Passed C|EH v7

I passed C|EH v7

I'll re-hash what I posted at WGU:

I passed on 12/30/2011.

I'm probably repeating a lot of what others have said.

Things it would be good to know:
1 - nmap scan codes
2 - types of nmap scans and their responsese
3 - ICMP codes
4 - TCP handshake
5 - common ports
6 - dig syntax
7 - hping2 syntax
8 - wireshark syntax
9 - wireshark output
10 - snort syntax
11 - block/stream cipher
12 - PKI/certificates
13 - hashing
14 - LANMan Hash
15 - How many bits is xyz encryption?
16 - MAC authentication
17 - DHCP snooping
18 - SQL injection
19 - XSS
20 - directory traversal

I know I'm probably missing a few, but this should be a pretty strong basis.

One technique that helped me a lot was making "memory tables"

Such as, I'd start with a blank box, and then fill in all of the ICMP types and codes (from memory)
Or, do the same thing with all of the nmap scans, and their responses (from memory)
Or, do the same thing with all of the nmap syntax (from memory)

Or ... fill in the blank with whatever it is.

Since you can't have notes for the test, you just have to memorize as much as you can that you'll probably definitely see, and want to be well aware of.

I had a couple exhibits with tools I'd never seen before, but based on what I already knew, I could kind of piece together what they were asking for (at least, so I think, as I passed!)

It took me almost two hours to finish the test. You're given four hours.

One thing that shocked me was the many questions I got on dhcp snooping, which I never encountered during my preparation for CEH, but since I've done CCNA Security, etc., it wasn't a big deal to see questions on it.

The exam is not difficult. If not for the many questions on tools, the exam would be super-easy. If you have recently taken Security+, this exam will probably be even easier.

Find more posts tagged with

SAVE $250 on Your EC-Council Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View EC-Council Boot Camps

Comments

drumrolfe

Congrats Instant!

Chivalry1

Congrats welcome to the CEH club.

whatthehell

Congratz on the pass and thanks for the info!

cyberguypr

Congrats on the pass!

coty24

Congrats man! I am happy for you, thank you very much for the information!

onesaint

Another one in the bag! You're really steamrolling through the certs. Fantastic work and as always, great information on exam preparation.

What materials did you use?

Dakinggamer87

Congrats!!

instant000

onesaint wrote: »

Another one in the bag! You're really steamrolling through the certs. Fantastic work and as always, great information on exam preparation.

What materials did you use?

I used too much material:

1 - 1/5 volumes of CENGAGE press for the CEH? I think it's called CENGAGE PRESS. I only read the first volume. It was too heavy on tools, and not high enough on theory for me, I thought it was horribly put together.
2 - LearnKey Videos - Hacking Revealed 2008 (I viewed all of these, can't be too sure it helped, actually.)
3 - Matt Walker - v7 All-In-One Guide (Get this book!)
4 - Aforementioned memory tables
5 - Prior knowledge from past work/certification experience

If I had to take this test without any prior knowledge in the security domain, I would do this:

1 - Tools: Wireshark, nmap, netcat, snort
2 - OS: Win 2003, Win XP, and a Linux distro (all of these should be available for eval download, I have MSDN though school)
3 - tcpipguide.com (know the basics of TCP/UDP/IP/ICMP/Layer 2)
4 - Security+ (not necessarily take the test, but know the material)
5 - Matt Walker - CEH v7 All-In-One Guide (Know the material)
6 - Lab EVERY single scenario presented in Matt Walker's guide, at least two or three times
7 - Mr. Walker put together a table, of tools, and which categories they fit in. It may seem silly, but it'd be smart to memorize that table, also.
8 - Make memory tables for every table of information presented in Mr. Walker's guide, but make sure you look at these tools yourself, as the Matt Walker guide is very new, and I'm not sure if errata is published yet, but there might have been some errors. For this reason, if you follow step 6, and test the tools and view their respective site documentation, you should be OK.
9 - Trust me when I tell you that you will indeed be tested on tool syntax as well as outputs. If you have not prepared to study that stuff, then you are not prepared to take this test. If you've covered one or two tools in an area, it "should" be enough, if you know how the tools work and understand the theory behind what you're doing.
10 - As far as difficulty, I'd say this test is probably the equivalent of Security+ for Hackers. (If you've taken CCNA-Security, I would call that one the equivalent of Security+ for Cisco.)

Hope this helps!

onesaint

The details are much appreciated. It's always good to know what material works and which to stay away from!

impelse

Congrats