CEH v8 FAILED EXAM - Was version 9 - How to Resolve

BillV_

TK1799_st wrote: »

Why didn't you state you were a Chair - with EEC - on the committee and share the link with the appeals process? I attempted to be nice - and you basically referred to me as a cheater. You were condescending in manner. Why hide all this time - why not message me from the beginning? oh well...

Well, I tried to reply to your posts. I started with a very lengthy response explaining the exam development process, how the ANSI requirements come into play, the differences between the course and the exam, and you immediately became argumentative. I made an attempt to start a single thread, in order to compile all of the complaints, to your benefit (as well as that of the others with complaints).

I was under the impression that you had already started the process - based on your posts stating you first contacted the certification director then decided to contact the VP and was in the middle of email exchanges with them. As you can see from the appeals process, EC-Council will first investigate your complaint and attempt to resolve the issue to your satisfaction. If, at that point, an agreement cannot be reached or you are still unhappy with their decision, it is then escalated up to the Scheme Committee. More often than not, we actually do side with the candidate.

My initial purpose of posting was not to deal with your individual case but to investigate the number of complaints being made and the inaccurate information being shared. As stated, that's what the appeal process is for (individual cases) and, as you previously stated, didn't need to involve me as a SC representative at that time. I was simply trying to clear up all of the confusion around the development process and what goes into the design of the exam, and how ANSI requires the separation between the course/course content and the exam.

The outcome of your appeal is not my decision alone. There is a large group of SC members, all of which will hear out your case and make their own decisions based on that. So again, I recommend that you compile all of your information into the appeals form and be as detailed as possible with your complaint and why you feel that whatever EC-Council attempted to offer as a resolution was not sufficient.

BillV_

wayne_wonder wrote: »

Seriously how did you not know he worked for them? It was so obvious

Yep, still don't work for them. I'm not an employee. I'm not paid. It's a committee of volunteers. And I'm not an instructor either.

BillV_

Also, I will add that, just like you, I was very surprised when I learned that the exam is not derived from the official courseware. As a certification holder and candidate, I complained about it too. And, just as I've done here, it was explained to me that ANSI requires that level playing field for all candidates. Is it a strange concept? Sure. You'd think that the organization that manages the CEH course and exam, would create the course, then use that to create the exam. The reality is that panels of "experts" are assembled, asked what topics a "CEH" should know, and the exam is created based on that. The course writers and exam writers are kept separate (think 'separation of duties').

wayne_wonder

BillV_ wrote: »

Yep, still don't work for them. I'm not an employee. I'm not paid. It's a committee of volunteers. And I'm not an instructor either.

I don't actually care if you do or don't or have biased against or for them to be honest you don't have to be paid by someone to be biased or not biased these days.

binarysoul

BillV_ wrote: »

Also, I will add that, just like you, I was very surprised when I learned that the exam is not derived from the official courseware. As a certification holder and candidate, I complained about it too. And, just as I've done here, it was explained to me that ANSI requires that level playing field for all candidates. Is it a strange concept? Sure. You'd think that the organization that manages the CEH course and exam, would create the course, then use that to create the exam. The reality is that panels of "experts" are assembled, asked what topics a "CEH" should know, and the exam is created based on that. The course writers and exam writers are kept separate (think 'separation of duties').

So are you saying the official courseware doesn't teach material needed to pass the exam?

First, if that's the case, then ECC should market that course as a general ethical hacking course and make no mention of CEH.

Second, if what you say is accurate, why on ECC website we read what the official course will bring:

"In short, you walk out the door with advanced hacking skills that are highly in demand, as well as the internationally recognized Certified Ethical Hacker certification!"

Obviously, the quote makes a direct link between the official course and CEH certification. But you say that's not the case. Unless I've misread your post!

BillV_

binarysoul wrote: »

So are you saying the official courseware doesn't teach material needed to pass the exam?

First, if that's the case, then ECC should market that course as a general ethical hacking course and make no mention of CEH.

Second, if what you say is accurate, why on ECC website we read what the official course will bring:

"In short, you walk out the door with advanced hacking skills that are highly in demand, as well as the internationally recognized Certified Ethical Hacker certification!"

Obviously, the quote makes a direct link between the official course and CEH certification. But you say that's not the case. Unless I've misread your post!

Hmm, no, that's not quite it. I'm saying that the exam is not designed from the courseware.

For illustrative purposes, let's say the exam covers topics A, B, and C. The courseware may be written to cover all of those topics, but so may a third-party study guide. You can choose either route, and then go take the exam. The purpose is to allow anyone to take the exam and have the same opportunity to pass it, without forcing you to buy the class or courseware from EC-Council. It has to be a "universal" exam that anyone can go take.

I'm not sure where you're reading that quote but yes, if you are new to the field and take the class then it is highly likely you will walk out the door with new skills and, if you pass the exam, the certification as well.

SecConsultant

I wrote a few days ago that im taking this on Monday and asked how hard it was now after update - the v9. I did promise I will come back and tell how it went.

I was a bit scared cause suddenly I did not know what to expect once I found out that the objectives have changed etc. Took it yesterday after going trough the All-in-one book a few times. One time during the last month or so...then a couple of times in the weekend before . 3h and a very very solid pass. It is still as easy as before. I have about 3 years pentest, sec. consulting experience. My conclusion there are two kinds of people complaining in these threads:

1) Have not done much studying and work not much related to security or the sec field they work in is very narrow.
2) The overconfident IT dudes that think they have accumulated all the comp knowledge over XX years in the field and no studying is needed at all.

Hard to fail this one if you are in the security. Lots and lots of common sense questions. People dont get scared. Some of these threads did that to me...because I thought these guys with 10+ years know what they are talking about.

IronmanX

SecConsultant wrote: »

3h and a very very solid pass. It is still as easy as before.

Have you written the CEH exam before? I ask because of the "It is still as easy as before".

I think EC Council should get rid of the passing score result when you complete the exam. Just a "Yes" you passed.
This is what the (ISC)² does
"(ISC)² does not report to candidates the number of questions they answered correctly or the overall percentage of questions they answered correctly; however; failing candidates are provided with the rank ordering of domains based on their percentage of questions answered correctly in each domain of the examination. This information is provided to assist failing candidates who would know the domains that they need to focus in their further study "

I think people hear about someone like you passing with a very high mark saying its pretty easy if you know what you are doing. They then jump to well I have more experience in IT then this guy its going to be a walk in the park for me.

SecConsultant

There was a percentage displayed. At the end of the exam: 70% requred, the % I got and the word "pass"

Walk in park? Hmm...as I said ~3 years in pen testing, consulting + the book. Intelligence average...maybe a bit above It was easy for me...others should just take it as another review.

devilbones

SecConsultant wrote: »

I wrote a few days ago that im taking this on Monday and asked how hard it was now after update - the v9. I did promise I will come back and tell how it went.

I was a bit scared cause suddenly I did not know what to expect once I found out that the objectives have changed etc. Took it yesterday after going trough the All-in-one book a few times. One time during the last month or so...then a couple of times in the weekend before . 3h and a very very solid pass. It is still as easy as before. I have about 3 years pentest, sec. consulting experience. My conclusion there are two kinds of people complaining in these threads:

1) Have not done much studying and work not much related to security or the sec field they work in is very narrow.
2) The overconfident IT dudes that think they have accumulated all the comp knowledge over XX years in the field and no studying is needed at all.

Hard to fail this one if you are in the security. Lots and lots of common sense questions. People dont get scared. Some of these threads did that to me...because I thought these guys with 10+ years know what they are talking about.

This is kind of what I was getting at in either this thread or another on this subject. If you study the material, it doesnt matter which version of the test you are taking. If you are memorizing a brain **** or whatever for v8 at you get a v9 exam, your gonna have a bad time. Which leads me to believe there is a third option here.

shiffler24

SecConsultant, can you elaborate on what specifically you studied to order to pass? I see you said it was All-in-one book, which one?

cyberguypr

There's only one All-In-One, by Matt Walker.

supasecuritybro

cyberguypr wrote: »

There's only one All-In-One, by Matt Walker.

well there is two editions.

Gess

OctalDump wrote: »

Is it really that bad? It's making me want to do this "v9" exam to see if it has changed. If it wasn't so expensive...

I said over in the other thread, that part of this problem is where a certification exam assumes experience, that the exam purports to validate experience, then changing the exam shouldn't be a huge problem since the experienced people would still be able to pass.

I've said this here about a few other certifications. They certify your knowledge, not your rote memorization of training material. I doubt many security professionals fail this exam, regardless of version.

tomatotux

I'll be honest. I just signed up and paid for the CEH, but I haven't set a date. I've been in IT for a long time, and working in security related fields going on 5 years. I know I'm weak in crypto and the reputation that the CEH has gotten over the years. That being said, it is a certification that I know enough to stop bad guys. Am I nervous? Absolutely. I'm terrified now. My wife and I had to take out a loan just to attempt this exam. There's a promise of a better job just beyond this, and I'm going to work my ass off in the mean time. I was passing v8 practice exams between 80 and 90% and the theory cant be that different. I want this, and have been working up to it for 5 years. I will achieve this and I will accept nothing less than success. I appreciate everyone's thoughts, and if you have some useful tidbit of wisdom, it's appreciated. I'm playing a gamble on this, and I'm praying it pays off.

danny069

@tomatotux, when you signed up for the CEH, was it 312-50v8 or 312-50? I am going back and forth with them right now because they informed me I had to cancel my v8 and reschedule for the one without a version number. My voucher will not allow me to register for the new exam. When do you plan to schedule the exam?

supasecuritybro

danny069 wrote: »

@tomatotux, when you signed up for the CEH, was it 312-50v8 or 312-50? I am going back and forth with them right now because they informed me I had to cancel my v8 and reschedule for the one without a version number. My voucher will not allow me to register for the new exam. When do you plan to schedule the exam?

You got informed about the change prior to the test?

tomatotux

It was the 312-50. I thought it was odd and started looking into it and now it scares the hell out of me. No idea it had completely changed until a few hours ago.

danny069

Yes, they (Pearson Vue) sent me an email today. I had bought the voucher in September, and scheduled the exam for November, so they said I had to cancel the 312-50v8 and sign up for the 312-50.

supasecuritybro

danny069 wrote: »

Yes, they (Pearson Vue) sent me an email today. I had bought the voucher in September, and scheduled the exam for November, so they said I had to cancel the 312-50v8 and sign up for the 312-50.

Yeah that is exactly what happened to me but I wasn't notified. I get why a lot of people on here say a test is a test is a test and no matter the version a security pro should pass it but if you have the test center giving you a heads up its for a reason. Managing expectations is the key.

mayankjoin

supasecuritybro wrote: »

I completed the test and failed on Monday. I walked out feeling like I wasn't taking the right test and was about to pony up the money for another test. I am glad I research a little and felt like was validated in my assessment of what happened on Monday when I found these threads. I went ahead and filed an incident on their website and received the same generic response from Cherylann Vanderhide which I am beginning to believe is a canned response people are just sending back. I responded back and received another generic response. I noticed that they responses are not whether or not the proper data bank of question was issued out but just the validity of their process. I am not questioning whether or not the validity of the exam is in question, I just believe that a fair assessment is done when you are checking against the current body of knowledge. As a working professional I am aware of the constant changing landscape and it is my responsibility to maintain my knowledge base fresh. I also believe that the context of examination needs to be on the available body of knowledge you are releasing in order to ensure you are getting everyone on the same baseline. I am strong believer that certifications do not make you the professional but are the baseline at which you are able to determine where a candidate is located on the HUGE sea of our field.

I am hoping to be able to take the exam I studied for or given the new material and a retake of this exam.

Sorry to hear that. But may I know the kind of questions that were asked.? Were they related to HDD failure rates, cloud computing, risk assessment ?

supasecuritybro

mayankjoin wrote: »

Sorry to hear that. But may I know the kind of questions that were asked.? Were they related to HDD failure rates, cloud computing, risk assessment ?

I will not discuss specifics but there were questions on HDD failures, ALE/SLE/ARO, ShellShock, Heartbleed, risk assessments. It was a surprise to me and later finding out that Pearson Vue had dropped the 312-50v8 from the database and loaded the 312-50 the Friday before I took it. I feel like I was navigating it fairly well since I have my CISSP but I didn't pass. I received a 63% so I wasn't too far off on it. I submitted an appeal and waiting to see what happens next. Hope that answers your question. My advice is get the new material, use the blueprint and stay up to date with the tools.

mayankjoin

Thanks,supasecuritybro, but the v9 materials is nothing but a bunch of crap presentations laid in the form of a book. The material contains very little about the heartbleed, poodle and stuff that you have mentioned. CEH has been a haste in implementing the v9 stuff. Read a lot of -ve reviews about it.

Risk assessments is mentioned very briefly in the cloud computing chapter. However, most of them say that a lot was asked from that part. Could you suggest me some pointers for studying the risk assessment part?

anton73

Adding my (negative) experience of taking the CEH exam today and failing it with 66% ...maybe just 5 questions away of passing the exam but that is not the point for me.

Definitely I will follow the procedure for an appeal and also provide an exam review form, also as recommended here by some fellows.

Reasons of disappointment? the exam questions were heavily on a theoretic/presentation level, far away, in my opinion, from the concerns and skills of the hacking (white/black) and IT security engineering community in general. Certainly close to security management but that was not the reason for which I chose to take the CEH exam!

I know my stuff the hard way that is on the job and through personal interest. Have been in this process for over 12 years now.

So today I was prepared to verify my skills on 'hard skills' rahter than theoretical approach on risk management.

I feel that EC council is misadvertising the purpose of the CEH or maybe not ensuring that the weight of the CEH syllabus is attained on he exams.

I cant believe that I fell victim of the v.9 virus? ;O What the heck! it should not be the case

The CEH is (sould be!!) about pentesting and IT security engineering not about procedural and theoretical approaches..If I wanted I would choos the ISC SCCP or CISSP to dive into theory and unpractical advice.

Today I got more questions about risk management or maybe an organization in the medical society assuring patients records than any of the phases of a hacking preparation/attack and reporting.

Well the good thing is that I improved my hardcore skills on old tools and new tools around..not a question about DDOS!!!!

As said I will appeal and will update here..my suggestion to guys about to give this 'new'? CEH exam is go for the CISSP !

MitchRapp

Sorry to hear you missed the mark. I do not agree that ceh should be about pen testing. CEH is a course in the "core" information in hacking. Basically, you learn the core methodology, the tools, concepts, etc. It is an intermediate course. ECSA, rated expert, is where you apply this methodology. And finally, their newly revised LPT Master certification is where you prove you are a true Master. Comparing ceh to cissp is apples and oranges.

Take it again. You were so close. I bet this time around you rock it.

anton73

Thanks for your encouragement!
perhaps I will give it another go but I really want to see how EC Council responds to my appeal and feedback.
is their policy so wide open that an exam revision just rescopes it so much without really proper notice? this is a 500$ exam I dont think this is the case

The point I am trying to make is that in my exam today the weighting of sections was not kept as I see it.

For example in the CEH exam blueprint the section on tools/systems/programs is indicated as 32% (40 questions). I doubt if today I saw 10-15 on this section. same goes for the cryptography section (this is 20% ~25 questions but baely saw one or two very basic) also for the security section which is 25%..

I don't mean to undervalue this test just because I failed it..but my point is that I believe I was not tested on what I thought was the core kowledge of the CEH based on the EC Council documentation.

ECSA SCCP CISSP all have their own value and I also have them in my scope in the long run.

At the end of the day the certification means much less than having hands on the relevant tasks

supasecuritybro

ECC has been very clear that they are following their blueprint to date and that there is no reason, with proper preparation/experience, to be able to pass. They feel that their material is relevant and can be updated as they feel. I went through the appeal process and recieved a discount for my retake (which I am not sure I will use yet). I took my test the Monday after Pearson Vue recieved the update (verified by Pearson Vue directly). Even though I feel the CEH is a good baseline of knowledge, I do feel the organization stands to make profit on updates without proper notification.

At this time, I am stepping away from the CEH and probably not coming back. I am pretty hurt by how they treated the matter at first and now I just see that it's turning into what many are describing to be a "for profit" industry. I understand that certifying bodies need to make money to provide the exams, community, etc but at the same time it's becoming an opportunity to make money from people. If you are allowed to update your exam without notice and not give people the chance to prepare in the name of "always being ready for anything" that is just poor management of expectations. I've learned in my years of security work that you have to give clear guidance and not just change without notice for the sake of being up to date. You have to go through proper change management and give clear guidance but not here.

Just my two cents.

For the sake of being transparent I am still bothered by how all this was handled. I appreciate the time that was taken by ECC and the Scheme Committee but I still think it was a mistake on ECC end.

Thanks for reading

IronmanX

supasecuritybro wrote: »

They feel that their material is relevant and can be updated as they feel. I went through the appeal process and recieved a discount for my retake.

I am stepping away from the CEH and probably not coming back. I am pretty hurt by how they treated the matter at first and now I just see that it's turning into what many are discribing to be a "for profit" industry. I understand that certifying bodies need to make money to provide the exams, community, etc but at the same time it's becoming an opportunity to make money from people without a standard. If you are allowed to update your exam without notice and not give people the chance to prepare in the name of "always being ready" that is just poor management of expectations.

Just my two cents.

For the sake of being transparent I am still bothered by how all this was handled. I appreciate the time that was taken by ECC and the Scheme Committee but I still think it was a mistake on ECC end.

Thanks for reading

So no plans to take the discount? I understand they are offering a 30% discount?

What result from the appeals process would have been to your liking?

supasecuritybro wrote: »

"If you are allowed to update your exam without notice and not give people the chance to prepare in the name of "always being ready" that is just poor management of expectations."

^I see you have the CISSP certificate. Its my understanding that ISC2 also updates their exams with out notice. They expects you to have 5 years of experience so they expect you to prepare in the name of "always being ready". I have not taken the CISSP exam. I understand it is more scenario based and the answered are reviewed by a panel of people so some discretion is used.

supasecuritybro

IronmanX wrote: »

So no plans to take the discount? I understand they are offering a 30% discount?

What result from the appeals process would have been to your liking?

Honestly, its the fact that there was no resolve to the fact that it was changed. The banner has been waved that nothing change, but it did. Its not one person complaining about it being updated without any previous notice. That is the underlying problem.

IronmanX wrote: »

^I see you have the CISSP certificate. Its my understanding that ISC2 also updates their exams with out notice. They expects you to have 5 years of experience so they expect you to prepare in the name of "always being ready". I have not taken the CISSP exam. I understand it is more scenario based and the answered are reviewed by a panel of people so some discretion is used.

The CISSP states they will update their exam to fit new changes but it is not like what happened here. Taking the CISSP was tough and even if I had an older book or study material I was able to have the background to understand what was being asked. I consider that if I had the knowledge to pass that test, the CEH (no offense to anyone) should have been a breeze. I have hands on knowledge of the majority of the tools and keep up with current events, but it was a blindside from ECC.

like I said, I am not coming from a confrontational direction nor disputing the right of the organization to handle their certification process how they see right, but if asked about my thoughts, these are my opinions.

The only reason I even appealed and didn't just pony up money to get another go was I saw I wasn't the only one that saw the drastic change. Because unless you studied and got in there you would have noticed.

Thanks for asking IronmanX

IronmanX

supasecuritybro wrote: »

Taking the CISSP was tough and even if I had an older book or study material I was able to have the background to understand what was being asked. I consider that if I had the knowledge to pass that test, the CEH (no offense to anyone) should have been a breeze. I have hands on knowledge of the majority of the tools and keep up with current events, but it was a blindside from ECC.

It will be nice to see someone like Matt Walker do a CEH v9 book to get their insight into the changes, or even someone who had done an older CEH exam and now has sat for the exam since October 15th.
I did my exam in March and got weird questions, however the Matt Walker books told me this would happen and by using process of elimination I should be able to get it down to 2 choices. Also getting questions that where not grammatically correct was common, but I was warned.

Having people fail CEH who hold the CISSP cert is not that uncommon. Around the time I was studying there was a poster with a Florida Gators avatar who failed and held CISSP and seemed to be knowledgeable, that freaked me out a little bit going in.