CEH exam cost doubt

OfftopicOfftopic Member Posts: 37 ■■□□□□□□□□
Am I correct in understanding that in order to write ceh exam i need to
1. Spend $850 USD plus pay fee for course to an approved institute? So total will be more than 2k
2. Prove that i have more than 2 years experience by paying $100 to EC council and then pay another $500/$600 for wxam to EC / pearson vue
Can someone please clarify?

Comments

  • LaSeenoLaSeeno Member Posts: 64 ■■□□□□□□□□
    You are correct, unfortunately. I already paid my $100, not too happy to drop another $650 for the exam in a few weeks.
  • Moldygr33nb3anMoldygr33nb3an Member Posts: 241
    Offtopic wrote: »
    Am I correct in understanding that in order to write ceh exam i need to
    1. Spend $850 USD plus pay fee for course to an approved institute? So total will be more than 2k
    2. Prove that i have more than 2 years experience by paying $100 to EC council and then pay another $500/$600 for wxam to EC / pearson vue
    Can someone please clarify?

    Yes, the CEH is really expensive.
    Current: OSCP

    Next: CCNP (R&S and Sec)

    Follow my OSCP Thread!
  • Mike7Mike7 Member Posts: 1,074 ■■■■□□□□□□
  • DatabaseHeadDatabaseHead CSM, ITIL x3, Teradata Assc, MS SQL Server, Project +, Server +, A+, N+, MS Project, CAPM, RMP Member Posts: 2,539 ■■■■■■■■■□
    A lot of security jobs either require or prefer the candidate possess that certification. Second only to the CISSP.

    IMO I would forget Security + and those others and just get the CEH until you had the experience for the CISSP. Just saying...
  • ethical-hacker-73ethical-hacker-73 Member Posts: 6 ■□□□□□□□□□
    I passed the CEH v9 today.

    My suggestions.

    Understand the following:

    firewalking
    nmap -A and -O commands
    when to use hping
    when a Microsoft O/S will not respond to ICMP
    LM vs NTLM
    password salting
    Rainbow attacks
    RC4, AES, PKI
    process to encrypt message
    use of hashes for integrity
    written auth for pen testing
    understanding impact of Heartbleed and ShellShock (Bashshells and O/S impacted)
    few questions on IPSec (know what layer of OSI)
    some interesting router protocol questions on OSPF
    of course a subnet mask question
    a IP4 vs IP6 question
    know when to use HIPAA
    some WireShark filter commands (4 or 5 of those)
    know TCP three-way hand shake
    a few IPS vs IDS and stateful firewall questions
    MAC flooding and CAM buffer overflow
    know asymmetric vs symmetric advantages
  • OfftopicOfftopic Member Posts: 37 ■■□□□□□□□□
    I am not sure why CEH is considered one of three Elites. When i searched for jobs requiring cissp, there were 222 job postings. Cisa resulted in 172 jobs.ceh? Only 26.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■□□□□□
    If you have two years experience, you can pay the $100 fee plus the exam fee and be good to go...you don't have to buy the official courseware if you want to use books like Matt Walker's AIO. If you don't have the two years experience it will be drastically more expensive.
  • ethical-hacker-73ethical-hacker-73 Member Posts: 6 ■□□□□□□□□□
    About the test:

    There will be three or four questions that you have to allow for cultural differences, as if the test was translated from Spanish to English.

    Like: If the car is speeding then the police will be told as soon as the driver understands.

    Also, be prepared for smashed up NMAP results in a horizontal line, like:

    Host is up. Not shown 979 ports. 21/tcp open, 22/tcp open, etc.

    I think Youtube videos are better than the books.
  • yoba222yoba222 Senior Member Member Posts: 1,127 ■■■■■■■■□□
    Offtopic wrote: »
    I am not sure why CEH is considered one of three Elites. When i searched for jobs requiring cissp, there were 222 job postings. Cisa resulted in 172 jobs.ceh? Only 26.

    CEH is certainly not. It was a joke. There was a job posting where some clueless HR monkey considered the CEH on equal footing with certs requiring much more time and effort to achieve. It was sarcasm.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • TechGromitTechGromit A+, N+, GSEC, GCIH, GREM, Ontario, NY Member Posts: 1,990 ■■■■■■■■□□
    I passed the CEH v9 today.

    My suggestions.

    Understand the following:

    Except for the questions about HIPPA and OSCP all of the materiel looks like stuff I learned taking the GSEC. I always thought the CEH was a pentest related certification, it looks more like a basic foundational cyber security cert, like Security+ / GSEC to me.
    Still searching for the corner in a round room.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,882 Mod
    First rule of Infosec: the terms 'CEH' and 'elite' should never be within 500 yards of each other.
  • impelseimpelse Member Posts: 1,233 ■■■■□□□□□□
    This would be eternal discussion, really the CEH is general knowledge for penetration testing and allow you pass the HR or recruiter filter. For real pentest is worthless.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

  • coffeeisgoodcoffeeisgood CISSP, CISA, CISM CISSP, CISA, CISMMember Posts: 136 ■■■□□□□□□□
    Offtopic wrote: »
    I am not sure why CEH is considered one of three Elites. When i searched for jobs requiring cissp, there were 222 job postings. Cisa resulted in 172 jobs.ceh? Only 26.

    As I spend more & more time studying for the CEH, I am learning some good tools, tricks & information to reinforce what I already know. I actually really enjoy some of the material. As for it's actual professional value? There is some but overall I feel its a potential future HR check / filter. Some of my clients might be slightly impressed but if that was my only cert? I sure hope not. If my employer was not paying the cost of CEH exam w/ a little bump for me if I pass at the end, not sure I would spend my own coin.

    I paid my own way for my CISSP & CISA... it was those certs that landed my interview for my job (cracked the HR barrier). I knew a little in the industry I was trying to crack into & had some experience, so it was that & my glorious personality landed my job today.

    curious, where did you see CEH was one of the 3 elites? (CISSP, CISA &... ?)
    as for value for jobs, I would lean on these a bit more... CISM, OSCP, PMP
    (yes I know PMP isn't a "tech" cert but combined with other tech certs, it fits the conversation here)

    OSCP might not have more # of job "postings" but I bet there are more actual jobs that would snatch you up faster vs just the CEH
    that said, I'm curious of the number of OSCP's that also have their CEH. I bet it's pretty high.
    The CEH seems like its like dipping your toes in the pool water to see if its too cold or hot. OSCP is jumping in the pool.
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    curious, where did you see CEH was one of the 3 elites? (CISSP, CISA &... ?)

    OSCP might not have more # of job "postings" but I bet there are more actual jobs that would snatch you up faster vs just the CEH
    that said, I'm curious of the number of OSCP's that also have their CEH. I bet it's pretty high.
    The CEH seems like its like dipping your toes in the pool water to see if its too cold or hot. OSCP is jumping in the pool.

    If you search top certs CEH is always in there.
    Not saying it should be but it is.

    As far as job posting go I saw this recently:
    [h=3]Job Board Search Results[/h]

    [TH]Certification
    [/TH]
    [TH]SimplyHired
    [/TH]
    [TH="colspan: 2"]Indeed
    [/TH]
    [TH]LinkedIn Jobs
    [/TH]
    [TH="colspan: 2"]TechCareers
    [/TH]
    [TH]Total
    [/TH]


    [TH]CEH
    [/TH]
    1,977

    2,184

    1,427

    257

    5,845



    [TH]CISM
    [/TH]
    3,286

    3,585

    2,337

    10,629

    19,837



    [TH]CISSP
    [/TH]
    10,526

    11,617

    7,632

    15,212

    44,987



    [TH]GSEC
    [/TH]
    1,317

    1,477

    954

    128

    3,876



    [TH]Security+
    [/TH]
    3,038

    3,396

    1,275

    1,431

    9,140






    I think OSCP fills a niche and its never really going to be a top cert. (Pen test niche)
    Top for that niche sure but for general IT Security probably not.
  • bigdogzbigdogz Member Posts: 847 ■■■■■■■□□□
    The CEH is a good foundation for InfoSec. There are others which cost more but give you a better ROI.

    Good Luck
  • beadsbeads Senior Member Member Posts: 1,502 ■■■■■■■■■□
    Two things made the CEH what it is today. First it was the first cert in the "pen testing" (a generous description of the coursework and exam itself); two, it was almost immediately adopted by the DoD as a second tier requirement. Through in the fact even a government employee can pass it and you've got the current situation.

    Only to make it worse is the acceptance of WGU endorsing it as well. Really its all but frowned upon by many security people.

    - b/eads
  • Dr. FluxxDr. Fluxx Member Posts: 98 ■■□□□□□□□□
    I posted on this briefly elsewhere on here, but i had ultimately decided against the CEH. The name itself being cringeworthy aside, I actually completed the Ver 8 study guide/questions and, in comparison to the OSCP, youll drown quickly if you tried to perform a pentest based on the CEH.


    Practical skills are completely non-existent with this cert.
    Its an HR cert pretty much. But the real question is, why dont i have it.


    Well, Im paying out of pocket, so cost.

    This cert, for what ive studied, and researched, others confirming my thoughts, is not worth what you pay at all.
    So i decided to get the OSCP for, which im preparing for as that will be money well spent and ill have an extremely solid foundation thats not based on general, loose theory.
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    Dr. Fluxx wrote: »
    I posted on this briefly elsewhere on here, but i had ultimately decided against the CEH. The name itself being cringeworthy aside, I actually completed the Ver 8 study guide/questions and, in comparison to the OSCP, youll drown quickly if you tried to perform a pentest based on the CEH.


    Practical skills are completely non-existent with this cert.
    Its an HR cert pretty much. But the real question is, why dont i have it.


    Well, Im paying out of pocket, so cost.

    This cert, for what ive studied, and researched, others confirming my thoughts, is not worth what you pay at all.
    So i decided to get the OSCP for, which im preparing for as that will be money well spent and ill have an extremely solid foundation thats not based on general, loose theory.

    Based on your post: I have now decided against taking this exam. Thanks.
  • OctalDumpOctalDump Member Posts: 1,722
    I don't know what it costs. I had the exam paid for as part of a Master's course I did (it was a "bonus" if you passed the subject, you got a voucher for this exam). So it was good value for me :)

    I do still see it listed in the same breath as CISSP and GIAC certs. But it definitely is entry level penetration testing, with some use for incident handling. Sort of what Net+ is to Cisco CCNA/CCNP/CCIE. If you really want to get into pen testing, then as part of your track I'd suggest elearnsecurity's Junior Pen Test cert, and eventually OSCP. Even then, that's just to orient yourself, in much the same way as a CCNA R+S isn't really going to put you in the position of designing complex, multi-campus networks, or the MCSA for engineering an Enterprise Windows environment. It's necessary knowledge, but not sufficient.

    The other certs in pentesting that have some visibility are OSCP and GIAC's GPEN and GCIH. Those are also not cheap, and OSCP has a higher barrier to entry. CREST also has some recognition is some markets (UK and Australia, perhaps others). And most people hiring pen testers put a low priority on certification, relative to say networking. They are much more interested in other proof of competence such as capture the flag, genuine interest in the area, and ability. You are more likely to have an interview that asks about your home lab, what tools you like, what you've done, how you might approach a problem, than about how well you did on the OSCP.

    So, with CEH you get the name, and you get some basics in the field of pentesting. What that is worth to you only you can answer.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • McxRisleyMcxRisley OSCP, CASP, CySA+, CPT+, Sec+, CEH, Splunk Admin Member Posts: 494 ■■■■■□□□□□
    In addition to what OctalDump said about the interviews, You can expect to have questions over several different scenarios and what your methodology for that scenario would be as well as syntax for several different tools. This is one apect where the OSCP shines, If you have done most of the labs and passed the exam you should have your methodology for different scenarios down pact at this point. You will leave the course with an entirely different mindset and thought process when it is all said and done(at least I did).
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • bjpeterbjpeter Member Posts: 195 ■■■□□□□□□□
    CEH costs just as much as a wedding dress if you decide to buy the iLearn package! Haha!
    2020 Goals: SSCP, CISSP-ISSEP, MySQL 5.6 Developer, PenTest+, CySA+
    2019 Goals: eCPPT
    Achieved: CCSP, OCP Java SE 11 Developer, CISSP, Linux+/LPIC-1, CCSKv4, OCE Java EE 6 JPA Developer, CSSLP, Server+, Cloud+, Arcitura Certified Cloud Professional, CASP, Mobility+, Storage+, Android Certified Application Developer, OCP Java SE 8 Programmer, Security+, OCM Java SE 6 Developer, B.S. and M.S. in Computer Science
  • OctalDumpOctalDump Member Posts: 1,722
    bjpeter wrote: »
    CEH costs just as much as a wedding dress if you decide to buy the iLearn package! Haha!

    "Darling, we can get married, or I can get certified. It's a tough choice, I know, but..."
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • SteveLavoieSteveLavoie Member Posts: 783 ■■■■■■■□□□
    I think this exam is too expensive... I would have done it but seriously it is more expensive then CISSP. As I am Canadian, I had to factor a 30% more due to exchange rate.. it's almost 1000$ CAN!.

    So my infosec cert track is: SSCP --> CISSP --> OSCP

    I know I can get CEH with a few week of reading, but not at this price. If I got a beta exam promo or a promo in the 300$USD, I would do it
  • Dr. FluxxDr. Fluxx Member Posts: 98 ■■□□□□□□□□
    NP.

    I just felt I get more bang for my buck.

    The CEH around the same price of the CISSP if im not mistaken and thats just insane.
  • bjpeterbjpeter Member Posts: 195 ■■■□□□□□□□
    OctalDump wrote: »
    "Darling, we can get married, or I can get certified. It's a tough choice, I know, but..."

    "...I know what I want, and I want to get certified."
    2020 Goals: SSCP, CISSP-ISSEP, MySQL 5.6 Developer, PenTest+, CySA+
    2019 Goals: eCPPT
    Achieved: CCSP, OCP Java SE 11 Developer, CISSP, Linux+/LPIC-1, CCSKv4, OCE Java EE 6 JPA Developer, CSSLP, Server+, Cloud+, Arcitura Certified Cloud Professional, CASP, Mobility+, Storage+, Android Certified Application Developer, OCP Java SE 8 Programmer, Security+, OCM Java SE 6 Developer, B.S. and M.S. in Computer Science
  • bamahonkybamahonky Member Posts: 52 ■■□□□□□□□□
    I was lucky to have my employer to pay for the application fee and the exam fee. For me, it was a fun exam to study. If you can get your employer to pay for it, go for it.
  • redworldredworld Member Posts: 35 ■■□□□□□□□□
    bamahonky wrote: »
    I was lucky to have my employer to pay for the application fee and the exam fee. For me, it was a fun exam to study. If you can get your employer to pay for it, go for it.
    Basically. It's a relatively easy test and ultimately doesn't prove much other than book knowledge of attacks, tools, and some basic networking.

    I wouldn't have paid $800 out of pocket for mine but if you can get your employer to foot the bill, it's a no-brainer for the HR filter.

    e: Or if you want to work network defense in compliance with 8570, then totally worth it.
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    What redworld said^

    I thought the course was fun. I had mine paid for by the company.

    I didn't think the test was that easy.
    I thought it covered a wide area of subject matter and the questions where not well written.
  • Dr. FluxxDr. Fluxx Member Posts: 98 ■■□□□□□□□□
    Ive heard alot of people say the exam was not well written. I just dont understand of all the exams that prove ones skill, the DoD chose a sketchy one like the CEH as a requirement.
Sign In or Register to comment.