Yippe!! Climbed CERTIFIED Ladder- CEH V9
Hello Guys,
On Friday 19th Aug i.e. Yesterday, climbed another 'CERTIFIED ladder' towards my goal. Presently I am into ISMS audit & had prior experience of SOC but still wanted to call myself officially Certified H@ck3r thus took EC-Council's CEH V9.
Well, first and foremost I read this many times- 'Plan and Prepare' but couldn't implement; I enrolled for CEH V9 in May '16 but always delayed things till mid week of July when I decided it's 'enough' & finalized date; actually since July I put the best efforts & realized importance of 'Plan and Prepare'.
Study Plan-
Due to constant meetings and 9+ hrs shift I could hardly devote any time to studies so I made most use of commute hours and weekends for preparation.
Study Material-
I referred official study material thoroughly; it is not vast & brief but gives good overview & understanding of all the concepts. The most phenomenal thing ever I discovered was SkillSet.com; while reviewing CISA preparation materials I came across this website & instantly got attached to it. SkillSet Basic has all the reasons to make your good companion- 'are you referring d***s to get an idea of CEH pattern', 'are you looking for AIO coverage of security concepts under one roof', 'are you willing to assess your preparation'....endless!!
Also, SkillSet challenges you by throwing surprise Peer assessment questions after clearing certain levels. The primary reason for not going with Pro and other exam tests suggested by fellow CEH pass outs was off course hefty $ conversion rate & my fate on open source learning.
The 'D' day-
Before scheduling I looked many times at calendar scratching my head- 'is it gonna be LUCKY DAY' but then realized if InfoSec is my passion so why to bother with these thoughts, lets go for it. Honestly, Yesterday I was tad nervous but as soon as I started; the exam itself eased out my pain. CEH was focused 85% on conceptualize and tool based knowledge, 10% scenarios and rest 5% log assessment.
Examples(I am not sharing exact questions, although I remember most )-
1) Conceptualize- 'In a network scan FIN, URG, PUSH flags have been set to which host doesn't respond, what PORT status it indicates.
2) Scenario- 'A CEO wants to have 24 hrs monitoring of physical security and track employees(Choices- 1) CCTV Monitoring, 2)IDS ).
3) Logs- SNORT, forensic, website logs + 3 more logs were given for analysis.
Not a single question on Mobile computing and Cloud. At the end I utilized remaining 2 hours reviewing answers and cracking jokes on myself....yup!! I love & enjoy self chit-chats.
How I made it-
1) My stint at SOC definitely helped out in better understanding of minute TCP/IP, network & web attacks, forensic concepts. An experience or prior certificate is not needed; make sure baseline is firm.
2) SkillSet Basic; attempted more than 90% of all the CEH skills.
3) Official Study Materials for reference...not much of help from exam point of view.
An advise-
Those who want to make it through, please do not keep a sole reliability on SkillSet(agreed I praised it a lot) but had an experience in InfoSec to accompany so tailored made study as per my needs. Don't treat this exam as a one of those MCQs based; have seen some Guys failing due to lack of understanding because a question might not come as what one mug up when practicing on such websites; it could come in twisted way. Don't stop...keep challenging, as I said CEH is just one step in fact an inch towards achieving Cyber Security Expertise; there are tougher exams like SANs, OSCP etc. but what defeats all are- Thirst and eagerness to learn & Common Sense; some might not even need Certs.
Thinking, I wrote down here the whole essay but would be glad if it helps some of you Guys, thanks for reading & All the Best !!
On Friday 19th Aug i.e. Yesterday, climbed another 'CERTIFIED ladder' towards my goal. Presently I am into ISMS audit & had prior experience of SOC but still wanted to call myself officially Certified H@ck3r thus took EC-Council's CEH V9.
Well, first and foremost I read this many times- 'Plan and Prepare' but couldn't implement; I enrolled for CEH V9 in May '16 but always delayed things till mid week of July when I decided it's 'enough' & finalized date; actually since July I put the best efforts & realized importance of 'Plan and Prepare'.
Study Plan-
Due to constant meetings and 9+ hrs shift I could hardly devote any time to studies so I made most use of commute hours and weekends for preparation.
Study Material-
I referred official study material thoroughly; it is not vast & brief but gives good overview & understanding of all the concepts. The most phenomenal thing ever I discovered was SkillSet.com; while reviewing CISA preparation materials I came across this website & instantly got attached to it. SkillSet Basic has all the reasons to make your good companion- 'are you referring d***s to get an idea of CEH pattern', 'are you looking for AIO coverage of security concepts under one roof', 'are you willing to assess your preparation'....endless!!
Also, SkillSet challenges you by throwing surprise Peer assessment questions after clearing certain levels. The primary reason for not going with Pro and other exam tests suggested by fellow CEH pass outs was off course hefty $ conversion rate & my fate on open source learning.
The 'D' day-
Before scheduling I looked many times at calendar scratching my head- 'is it gonna be LUCKY DAY' but then realized if InfoSec is my passion so why to bother with these thoughts, lets go for it. Honestly, Yesterday I was tad nervous but as soon as I started; the exam itself eased out my pain. CEH was focused 85% on conceptualize and tool based knowledge, 10% scenarios and rest 5% log assessment.
Examples(I am not sharing exact questions, although I remember most )-
1) Conceptualize- 'In a network scan FIN, URG, PUSH flags have been set to which host doesn't respond, what PORT status it indicates.
2) Scenario- 'A CEO wants to have 24 hrs monitoring of physical security and track employees(Choices- 1) CCTV Monitoring, 2)IDS ).
3) Logs- SNORT, forensic, website logs + 3 more logs were given for analysis.
Not a single question on Mobile computing and Cloud. At the end I utilized remaining 2 hours reviewing answers and cracking jokes on myself....yup!! I love & enjoy self chit-chats.
How I made it-
1) My stint at SOC definitely helped out in better understanding of minute TCP/IP, network & web attacks, forensic concepts. An experience or prior certificate is not needed; make sure baseline is firm.
2) SkillSet Basic; attempted more than 90% of all the CEH skills.
3) Official Study Materials for reference...not much of help from exam point of view.
An advise-
Those who want to make it through, please do not keep a sole reliability on SkillSet(agreed I praised it a lot) but had an experience in InfoSec to accompany so tailored made study as per my needs. Don't treat this exam as a one of those MCQs based; have seen some Guys failing due to lack of understanding because a question might not come as what one mug up when practicing on such websites; it could come in twisted way. Don't stop...keep challenging, as I said CEH is just one step in fact an inch towards achieving Cyber Security Expertise; there are tougher exams like SANs, OSCP etc. but what defeats all are- Thirst and eagerness to learn & Common Sense; some might not even need Certs.
Thinking, I wrote down here the whole essay but would be glad if it helps some of you Guys, thanks for reading & All the Best !!