CEH Exam
Excellent1
Member Posts: 462 ■■■■■■■□□□
in CEH
Sat and passed the exam today, wanted to briefly share my thoughts. First, I used the Matt Walker All-in-One book as a primary source of study for the exam. As the book correctly tells you, you also need to spend some time with the tools. Actually using the tools, as opposed to simply reading about them, will definitely help you recall the details you need to know for the exam.
The exam itself was very straightforward. While it is simply multiple choice, some of the questions are 4 paragraphs long. With my personality type, this is very frustrating, as I like to get to the meat of the question quickly, answer it, and move on. Take your time to read the whole question and make sure you understand what is being asked. The exam was 150 questions and I was given 4 hours to complete it. It took me 2 hours, primarily because I ran into some syntax questions that I debated with myself on for far too long. After the exam, I looked up some of these and of course I had changed my answer to the incorrect one because I failed to go with my initial gut reaction (gotta love that).
Most of you preparing for this will already know that nmap and netcat are a couple of the more prominent tools tested on. Something I was caught off guard by was the number of hping3 questions I received. I would definitely not skimp on this tool in your preparation like I did. I passed with a very comfortable margin, but had I been better familiar with hping syntax, I would have nearly aced the exam. If I had been borderline, though, that would have put me into the fail territory.
Also, as is pointed out in the Walker book, make sure you know what the responses will be to various port scans if the port is open or closed. I saw this multiple times and it was asked from several perspectives.
I took this certification as part of my degree program, but I would probably not have pursued it otherwise. The exam is expensive ($500!), and I'm not sure how much stock I put in any exam that doesn't have sims and other more hand-on scenarios, as they are too easily dumped. That said, I learned a lot and I've grown very fond of Backtrack and Linux in general. Regardless, good luck to everyone working on this exam.
The exam itself was very straightforward. While it is simply multiple choice, some of the questions are 4 paragraphs long. With my personality type, this is very frustrating, as I like to get to the meat of the question quickly, answer it, and move on. Take your time to read the whole question and make sure you understand what is being asked. The exam was 150 questions and I was given 4 hours to complete it. It took me 2 hours, primarily because I ran into some syntax questions that I debated with myself on for far too long. After the exam, I looked up some of these and of course I had changed my answer to the incorrect one because I failed to go with my initial gut reaction (gotta love that).
Most of you preparing for this will already know that nmap and netcat are a couple of the more prominent tools tested on. Something I was caught off guard by was the number of hping3 questions I received. I would definitely not skimp on this tool in your preparation like I did. I passed with a very comfortable margin, but had I been better familiar with hping syntax, I would have nearly aced the exam. If I had been borderline, though, that would have put me into the fail territory.
Also, as is pointed out in the Walker book, make sure you know what the responses will be to various port scans if the port is open or closed. I saw this multiple times and it was asked from several perspectives.
I took this certification as part of my degree program, but I would probably not have pursued it otherwise. The exam is expensive ($500!), and I'm not sure how much stock I put in any exam that doesn't have sims and other more hand-on scenarios, as they are too easily dumped. That said, I learned a lot and I've grown very fond of Backtrack and Linux in general. Regardless, good luck to everyone working on this exam.
Comments
CWTS, then WireShark
Honestly, I found that with most of these, I didn't even have to read the question. In a lot of them, it seemed like a big long background story with a simple question that, while related, did not require the preceding information to answer correctly.
Oh yeah...CONGRATS
2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Do you have a lab that you practiced on? I'm interested in taking this test after the eCPPT exam.
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
@Falasi: No, no email here, either. I googled around a little bit and saw that this is (or was) typical for EC council certs. Seems like they don't handle it like MS and Cisco. I was surprised (even CIW sends an email, lol), but maybe someone else can clarify this for both of us.
@Hutch: Yeah, I did the same thing. You would see this huge wall of text, then at the bottom the question would be, "so which port number is xxx?". It was sort of comical on some of them. Still, they weren't all softballs. I didn't do a lot of study on IV's, so that sort of surprised me.
@Jameslee: I used vmware workstation 8 and ran several vm boxes to try different tools without having to worry about antivirus freaking out. I also spent a good bit of time playing with a couple of backtrack distros (mainly r2 and r3 and exploring the differences between kde and gnome). It's probably not necessary to lab everything to pass the test, but I like to really learn the material--and for me, that means actually using the tools.
Anyway, it was a good experience and is really one of the reasons I bothered with my MS program--I know there are some things that I would never really delve into if not for the requirements. Since my Cisco exams, I've tended to be pretty much fixated on how 0's and 1's get from a to b, but this exam offered an interesting view of some of the things that are out there. I would say the one thing that surprised me the most was just how easy it is now to do serious damage with no real understanding of the tools being used. Script kiddies have been around a long time, but now instead of being an irritant, they're like the 9 year olds in third-world countries carrying around rpg's: they may not look like much, but you have to take them seriously.
The script kiddie subject reminds me of this: Worlds worst hacker. IRC transcript « TheMostBoringBlogInTheWorld
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
I just passed CEH last week and also haven't received any acknowledgment from EC Council. From what I've read online 1 month seems to be the average lead time to get the certification package in the mail. I assume all required info will be in that.
Dave
Anyway, it's all good--makes me really appreciate Cisco and Microsoft, haha.
Yeah, I have the logos now too--but they are not correct. You're supposed to use the logos with the version, but the ceh.exe file you download is a self-extracting file that gives you the old un-versioned logos. All-in-all, the site and the emails/responsiveness of EC-council is a pretty disappointing experience. For the money they charge, you'd expect a little more (at least, I do). I mean, when CIW has you beat hands down, it's time to look at your business model, haha.
Anyway, it's all good. Was good info, lots of fun, but can't say that it's worth anywhere near what they charge.