Passed CEH 4/5/2016
Hi,
I read a lot of bad things about the questions of this exam here. I was not very confident even after 2 weeks of deep work.
I want to contribute with my feelings.
Background: CCNA / VCP-DV / Security+
I self study security since almost 1 years and half. My knowledge is between CEH and OSCP.(I Guess)
In February I would start to pass some certification, not to learn but to have a proof of my knowledge.
I pass the Security+ in two week and in fact I learn a lot of stuff (especially in risk management, threats, etc...)
So after I deeply learn to be ready for the CEH.
I used the following to study: (**** Highly recommended to * not so much useful)
- Matt Walker Book CEHv8 ****
- Exam Prep V8 ***
- Cybrary ***
- CEHv9 courses and lab ***
- Skillset ** (until lvl 4 on each topic)
- CEH Assessment questions * (too hard compared to the real exam)
The Exam:
20Q: Risks/Vulnerabilities/Threat Assessment/Management, BIA, Recovery Plan, incident Response, ALE...
(thanks to the Security+ otherwise I have not been prepared for this type of questions)
15Q: Black/White/Grey hat/box SLA
10Q: Nmap / netcat / script Nmap
20Q: IDS, NIDS, IPS, Firewall (stateful, circuit, proxy, app and packet filter) and evading all this stuff
15Q: Legal Issues: NIST, HIPPA, Spy Act, ISO, PCI... (too much questions according to me)
5Q for each : Wireshark & tcpdump , XSS & CSRF, Vulnerabilities Scanner (Nessus, OpenVAS), Virus & Trojan (definitions), Shellshock & Heathbleed, Social Engineering (the basics tailgating, phishing)
2/3Q for each : Wifi tools and frequency and security, , Syslog, crypto (hash ans pwd)
1Q for each: Mobile, google, footprinting, DNS, SMB, XOR, tape
Nothing about Cloud, port, buffer overflow, web, SNMP
Only 1 answers to answer for each questions no "choose all apply"
I was scared about the tricky questions like I have already read in this forum. The type of questions where two answers on 4 are practically identical and good. I will say I saw about 20 on 125 questions like that. This remain a little bit sad.
To conclude it's not an easy test but it not so hard with a minimum of work.
Cheers
I read a lot of bad things about the questions of this exam here. I was not very confident even after 2 weeks of deep work.
I want to contribute with my feelings.
Background: CCNA / VCP-DV / Security+
I self study security since almost 1 years and half. My knowledge is between CEH and OSCP.(I Guess)
In February I would start to pass some certification, not to learn but to have a proof of my knowledge.
I pass the Security+ in two week and in fact I learn a lot of stuff (especially in risk management, threats, etc...)
So after I deeply learn to be ready for the CEH.
I used the following to study: (**** Highly recommended to * not so much useful)
- Matt Walker Book CEHv8 ****
- Exam Prep V8 ***
- Cybrary ***
- CEHv9 courses and lab ***
- Skillset ** (until lvl 4 on each topic)
- CEH Assessment questions * (too hard compared to the real exam)
The Exam:
20Q: Risks/Vulnerabilities/Threat Assessment/Management, BIA, Recovery Plan, incident Response, ALE...
(thanks to the Security+ otherwise I have not been prepared for this type of questions)
15Q: Black/White/Grey hat/box SLA
10Q: Nmap / netcat / script Nmap
20Q: IDS, NIDS, IPS, Firewall (stateful, circuit, proxy, app and packet filter) and evading all this stuff
15Q: Legal Issues: NIST, HIPPA, Spy Act, ISO, PCI... (too much questions according to me)
5Q for each : Wireshark & tcpdump , XSS & CSRF, Vulnerabilities Scanner (Nessus, OpenVAS), Virus & Trojan (definitions), Shellshock & Heathbleed, Social Engineering (the basics tailgating, phishing)
2/3Q for each : Wifi tools and frequency and security, , Syslog, crypto (hash ans pwd)
1Q for each: Mobile, google, footprinting, DNS, SMB, XOR, tape
Nothing about Cloud, port, buffer overflow, web, SNMP
Only 1 answers to answer for each questions no "choose all apply"
I was scared about the tricky questions like I have already read in this forum. The type of questions where two answers on 4 are practically identical and good. I will say I saw about 20 on 125 questions like that. This remain a little bit sad.
To conclude it's not an easy test but it not so hard with a minimum of work.
Cheers
Comments
-
scottlin
Banned Posts: 10 ■□□□□□□□□□
Congrats!! Thank you for your comments. The whole test was multiple choice? No lab type questions? Did you purchase the CEHv9 materials from EC-Council? Do you think someone could pass the test using just v8 study material?
Thank you -
kirlab
Registered Users Posts: 3 ■□□□□□□□□□
Hi scottlin,
The whole test was multiple choice (just select one answer on 4).
No lab questions, if you considered to examine 4 line of log and find an answer is a lab question so there are about 10 like that.
No need to buy the v9 material. I read the both and there almost no change. The v8 is good enough.
Just Google for the V9:
Shellshock, poodlebleed, Hearthbleed
The different type of cloud (private, public, hybrid) and Iaas, Paas and Saas.
