Taking CEH 5/16/16 - Study Tips?
shiffler24
Member Posts: 18 ■□□□□□□□□□
in CEH
I was hoping you all could advise on practice tests to properly prepare for the CEH 312-50 exam. Just a little background, so far I have:
Read Matt Walker's CEH Certified Ethical Hack Second Edition
Completed the CEH v9 iLabs from EC-Council,
Matt Walker's practice tests
Boson practice test (v8 version)
I purchased the Boson practice test before CEH changed the exam. I was hoping they would upgrade me to their latest practice tests (CEH 2016), but they said I would have to pay $79 for the new practice tests. That being said, I was hoping to get some practice with the newer types of questions (risk management, ALE calculation, new vulnerabilities, etc.)
Based on what I have already studied, is the new Boson test is worth it or if there are any other practice tests that are recommended? I know CEH recommends Transcender's practice tests and didn't know much about those.
Read Matt Walker's CEH Certified Ethical Hack Second Edition
Completed the CEH v9 iLabs from EC-Council,
Matt Walker's practice tests
Boson practice test (v8 version)
I purchased the Boson practice test before CEH changed the exam. I was hoping they would upgrade me to their latest practice tests (CEH 2016), but they said I would have to pay $79 for the new practice tests. That being said, I was hoping to get some practice with the newer types of questions (risk management, ALE calculation, new vulnerabilities, etc.)
Based on what I have already studied, is the new Boson test is worth it or if there are any other practice tests that are recommended? I know CEH recommends Transcender's practice tests and didn't know much about those.
Comments
-
shiffler24 Member Posts: 18 ■□□□□□□□□□I guess to clarify, those that have used the newer Boson practice tests, did it have questions that covered the newer material of CEH? i.e. Risk management, ALE calculation, newer vulnerabilities (POODLE, Shellshock), cloud computing etc.
-
chrsnlde Member Posts: 10 ■□□□□□□□□□My buddy just passed CEH yesterday. I interviewed him because I'm taking the test on Saturday. I'm doing the self-study method, relying on several books and videos. For practice exams I am relying heavily on Skillset Pro, which is costing me $99 USD a month. My buddy used Official EC-Council material and that included Boson. He did say that he noticed a few questions from the practice exams on there. He stressed it wasn't many and that the real test was a lot more difficult. Since I'm taking the test in 3 days, I'm myself wondering if I should pay.
My readiness score on Skillset for CEH is 102%. I also paid $30 for an android app and after 155 questions, I scored 75%. Matt Walkers' exams have me at 70% but that was before I began using skillset. -
shiffler24 Member Posts: 18 ■□□□□□□□□□My buddy just passed CEH yesterday. I interviewed him because I'm taking the test on Saturday. I'm doing the self-study method, relying on several books and videos. For practice exams I am relying heavily on Skillset Pro, which is costing me $99 USD a month. My buddy used Official EC-Council material and that included Boson. He did say that he noticed a few questions from the practice exams on there. He stressed it wasn't many and that the real test was a lot more difficult. Since I'm taking the test in 3 days, I'm myself wondering if I should pay.
My readiness score on Skillset for CEH is 102%. I also paid $30 for an android app and after 155 questions, I scored 75%. Matt Walkers' exams have me at 70% but that was before I began using skillset.
Thanks for your input. That's what I was worried about, none of the practice tests being relevant to the actual test. I wish you the best of luck taking the test and hope you pass! Let us know how you did! -
chrsnlde Member Posts: 10 ■□□□□□□□□□For what it's worth, I did end up buying the Boson ExSim-Max for CEH 2016, using the 15% off coupon you get when you sign up for email spam. It cost me $84.15 USD. I just finished doing 125 questions and scored 50% which is horrible.
I was worried that Skillset Pro was to easy and it looks like I'm right. Even though I got a 102 readiness score, I do not feel ready and I don't believe their exam pass guarantee is for real. Boson claims they will refund the cost of the practice test which is $100 if I fail the exam. That sounds reasonable. Skillset promises they will pay for your retake which is $500-$600, but when I asked for details about this they dodged the question.
Background on my studying habits...
* Watched CBT Nuggets course on CEH v8; 15 hours of lecture.
* Read CEH All-In-One Exam Guide 2nd Edition by Walker and did the quiz' at the end of each chapter.
* Did practice exams using CEH Practice Exams 2nd Edition by Matt Walker
* Read CEH Study Guide by Sean-Philips Oriyano (Sybex)
* Watched ITV Tech Pro videos on CEH v8 while following along using Sean's CEH Study Guide; 20 hours of lecture
* Read NMAP Network Scanning by Gordon "Fyodor" Lyon
* Read Metasploit The Penetration Tester's Guide by HD Moore
* Wireshark 101
* Read Hacking Exposed 7
* Re-read Mat Walker's CEH AIO book
* Studied using Skillset.com (Pro version @ $100 USD a month)
and now add Boson's product to the list. -
shiffler24 Member Posts: 18 ■□□□□□□□□□For what it's worth, I did end up buying the Boson ExSim-Max for CEH 2016, using the 15% off coupon you get when you sign up for email spam. It cost me $84.15 USD. I just finished doing 125 questions and scored 50% which is horrible.
I did as well. Boson discounted it down to $79 since I had already purchased the previous version.
After reading your post and seeing that they will refund your money if you don't pass, it was a no-brainer. I took exam A and got a 73%. I will say that a lot of the questions were the same from the v8 practice tests I have from Boson (That is probably how I got a 73). There were newer questions though regarding newer vulnerabilities, risk, ALE calculation. -
zcamero Member Posts: 16 ■□□□□□□□□□I took the exam yesterday and passed with 92%. Pretty much what i figured except more policy/risk (CISSP type questions) than I expected. Questions were pretty straight forward.
Nmap, XSS, XSRF, SQL Injection, newer vulnerabilities, Encryption/PKI, Clickjack, Bluetooth attacks, basic routing, VPN stuff.
Did NOT see any cloud stuff. -
shiffler24 Member Posts: 18 ■□□□□□□□□□I took the exam yesterday and passed with 92%. Pretty much what i figured except more policy/risk (CISSP type questions) than I expected. Questions were pretty straight forward.
Nmap, XSS, XSRF, SQL Injection, newer vulnerabilities, Encryption/PKI, Clickjack, Bluetooth attacks, basic routing, VPN stuff.
Did NOT see any cloud stuff.
Congrats zcamero! May I ask what did you use to study? -
zcamero Member Posts: 16 ■□□□□□□□□□Thanks! No problem the main study list:
1. CEHv8 Sybex study guide
2. EC Council CEH and Countermeasures v9 course materials and labs.
3. nmap.org
4. lots of google searching for additional articles on specifics on tools, exploits, sample questions, etc.
5. This thread is pretty spot on for where to focus studies and what to expect: [h=2]Passed CEH 4/5/2016 by kirlab[/h] -
chrsnlde Member Posts: 10 ■□□□□□□□□□I took the exam yesterday and passed with 92%. Pretty much what i figured except more policy/risk (CISSP type questions) than I expected. Questions were pretty straight forward.
Nmap, XSS, XSRF, SQL Injection, newer vulnerabilities, Encryption/PKI, Clickjack, Bluetooth attacks, basic routing, VPN stuff.
Did NOT see any cloud stuff.
I just took the test today and passed. WHOO!!! I did not get a score, but I've been told that comes in a few days. I want to say that I had similar results, seeing everything you mentioned and a few Metasploit questions. I didn't see any cloud questions, but I did see Heartbleed, Shellshock, and Poodle several times. I also want to add, that having done the real test and comparing Boson to Skillset, I recommend Skillset. What I did like about Boson was the answers were better overall, by a large margin. BUT skillset forced me to learn more in-depth and gave me better questions. -
shiffler24 Member Posts: 18 ■□□□□□□□□□I just took the test today and passed. WHOO!!! I did not get a score, but I've been told that comes in a few days. I want to say that I had similar results, seeing everything you mentioned and a few Metasploit questions. I didn't see any cloud questions, but I did see Heartbleed, Shellshock, and Poodle several times. I also want to add, that having done the real test and comparing Boson to Skillset, I recommend Skillset. What I did like about Boson was the answers were better overall, by a large margin. BUT skillset forced me to learn more in-depth and gave me better questions.
Congrats chrsnlde! I appreciate your input on Boson versus Skillset. Glad you didn't have to test whether or not Skillset would have actually paid for your retake. I plan on sticking with Boson and the Matt Walker practice tests. I also plan on studying the categories posted by kirlab as well. -
shiffler24 Member Posts: 18 ■□□□□□□□□□Found this **** sheet online by SCADA Hacker. Did anyone use this to study for the exam? I've read through it and it seems to do a good job of highlighting the important parts of the CEH curriculum.
https://scadahacker.com/library/Documents/****_Sheets/Hacking%20-%20CEH%20Cheat%20Sheet%20Exercises.pdf -
Pwncakes Registered Users Posts: 3 ■■■□□□□□□□I'm taking the CEH in July. Here's my study plan, which includes kirlab's post:
1. Skillset (100%)
2. Boson (70%+ passing)
3. Matt Walker v8 Book Notes
4. Cybrary (weak areas)
5. CEH v9 Slides (weak areas)
6. Tool **** Sheets (Nmap, netcat, wireshark, tcpdump, snort, openVAS)
Summary of post from kirlab:
20Q: Risks/Vulnerabilities/Threat Assessment/Management, BIA, Recovery Plan, incident Response, ALE=ARO*SLE
15Q: Black/White/Grey hat/box SLA
10Q: Nmap (options and script like HTTP-METHODS), netcat
20Q: IDS, NIDS, IPS, Firewall (stateful, circuit, proxy, app and packet filter) and evading all this stuff
15Q: Legal Issues: NIST, HIPPA, Spy Act, ISO, PCI... (too much questions according to me)
5Q for each: Wireshark & tcpdump, Snort, PCAP analysis, XSS & CSRF, Vulnerabilities Scanner (Nessus, OpenVAS), Virus & Trojan (definitions), Shellshock, Heartbleed, Poodle, DROWN, Social Engineering (the basics tailgating, phishing)
2-3Q for each: Wifi tools and frequency and security, Syslog, crypto (symmetric/asymmetric), hashing
1Q for each: Mobile, google, footprinting, DNS, SMB, XOR, tape backup, Cloud Types (private, public, hybrid), Iaas, Paas and Saas -
chrsnlde Member Posts: 10 ■□□□□□□□□□I seen that PDF, read it over once or twice, then forgot about it. What was really useful to me was looking over the CEH Exam Blueprint that tells you how much questions to expect per topic. I also created a lot of flash cards for memorizing lists like TCP/UDP Ports, NMAP & Wireshark commands, etc. Taking lots of practice tests helped me more than anything else. Taking lots of detailed notes and highlighting didn't help me as much as I expected. Reading Wikipedia, SANS articles, going to NIST website, and watching Youtube videos helped when I scoring low for a given topic. YMMV.
-
shiffler24 Member Posts: 18 ■□□□□□□□□□Thanks guys. I've added the Transcender CEH practice test to my study material and also have been watching Cybrary Ethical Hacking videos in the areas I am weak in.