Hello potential CEH exam takers! Since I used this forum for study suggestions and advice, I thought I'd post the same.
The exam took me approximately 1 hour and 45 minutes to complete from walking in to walking out. I completely read every question and every answer. I flagged maybe 5 to review and answer at the end of the exam. When I ended the exam I received a notification screen that said "Passed" and also got a printed paper on my way out but no score was provided. Maybe it will be included with the welcome package that I am supposed to receive in 3-4 weeks. ?
Overall, I thought the exam was very straight forward. I sensed no trickery whatsoever so if you've honestly studied -- rest assured! That being said, I've been preparing for this exam off and on again for the last couple years. I aborted my studies more than once, thinking maybe a different certification would be better. Finally I realized that if I kept changing my mind I'd never receive ANY cert. So I came full circle back to CEH and here I am. I used the following sources to study:
1.
Skillset -- I had a Pro account and took something over 5000 questions over a period of a month. I was planning on using this mostly as an insurance policy as they guarantee a pass and claim they will pay not only for an exam re-take, but also for the cost you paid for the Pro account. Unfortunately, I had an issue when scheduling my exam such that my test date was later than the my Skillset Pro account expiration date. I didn't feel like paying any more money -- so I just let it expire. Quality wise, most questions/answers are decent with some being horrible. However, users have the ability to correct questions/answers -- which is a double edged sword in some cases. I think Skillset does a pretty good job preparing you for the exam but you have to be willing to participate and put effort into the labs, read explanations when provided, and when explanations aren't provided -- WRITE ONE! You only get what you put into it! If you decide to get a Pro account be sure to ask for a discount coupon, which will give you 5%-10% off. Be nice when you ask (use those social engineering skills to get what you want!)
2.
Boson -- I bought v8 of this about a year ago. Initially, I had pretty mediocre test scores with Boson and this was disconcerting. However, the answers provided with Boson are really excellent and I learned a lot reading through them. I rotated to some other study resources for a while, and when I came back to Boson, I found my practice test scores had improved remarkably. I suggest taking small 25 question practice tests that include questions from all areas. Also, to ensure you spend adequate time with all of the questions, enable the feature where when a question is correctly answered 3 times, that question is removed from future practice exams.
3.
[REMOVED]
4.
CEH All-In-One Exam Guide / Practice Exams (Matt Walker) -- I think study resources should always include a text book. When I sat for the CISSP exam I used Shon Harris's All-In-One book and thought she did an amazing job. Since I've found success before with the AIO books I went back by default. I did take a look at Oriyano's book and I personally prefer Matt's more casual style over Oriyano's. But both books are roughly equivalent so it doesn't much matter which one you select.
5.
EC-Council CEH v9 Slides -- I don't really recommend them. A buddy who passed the CEH let me look at his slides. I reviewed a portion of them. Lots of pages of pretty pictures here. Because of this, some are actually kind of hard to read, or seem pointless. Also, for some reason the slides feel obligated to LIST every tool in existence. Seriously! What good is a random list of tools. I know how to Google for tools. I want to master concepts around and actually using the TOP most widely used hacking tools. Bottom line: The slides aren't horrible, I just think there are better ways to spend your time that will give you more bang for your buck.
6.
Tool **** Sheets (Nmap, netcat, wireshark, tcpdump, Snort, etc.) -- Take a look. Be familiar but no need to memorize. Once you get a feel for a tool, you can kind of start to anticipate what commands and switches do. You can also use these as a quick reference when you are at the command line.
7.
Cybrary -- Leo Dregier is awesome and so are his vids and whiteboards.
He does a superb job at just laying down the essentials with some great first hand advice. You can probably comfortably watch all of his CEH videos in about 3-5 evenings (or mornings if you are a morning person). Thanks Leo!
8.
Test Lab -- Yes, a test lab. Nothing fancy. Just somewhere to fire up the tools and practice aiming them at targets. I recommend installing
VirtualBox because it's free. Then I'd install either
Kali Linux, or
Backbox Linux as your Pentesting distro (I prefer Backbox). Finally, put a target out there...like Windows XP! On your target, you might also install OWASP WebGoat. Now, open fire!...and just have fun exploring and learning. You can setup a fancier lab later but for CEH it's not really necessary.
You do NOT need to use all of the above resources. What and how you should study depends on your background, experience, and motivation. I spread my studying out over such a long period that I just happened to be able to use them all. One last bit of advice -- and this might be the most important bit of all -- CREATE A **** SHEET. This is basically a compilation of all of your studies in a small, portable, easy to read format that is custom tailored by you according to your needs. The goal is to make it as compact as possible, otherwise you aren't creating a **** sheet you're writing a book! My **** sheet was 25 pages, which I printed onto 7 pages (2 pages per side, front and back). This was great for short review sessions, studing at work, on the go, etc. When you take information and organize it in your own way you will learn and retain so much more!
If you have any questions, feel free to hit me up! I appreciate all of the tips I received from TechExams and I hope you find this advice equally useful. Have fun!
