Passed CEH today 3/19/2016

jasonperry10jasonperry10 Member Posts: 60 ■■■□□□□□□□
Passed with 80% took me about 1 hour and 45 minutes. It was somewhat challenging, due to weirdly worded questions and typos.

Study materials
Matt Walkers AIO (including the practice questions) read front to back. Took a bunch of notes from this book to review later
Found some notes on quizlet to help with ports and other memorization type topics.
Skillset.com - did about 1300 questions. These practice questions varied in quality and weren't that great. Some questions were just plain wrong.
Bison test engine - great question bank. Included some questions on the v9 topics. It was 99 bucks but I had a coupon and saved me some money. I wasn't going to pay for the boson questions but I kind of freaked out and got scared of failing the exam and just went for it.

Definitely know your wireshark and nmap.
Know your ports.
Know your IT governance and different attack phases.
Know operational security
I used googled to find information on Heartbleed and Shellshock and different vulnerabilities.

I might do CCNA or Linux+ or RedHat

Anybody have the CNDA? I work as a gov contractor so I may get it if I can.

Comments

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Congrats on the pass.
  • LValueLValue Registered Users Posts: 2 ■□□□□□□□□□
    Can you please elaborate on IT governance and Operational Security. I believe that's not in ceh v8.
    I am preparing for ceh v8 but I may give ceh v9. So please help!
  • slim27jointslim27joint Member Posts: 32 ■■■□□□□□□□
    Passed with 80% took me about 1 hour and 45 minutes. It was somewhat challenging, due to weirdly worded questions and typos.

    Study materials
    Matt Walkers AIO (including the practice questions) read front to back. Took a bunch of notes from this book to review later
    Found some notes on quizlet to help with ports and other memorization type topics.
    Skillset.com - did about 1300 questions. These practice questions varied in quality and weren't that great. Some questions were just plain wrong.
    Bison test engine - great question bank. Included some questions on the v9 topics. It was 99 bucks but I had a coupon and saved me some money. I wasn't going to pay for the boson questions but I kind of freaked out and got scared of failing the exam and just went for it.

    Definitely know your wireshark and nmap.
    Know your ports.
    Know your IT governance and different attack phases.
    Know operational security
    I used googled to find information on Heartbleed and Shellshock and different vulnerabilities.

    I might do CCNA or Linux+ or RedHat

    Anybody have the CNDA? I work as a gov contractor so I may get it if I can.


    You fill out an application, along with a scanned copy of your cac, and pay a 200 fee. It's easier to do when you get access to your aspen account, but just google CNDA and it will provide you with the necessary steps to complete the process.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    @LValue, you are preparing for the NEW exam. There's no version anymore.
  • jasonperry10jasonperry10 Member Posts: 60 ■■■□□□□□□□
    LValue wrote: »
    Can you please elaborate on IT governance and Operational Security. I believe that's not in ceh v8.
    I am preparing for ceh v8 but I may give ceh v9. So please help!

    Without going into detail.
    As far as IT governance, I got a few questions regarding cobit, PCI-DSS and ISO 27001.
    As far as OPSEC, I got questions about the day to day operations of keeping a network up and running and secure. I recognized them from taking the CISSP last year.
  • jasonperry10jasonperry10 Member Posts: 60 ■■■□□□□□□□
    You fill out an application, along with a scanned copy of your cac, and pay a 200 fee. It's easier to do when you get access to your aspen account, but just google CNDA and it will provide you with the necessary steps to complete the process.

    Do you think it's worth getting it? I'll probably go ahead and get it just because its available. I'll have to shell out another $200 though
  • DAVIS NGUYENDAVIS NGUYEN Member Posts: 1,472 ■■■□□□□□□□
  • daviddwsdaviddws Member Posts: 303 ■■■□□□□□□□
    congrats on the pass!
    ________________________________________
    M.I.S.M:
    Master of Information Systems Management
    M.B.A: Master of Business Administration
  • ccnpninjaccnpninja Member Posts: 1,010 ■■■□□□□□□□
  • cisco_troopercisco_trooper Member Posts: 1,441 ■■■■□□□□□□
    Is skillset.com a legit resource?
  • gncsmithgncsmith Member Posts: 459 ■■■□□□□□□□
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    along with a scanned copy of your cac
    You should never be giving another company a scanned copy of your ID badge...especially government to a "hacking" company...have we learned nothing?
  • jasonperry10jasonperry10 Member Posts: 60 ■■■□□□□□□□
    Is skillset.com a legit resource?

    It has some good questions, but then it has some very bad questions. Sometimes answers are incorrect and some questions are just way out of left field.
  • jasonperry10jasonperry10 Member Posts: 60 ■■■□□□□□□□
    TechGuru80 wrote: »
    You should never be giving another company a scanned copy of your ID badge...especially government to a "hacking" company...have we learned nothing?

    I was thinking the same when I read the CNDA brochure. I was thinking "That's a huge OPSEC violation!" Especially coming from a organization specializing in security certifications. I wonder if it's a test, submit a scan of your CAC and then they revoke your CEH certificate lol.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    I was thinking the same when I read the CNDA brochure. I was thinking "That's a huge OPSEC violation!" Especially coming from a organization specializing in security certifications. I wonder if it's a test, submit a scan of your CAC and then they revoke your CEH certificate lol.
    Haha now that would be quite the ironic test...you should be able to send an email from your work email to verify.
  • jasonperry10jasonperry10 Member Posts: 60 ■■■□□□□□□□
    TechGuru80 wrote: »
    Haha now that would be quite the ironic test...you should be able to send an email from your work email to verify.

    I was thinking the same, my supervisor or myself should be able to verify by email or something. Strange that they would even ask for a scan of a military ID or CAC.
  • emilyanncremilyanncr Banned Posts: 17 ■□□□□□□□□□
    Congrats on the pass! I've heard a lot of horror stories about v9 being much harder than v8. I also heard there were questions about the risk assessment framework, harddrive failure rates and costs, a module on cloud security and threats, how to hack windows 7 and 8, different types of malware recently released...I can't remember what else. They say on their website they've added 100+ "labs" on there. What was up with them?
  • jasonperry10jasonperry10 Member Posts: 60 ■■■□□□□□□□
    emilyanncr wrote: »
    Congrats on the pass! I've heard a lot of horror stories about v9 being much harder than v8. I also heard there were questions about the risk assessment framework, harddrive failure rates and costs, a module on cloud security and threats, how to hack windows 7 and 8, different types of malware recently released...I can't remember what else. They say on their website they've added 100+ "labs" on there. What was up with them?
    About 85-90% of my questions were topics addressed in Matt Walkers Book. I didn't have any labs or scenario based questions. I took and passed the CISSP exam, so the risk assessment questions were review for me and so was anything dealing with calculating ARO, ALE, Etc. The real meat of the exam is still stuff covered in Matt Walkers book. You can then just google the rest of the topics like, the latest vulnerabilities, cloud security, risk assessment, etc. Just make sure you know the commands and outputs for the tools used.
  • LValueLValue Registered Users Posts: 2 ■□□□□□□□□□
    Hi!! Again... After knowing that the CEH exam will be asking about the Standards and Frameworks related to Information Technology and Security. I did a research about these frameworks and to my surprise, there are so many of them. Well, the thing is, do I need to know all of them. I will list some of them below:
    COBIT, ITIL, PCI-DSS, ISO 27000 Series, NIST SP 800 Series, TOGAF, COSO, PRINCE2, SARBANES OXLEY, PMBOK, BASE-III, HIPAA, FISMA, FERMA, GLBA, OWASP, etc.
    Now the thing is, do we need to have knowledge of all these... >.<
    Please Help!!!
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    Congrats on the pass.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

Sign In or Register to comment.