So you want to take the CEH ... (read on)

2

Comments

  • powerfoolpowerfool Senior Member Member Posts: 1,649 ■■■■■■■■□□
    kryptos80

    Hi Kryptos80,

    When I mentioned the CCNA being stupid, what I was referring to was the fact that the test is not hard - it covers the usual: routers, CISCO's IOS, subnetting and such...

    It is just that it is made artificially difficult because they do not give you enough time to give much thought to the problem.

    For example you are shown 3 routers and given a description of a connection problem. Normally you would look at all router configs involved before answering. In the exam you are not given enough time to do that.

    I took the exam and passed it, but compared to Microsoft, Security+ and a bunch of others, you can fail this one not because you don't know the answer, but just because you are careful, just as you should be when messing with a live network.

    That was my 1st and last cert w/ CISCO because, in my opinion, they looked like money grabbers rather than trying to raise the standards of practice.

    Sorry if I misled you.

    Each level of Cisco certification is very different. I wouldn't throw it out because your experience with one (or maybe two) exams. In reality, I think there is adequate time. My issues with the CCNA are that they are very slow to remove old content from the criteria... it took them ages to remove IPX/SPX, and they still cover frame relay, to the best of my knowledge... time to move on to some basic MPLS if they want to cover a service backbone type network.
    AZ-204 [ ] AZ-400 [X] AZ-500
    2020 Goals: Azure Developer Associate, Azure DevOps Expert, Azure Security Associate
  • powerfoolpowerfool Senior Member Member Posts: 1,649 ■■■■■■■■□□
    kryptos80 wrote: »
    Wow, i was thinking about taking the CEH course/exam but after reading this thread, I don't think I will.

    I am a CCNP engineer with over 5 years experience. I want to learn more about security and maybe eventually go into the security field so i'm looking for an avenue of studying. Typically i like certifications because they focus my thinking.

    I am looking at CCNA security but its REALLY not very helpful. Its just a bunch of aaa/vpn stuff with a concentration on SDM which i never see anyone use.

    I am really tempted to go for OSCP. I know it probably won't help my career, but if the knowledge is worth it then why not, right? Thoughts?

    While the OSCP is sexy, the CCNA Security is very practical. I would implore you to truly review the material, even if you don't take the exam, and ask yourself how many networks you have seen that do not implement some of the basic mitigations that it covers. If you were to implement the mitigation strategies on a given network, many of the attacks on the CEH would be worthless. No ARP/IP spoofing/poisoning...

    I am halfway through my CCSP now and I am about ready to take my third exam. Out of the entire security track, I gained the most knowledge from the CCNA Security... each exam beyond that has only slightly increased my capabilities.

    But, I sit my SNAA next, then CEH, and then my CCSP IPS exam... after that, I will probably hit the OSCP after my break.
    AZ-204 [ ] AZ-400 [X] AZ-500
    2020 Goals: Azure Developer Associate, Azure DevOps Expert, Azure Security Associate
  • noob4surenoob4sure Registered Users Posts: 4 ■□□□□□□□□□
    thank you for this great post, right now i know where to focus on ^^
  • Fugazi1000Fugazi1000 Member Posts: 145
    I have just taken and passed this exam. It took about 2 of the 4 hours allowed and I did zero preparation for it.

    I originally booked Version 6 and kept re-scheduling - it seems V6 has now gone and you are forced to do Version 7. In reality, I think that just means a few more updated questions to the existing pool of questions. So no real difference.

    There were some 'woolly worded' questions that could have been better phrased. Some were very ambiguous and in one case 2 technically correct answers - but obviously pick the 'wrong' one and you drop a point. Very US focussed questions - i.e. know your laws (including those that have been superceded)! Know how to use the 'common tools'. There were very few obscure tools mentioned - but lots of questions on the tools you would be using on a regular basis anyway.

    Much mention of older OS' such as NT which dates the question pool somewhat.

    In summary, my background and experience meant this was straightforward for me. It's a hard one to 'cram' for though, as you do need knowledge of a broad range of areas. I suspect the training course is very much geared to helping you pass although I have not tried the EC Council training.
  • RoguetadhgRoguetadhg CompTIA A+, Network+. Member Posts: 2,489 ■■■■■■■□□□
    I think this post should probably be read by anyone going for a certification to read through this thread with an open mind. For better or worse.

    At some point we've all heard "Certifications aren't as important as experience". Which, is better heard from someone that does interviews and knows something about the technology.

    I'd like to think that passing a certification, means you have acquired some experience that will be translated over to the career field. I love the networking field (I'm actively searching for an ISP position). It would be disheartening to find out the time spent, information read and all that time I could've been playing Skyrim (I've killed a single dragon. Once.) has been for nothing. Not to mention the money Im trying to ring up for networking equipment for my own labs :)
    In order to succeed, your desire for success should be greater than your fear of failure.
    TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams

  • TurgonTurgon Banned Posts: 6,313 ■■■■■■■■■□
    Roguetadhg wrote: »
    I think this post should probably be read by anyone going for a certification to read through this thread with an open mind. For better or worse.

    At some point we've all heard "Certifications aren't as important as experience". Which, is better heard from someone that does interviews and knows something about the technology.

    I'd like to think that passing a certification, means you have acquired some experience that will be translated over to the career field. I love the networking field (I'm actively searching for an ISP position). It would be disheartening to find out the time spent, information read and all that time I could've been playing Skyrim (I've killed a single dragon. Once.) has been for nothing. Not to mention the money Im trying to ring up for networking equipment for my own labs :)

    Yes I agree. It's a shame Sexion8, Keatron, Mike and many other experienced people dont post more often, but people move on and get awfully busy as their careers take on more time consuming responsibilities. They just dont have time for TE anymore because they are specialists.

    Certifications offer framework and syllabus, a structure to introduce people to things. How far you take things beyond test prep is down to the wants and needs of the individual. Available time to study, background, interest, aptitude and the requirements of the individual in terms of leverage of applicability of the certification in the workplace are all factors. If the reason for the work is to get a feel for things one studies one way. On the other hand if this is your bread and butter you apply yourself in a different way.
  • madmausmadmaus Registered Users Posts: 3 ■□□□□□□□□□
    Sexion8,
    I appreciate your "ramblings" :) and I must say that I respect your point of view. Needless to say, you have stated your point effectively and have given a realistic guideline based on your experience and understanding of the material. For many years, I refused to take certs... mainly because of all the cert *hores which started back for me back when MCSE was the greatest rage back in the 90's if my memory serves me right. It sickened and frustrated me to the point wherein I would not even truly pay attention to your resume' because of it. My thoughts were... Great! You can read and answer questions but can you apply it in the real world? ... most of the time ... they could not.

    Don't get me wrong. I don't mind individuals who have the certs, in fact, that is wonderful! ... just as long they have the experience, knowledge and wisdom on how to apply what they have learned.
  • teancum144teancum144 Member Posts: 229 ■■■□□□□□□□
    sexion8 wrote: »
    You will want to learn some form of programming language at its basic in the future should you want to be an effective security professional. Don't focus on tools as you won't always be in an environment to run certain tools. Suggestion: Perl or Python period. I'll keep any programming zealotry out of this as well.
    I really enjoyed your post, but I am curious, in your opinion, which is more useful for a security professional, Python or Pearl?
    If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. :D
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,947 Admin
    Perl has been in use as the main scripting language in the UNIX/Linux world for nearly two decades. When dealing with systems, a security professional is far more likely to encounter Perl and a variety of shell interpreter languages far more often that any other scripting language. For Web-based investigations and research, you'd better know your JavaScript.
  • dmoore44dmoore44 Member Posts: 646
    JD - I don't dispute what you're saying, and I know that Perl has a huge user base... but in my experience, I've used and written more Python scripts...
    Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow
  • I2SecureI2Secure Member Posts: 13 ■□□□□□□□□□
    thanks for the shares bro appreciate your work .....
  • SephStormSephStorm Member Posts: 1,732
    madmaus wrote: »
    Sexion8,
    I appreciate your "ramblings" icon_smile.gif and I must say that I respect your point of view. Needless to say, you have stated your point effectively and have given a realistic guideline based on your experience and understanding of the material. For many years, I refused to take certs... mainly because of all the cert *hores which started back for me back when MCSE was the greatest rage back in the 90's if my memory serves me right. It sickened and frustrated me to the point wherein I would not even truly pay attention to your resume' because of it. My thoughts were... Great! You can read and answer questions but can you apply it in the real world? ... most of the time ... they could not.

    Don't get me wrong. I don't mind individuals who have the certs, in fact, that is wonderful! ... just as long they have the experience, knowledge and wisdom on how to apply what they have learned.

    A point which has been mentioned before. But the real issue is going from point A to B. There are no guidelines for gaining that experience, knowledge and wisdom, UNLESS you are in a position involving the duties. I am stuck at a helpdesk for the next three years. After I do labs out the wazzoo, then what? I literally cannot (officially...)do those duties. lets take it back a step. Guy graduates high school, goes to college and earns his BS with a networking speciality, if hes lucky, most schools claim the coursework will prep him for CCNA. Maybe he works at geek squad while in college in an attempt to get some experience. Based on what I hear, he still doesnt get hired for a networking job, because there is no guidance on what he needs to know to be gainfully employed in the field.
  • diggitlediggitle Member Posts: 118 ■■■□□□□□□□
    Do i have to have all of the following below before I can be a pen tester?

    Mastery of the OSI model
    Routing TCP/IP volume I and II
    Network Security Architectures
    Network Security Fundamentals
    Designing for Cisco Internet work Solutions (CCDA)
    Linux Mastery
    c colon i net pub dubdubdub root
  • tolmietolmie Member Posts: 37 ■■□□□□□□□□
    Hi guys, some great posts. Ive been working in IT for around 15 year. I was thinking about doing the EH exam to add something a bit different to my CV, I'm not saying I want to be a pen tester as I probably don't have the ability but I find security and hacking interesting. I have access to CBT nuggets, what book would you recommend for studying for the EH course. As I say this is just to add something to my Microsoft certs.

    Thanks
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,827 Mod
    tolmie wrote: »
    Hi guys, some great posts. Ive been working in IT for around 15 year. I was thinking about doing the EH exam to add something a bit different to my CV, I'm not saying I want to be a pen tester as I probably don't have the ability but I find security and hacking interesting. I have access to CBT nuggets, what book would you recommend for studying for the EH course. As I say this is just to add something to my Microsoft certs.

    Thanks

    The new CEH All in One 2nd edition by Matt Walker is the best book hands down. I tried another newly released book and it was awful and I failed the exam. I've been reading the AIO book and it's 100% better and actually seems like it follows the exam objectives completely.

    CEH Certified Ethical Hacker All-in-One Exam Guide, Second Edition: Matt Walker: 9780071836487: Amazon.com: Books
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,947 Admin
    tolmie wrote: »
    As I say this is just to add something to my Microsoft certs.
    If you really want to spend US$600 just to add something interesting to your resume then go for it. I'll also say budget another US$300 and get the Security+ (SY0-401) first.
  • tolmietolmie Member Posts: 37 ■■□□□□□□□□
    What, is it $600 to sit the exam, didn't realise that. So it will be about £500 here in the uk, wowza
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,947 Admin
    The exam fee is US$500. If you don't take an "official" ECC training course (typically US$2500), you will need to pay an additional, non-refundable US$100 "application fee" when asking for approval to take the CEH exam. ECC's prices more than doubled when the CEH made the US DoD's approved certs list.
  • tolmietolmie Member Posts: 37 ■■□□□□□□□□
    ahwell if that's the prices in the uk then that's probably ruled me out.
  • tolmietolmie Member Posts: 37 ■■□□□□□□□□
    Quick question, I seen there is a security+ course. How much is this exam to sit, is this a better cert than the EH.

    Thanks
  • Diggs3dDiggs3d Member Posts: 35 ■■□□□□□□□□
    Hello,

    CompTIA Security + has come a long way but it's still considered entry level cert. It cost about $290 give a take a few bucks. If you like CompTIA you may want to check out the CASP which is CompTIA Advance Security Practitioner.

    The CEH is more advance level cert but its passable. I just started to study for this exam.......So we shall see

    Good Luck !!!
  • InfoSeeker23InfoSeeker23 Registered Users Posts: 1 ■□□□□□□□□□
    Thank you for clearing everything for me. Every interview I have, I am asked if I have the C|EH. So I have decided to study for it and take the exam and whore it. I am not in the IT industry, but I use the tools at work.
    I will follow your advice (reasoning makes a lot of sense!). Please let me know if you have any suggestion for a "monkey" like me. lol
  • Pc2015Pc2015 Registered Users Posts: 1 ■□□□□□□□□□
    Took it today, used matt walker's book was scoring 96-98 on all practice testes. Couldn't agree more with the comment below: "signed up for baking class and was given a plumbing exam"
  • defuntdefunt Registered Users Posts: 1 ■□□□□□□□□□
    So this maybe the wrong thread to ask this question but I can't find a more relevant thread. So to make a long story short, my company is now requiring that i get my CEH. But I've been in IT and more specifically Information Assurance for about 5 years now. I'm not saying that I won't have to study, but i think i can pass with just self study. I'm just confused on how to fill out the application, specifically the part about "Experience qualification". Is that just referring to commercial certs or like can I put things like the "Vulnerability Technician" training i got from a local auditing company. Or like my company has this policy that certain equipment requires the vendor to qualify that you can operate it so i have a "qualification" for our IDS. I don't want to put down things that don't matter, or not put down things that do.

    If someone could provide guidelines (or maybe an example of what they put)for what to include in this box that would be super helpful, or at least point me in the right direction. I don't want to get my application declined (and lose $100) if i can help it.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Put your experience..."I did xyz", "I audit xyz". Basically what you have on your resume. At the end you could put a blurb about the certs you have but I believe you also have to send in your resume, and have your boss verify.
  • wb9vkowb9vko Registered Users Posts: 2 ■□□□□□□□□□
    Failed 69/70 version 8 test, last week.

    The Boson test simulator is actually a good predictor of success. I would recommend that.

    There were questions about last year's BASH worm and HEARTBLEED virus that I wasn't expecting.

    I didn't see any Metaspolit questions. I would say there were 3-5 social engineering questions.

    Nothing on buffer overflows. GLBA, HIPAA and SOX were all addressed with questions.

    There appeared to be almost 5 questions just on netcat alone (syntax, etc.).

    Hardly nothing on null sessions and port 139/445 issues.

    What is bewildering is, that I paid the $350 retake charge and got a PowerPoint on some new proctor service (non-Prometric VUE).

    Also asks you to register at an EC website for exams.

    Has anyone seen this new material?

    Is Prometric VUE gone for retakes?
  • wb9vkowb9vko Registered Users Posts: 2 ■□□□□□□□□□
    Do not try and wing it, big mistake. Get Boson test simulator.
  • brooklynzoo81brooklynzoo81 Member Posts: 13 ■□□□□□□□□□
    A very interesting read indeed. I just got my SSCP back in February and was looking to go for the C|EH next. Going to put the CISSP on hold for now since i just entered the security field a year and a half ago, after 9 years of desktop support. I also have a Masters Degree already.

    Thanks
  • AntonovAntonov Member Posts: 10 ■□□□□□□□□□
    Now this is interesting and Ming opening tip in knowing almost anything in life. I will speak for myself. I've just recently got very interested I the IT security industry in my 32years of life and I'm currently doing Advanced Information Security in South Africa at University of South Africa (UNISA) . My question to you sir, from a rookie like me, what best courses can I do (considering your method) that can make me a good security officer better yet a Infosec Manager. I live in an environment where IT security isn't big but with recent attacks, every big bank and firm are looking for expects. I've wrote Comptia N+ and I'm studying for Comptia Security+. What more courses could be good for my vision??? Please assist
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    This thread is awesome... Me Personally I have a goal to complete my RHCSA then go for either a Networking or Security cert. I have noticed one thing about ANYONE who works in Security and posts here.... you HAVE to know NETWORKING and basic computer concepts!!!!! That is the main theme that I see in many threads when we talk about Network Security and Pentesting, hacking, etc.... How can you secure something when you do not know how it works.
    As far as the CEH I will prob not take that exam... the reason why is because it bombards you with so much outdated programs and to me I would rather get a OSCP over a CEH. Me I am more "Hands On" so I would rather be tested on my ability rather then my book smarts. I don't dislike the CEH but my certification policy is "Find your path, and learn what certs you need to get there and get the knowledge and experience to go along with it. its not always about the ROI but its about the exp you get"
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
Sign In or Register to comment.