping to be able to take the exam I studied for or given the new material and a retake of this exam.

Email the Vice President and complain -- the more people that do - the more Cherylann and her stupid way of thinking will be corrected - and those of us that followed the v8 Objectives can take the exam we studied for!

supasecuritybro · October 2015

I already did man. waiting on a response

TK1799_st · October 2015

https://www.gov.uk/government/organisations/joint-forces-command/about/recruitment

I just saw a RED TEAM position in VA - preferred was the OSCP -- if you had CEH - that was ok as well...

I think we are on the verge of OFF SEC stating, "stop memorizing answers and start learning what the answers mean"....is hitting the field...

I think that's why CEH is turning to live labs and ever changing exam questions...competition is going to drive OFF SEC on a higher demand as adversary attacks increase worldwide....but why gamble on CEH - when OFF SEC offers free Metasploit training and less expensive labs with positive results to earn the certification....????

BillV_ · October 2015

Two different certifications man. OSCP is very targeted and "narrow" and requires a fairly high level of technical knowledge. CEH is much more open and "broad" and is more like a fundamentals of hacking class.

Just like I said in the other thread, it is an ANSI exam, based on the job requirements of a CEH. It is not based on the courseware, nor is it allowed to be.

supasecuritybro · October 2015

Received a response from Steve Graham. Seems like they are reviewing the issue with their exam review department. Waiting for a reply.

TK1799_st · October 2015

Okay -- I'm still waiting on the VP to see what he has to say....because when Courseware is advertised and listed int he iStore - people buy it.

As far OSCP - at least OFF SEC has released Metasploit for free - train, learn, and then jump on the paid labs -- and in a certain amount of time - earn the certification when taking the 24 Hacking Live Hacking exam...

I was heading there anyway after the CEH phase...

TK1799_st · October 2015

supasecuritybro wrote: »

Received a response from Steve Graham. Seems like they are reviewing the issue with their exam review department. Waiting for a reply.

Yeap....same here....waiting....

BillV_ · October 2015

Yeah, so Metasploit is from Rapid7, not OffSec. They didn't release it. OffSec does offer Metasploit Unleashed - a free training course for Metasploit.

With the OSCP course (Pentesting With Kali - PWK), you get a guide and some videos, and not much instruction or direction otherwise, and especially not for the exam. Hence the slogan, "try harder." The labs are not required but highly recommended. The exam is 48 hours total (24 hours of practical assessment to compromise specific targets worth varying amounts of points, and 24 hours to turn in a report detailing your engagement).

I'm curious to see exactly how many people here are having issues here. I will create a separate thread for tracking because there are too many of these similar threads it's hard to keep track.

TK1799_st · October 2015

BillV_ wrote: »

Yeah, so Metasploit is from Rapid7, not OffSec. They didn't release it. OffSec does offer Metasploit Unleashed - a free training course for Metasploit.

With the OSCP course (Pentesting With Kali - PWK), you get a guide and some videos, and not much instruction or direction otherwise, and especially not for the exam. Hence the slogan, "try harder." The labs are not required but highly recommended. The exam is 48 hours total (24 hours of practical assessment to compromise specific targets worth varying amounts of points, and 24 hours to turn in a report detailing your engagement).

That is good information -- thanks! I look forward to engaging in the OSCP....

TK1799_st · October 2015

RESPONSE FROM ECC - 22 OCT 2015

Sir,
Apologies for the delayed response, i believe you have been writing to Steve Graham as well. I am replying back to you on behalf for all the EC-Council representative you have shared your concerns with. We really would like to help you in anyway at this point of time.

I have gone through all your comments below, thanks for putting all this down for us. We hope to use all your feedback and suggestions. We truly appreciate the time taken.

Thanks for sharing your background and details on how you have been on different forums and discussions assisting certification bodies such as us. More than worrying about our reputation we are worried about how we can meet customers expectations while still following a fair and independent exam development process for all.

People such as you with so much rich experience and network can really help make that possible by contributing your ideas. As such, we wish to officially invite you to contribute to our exam development exercise once you are done with your the CEH certification, since we both share the common goal to create fair and better exams. It may help you see the challenges a certification body faces from customers while trying to create real exams.

Unfortunately, we only have one single standard CEH exam currently, that has an extremely health passing ratio surprisingly given all the claims in your email, and this not only involves people who studied the CEHv8 courseware but also those who did a self- study, After reading your feedback we are studying why 70% of our self-study candidates could pass the exam without any of the materials you have listed below. We will try and keep you updated on this.

We would like to know if you would like to retest this exam? If yes, we would be happy to assist you with a discounted retake voucher.
___________________________________________

wayne_wonder · October 2015

I dont think you will get better than that reply really and you can either take them up on their offer or wait until 3rd party books catch up several months down the line

What do you plan to do?

devilbones · October 2015

I took the CEH class last December and took the Exam on OCT 1st and all of the material was relevant. As far as the CEH goes, normally between versions I was told that they remove irrelevant content and update the tools used, most of the theory remains unchanged. How bad did you fail? One thing you said:

I think we are on the verge of OFF SEC stating, "stop memorizing answers and start learning what the answers mean"....is hitting the field...

Are you memorizing answers? If so that is the problem right there.

TK1799_st · October 2015

Do not ask for specific questions off of this current exam - it is unethical and a violation of the signed agreement

devilbones · October 2015

TK1799_st wrote: »

How can you memorize answers...one either knows it or doesn't...the official course material plus all the other 3rd party books has examples and labs that get students involved. ..I did the same for A+ , Security +, and CHFI...and passed...I knew the material as provided...the NEW stuff was all from the new Objective list...so when they ask species on the exam...I chose the best answer I could....I made the same score everyone else is making...vur tnot the 70 % required....bottom line their updated exam is knocking people off each and every time because either covers content not provided yet....a simple ppint that is not being understood but hose ylwho have not taken the exam it all or the last couple of weeks...since they pushed the new exam out....a point not being argued by or denied by ECC or Pearson Vue....

I was just quoting you above. What areas were the questions in? Can you remember specific questions that you know weren't part of the v8 training?

IronmanX · October 2015

TK1799_st wrote: »

I made the same score everyone else is making...vur tnot the 70 % required....bottom line their updated exam is knocking people off each and every time because either covers content not provided yet....a simple ppint that is not being understood but hose ylwho have not taken the exam it all or the last couple of weeks...since they pushed the new exam out....a point not being argued by or denied by ECC or Pearson Vue....

The email you posted from EC Council says they are seeing a 70% pass rate on the exam you took.
Maybe they are lying. I guess in a couple of weeks we should hear on here from those who have passed the exam as of Oct 15th.

I see that lsimon305, OctalDump and kMastaFlash passed recently but it was the first couple of weeks in October and you are complaining about the exam getting significantly harder after Oct 15th.

BillV_ · October 2015

devilbones wrote: »

I was just quoting you above. What areas were the questions in? Can you remember specific questions that you know weren't part of the v8 training?

I think you're on to the same thing I was trying to get at with him. He wouldn't answer when I asked either.

BillV_ · October 2015

TK1799_st wrote: »

ECC has NOT released the % of people who passed verse the total number of people who up to take the exam

The healthy ratio of passers is unknown at this point

Do not ask for specific questions off of this current exam - it is unethical and a violation of the signed agreement

I don't believe they will provide you with such information. I don't believe any certification organizations release specific numbers on anything to the general public.

CEH v8 FAILED EXAM - Was version 9 - How to Resolve

Comments