Passed CEH today 3/19/2016

jasonperry10

Passed with 80% took me about 1 hour and 45 minutes. It was somewhat challenging, due to weirdly worded questions and typos.

Study materials
Matt Walkers AIO (including the practice questions) read front to back. Took a bunch of notes from this book to review later
Found some notes on quizlet to help with ports and other memorization type topics.
Skillset.com - did about 1300 questions. These practice questions varied in quality and weren't that great. Some questions were just plain wrong.
Bison test engine - great question bank. Included some questions on the v9 topics. It was 99 bucks but I had a coupon and saved me some money. I wasn't going to pay for the boson questions but I kind of freaked out and got scared of failing the exam and just went for it.

Definitely know your wireshark and nmap.
Know your ports.
Know your IT governance and different attack phases.
Know operational security
I used googled to find information on Heartbleed and Shellshock and different vulnerabilities.

I might do CCNA or Linux+ or RedHat

Anybody have the CNDA? I work as a gov contractor so I may get it if I can.

cyberguypr

Congrats on the pass.

LValue

Can you please elaborate on IT governance and Operational Security. I believe that's not in ceh v8.
I am preparing for ceh v8 but I may give ceh v9. So please help!

slim27joint

jasonperry10 wrote: »

Passed with 80% took me about 1 hour and 45 minutes. It was somewhat challenging, due to weirdly worded questions and typos.

Study materials
Matt Walkers AIO (including the practice questions) read front to back. Took a bunch of notes from this book to review later
Found some notes on quizlet to help with ports and other memorization type topics.
Skillset.com - did about 1300 questions. These practice questions varied in quality and weren't that great. Some questions were just plain wrong.
Bison test engine - great question bank. Included some questions on the v9 topics. It was 99 bucks but I had a coupon and saved me some money. I wasn't going to pay for the boson questions but I kind of freaked out and got scared of failing the exam and just went for it.

Definitely know your wireshark and nmap.
Know your ports.
Know your IT governance and different attack phases.
Know operational security
I used googled to find information on Heartbleed and Shellshock and different vulnerabilities.

I might do CCNA or Linux+ or RedHat

Anybody have the CNDA? I work as a gov contractor so I may get it if I can.

You fill out an application, along with a scanned copy of your cac, and pay a 200 fee. It's easier to do when you get access to your aspen account, but just google CNDA and it will provide you with the necessary steps to complete the process.

cyberguypr

@LValue, you are preparing for the NEW exam. There's no version anymore.

jasonperry10

LValue wrote: »

Can you please elaborate on IT governance and Operational Security. I believe that's not in ceh v8.
I am preparing for ceh v8 but I may give ceh v9. So please help!

Without going into detail.
As far as IT governance, I got a few questions regarding cobit, PCI-DSS and ISO 27001.
As far as OPSEC, I got questions about the day to day operations of keeping a network up and running and secure. I recognized them from taking the CISSP last year.

jasonperry10

slim27joint wrote: »

You fill out an application, along with a scanned copy of your cac, and pay a 200 fee. It's easier to do when you get access to your aspen account, but just google CNDA and it will provide you with the necessary steps to complete the process.

Do you think it's worth getting it? I'll probably go ahead and get it just because its available. I'll have to shell out another $200 though

DAVIS NGUYEN

Congrats!

daviddws

congrats on the pass!

ccnpninja

Congrats!

cisco_trooper

Is skillset.com a legit resource?

NOC-Ninja

Congrats!

gncsmith

Congrats!

TechGuru80

slim27joint wrote: »

along with a scanned copy of your cac

You should never be giving another company a scanned copy of your ID badge...especially government to a "hacking" company...have we learned nothing?

jasonperry10

cisco_trooper wrote: »

Is skillset.com a legit resource?

It has some good questions, but then it has some very bad questions. Sometimes answers are incorrect and some questions are just way out of left field.

jasonperry10

TechGuru80 wrote: »

You should never be giving another company a scanned copy of your ID badge...especially government to a "hacking" company...have we learned nothing?

I was thinking the same when I read the CNDA brochure. I was thinking "That's a huge OPSEC violation!" Especially coming from a organization specializing in security certifications. I wonder if it's a test, submit a scan of your CAC and then they revoke your CEH certificate lol.

TechGuru80

jasonperry10 wrote: »

I was thinking the same when I read the CNDA brochure. I was thinking "That's a huge OPSEC violation!" Especially coming from a organization specializing in security certifications. I wonder if it's a test, submit a scan of your CAC and then they revoke your CEH certificate lol.

Haha now that would be quite the ironic test...you should be able to send an email from your work email to verify.

jasonperry10

TechGuru80 wrote: »

Haha now that would be quite the ironic test...you should be able to send an email from your work email to verify.

I was thinking the same, my supervisor or myself should be able to verify by email or something. Strange that they would even ask for a scan of a military ID or CAC.

emilyanncr

Congrats on the pass! I've heard a lot of horror stories about v9 being much harder than v8. I also heard there were questions about the risk assessment framework, harddrive failure rates and costs, a module on cloud security and threats, how to hack windows 7 and 8, different types of malware recently released...I can't remember what else. They say on their website they've added 100+ "labs" on there. What was up with them?

jasonperry10

emilyanncr wrote: »

Congrats on the pass! I've heard a lot of horror stories about v9 being much harder than v8. I also heard there were questions about the risk assessment framework, harddrive failure rates and costs, a module on cloud security and threats, how to hack windows 7 and 8, different types of malware recently released...I can't remember what else. They say on their website they've added 100+ "labs" on there. What was up with them?

About 85-90% of my questions were topics addressed in Matt Walkers Book. I didn't have any labs or scenario based questions. I took and passed the CISSP exam, so the risk assessment questions were review for me and so was anything dealing with calculating ARO, ALE, Etc. The real meat of the exam is still stuff covered in Matt Walkers book. You can then just google the rest of the topics like, the latest vulnerabilities, cloud security, risk assessment, etc. Just make sure you know the commands and outputs for the tools used.

LValue

Hi!! Again... After knowing that the CEH exam will be asking about the Standards and Frameworks related to Information Technology and Security. I did a research about these frameworks and to my surprise, there are so many of them. Well, the thing is, do I need to know all of them. I will list some of them below:
COBIT, ITIL, PCI-DSS, ISO 27000 Series, NIST SP 800 Series, TOGAF, COSO, PRINCE2, SARBANES OXLEY, PMBOK, BASE-III, HIPAA, FISMA, FERMA, GLBA, OWASP, etc.
Now the thing is, do we need to have knowledge of all these... >.<
Please Help!!!

impelse

Congrats on the pass.