CEH Exam

Excellent1Excellent1 Member Posts: 462 ■■■■■■■□□□
Sat and passed the exam today, wanted to briefly share my thoughts. First, I used the Matt Walker All-in-One book as a primary source of study for the exam. As the book correctly tells you, you also need to spend some time with the tools. Actually using the tools, as opposed to simply reading about them, will definitely help you recall the details you need to know for the exam.

The exam itself was very straightforward. While it is simply multiple choice, some of the questions are 4 paragraphs long. With my personality type, this is very frustrating, as I like to get to the meat of the question quickly, answer it, and move on. Take your time to read the whole question and make sure you understand what is being asked. The exam was 150 questions and I was given 4 hours to complete it. It took me 2 hours, primarily because I ran into some syntax questions that I debated with myself on for far too long. After the exam, I looked up some of these and of course I had changed my answer to the incorrect one because I failed to go with my initial gut reaction (gotta love that).

Most of you preparing for this will already know that nmap and netcat are a couple of the more prominent tools tested on. Something I was caught off guard by was the number of hping3 questions I received. I would definitely not skimp on this tool in your preparation like I did. I passed with a very comfortable margin, but had I been better familiar with hping syntax, I would have nearly aced the exam. If I had been borderline, though, that would have put me into the fail territory.

Also, as is pointed out in the Walker book, make sure you know what the responses will be to various port scans if the port is open or closed. I saw this multiple times and it was asked from several perspectives.

I took this certification as part of my degree program, but I would probably not have pursued it otherwise. The exam is expensive ($500!), and I'm not sure how much stock I put in any exam that doesn't have sims and other more hand-on scenarios, as they are too easily dumped. That said, I learned a lot and I've grown very fond of Backtrack and Linux in general. Regardless, good luck to everyone working on this exam.

Comments

  • Mike-MikeMike-Mike Member Posts: 1,860
    great review!
    Currently Working On

    CWTS, then WireShark
  • FalasiFalasi Member Posts: 115
    good review and congratulation! I've passed last tuesday however I didnt recieve any email from ec-councel after passing (and authenticating my result with vue). any idea if i'm missing anything?
  • Moe 0101Moe 0101 Member Posts: 22 ■□□□□□□□□□
    Congrats on the pass! I am also studying for this exam and using the same book. I am trying the self study way, I have not submitted my application yet, but I am almost done the book. Thanks for the review.
  • the_hutchthe_hutch Banned Posts: 827
    Excellent1 wrote: »
    While it is simply multiple choice, some of the questions are 4 paragraphs long. With my personality type, this is very frustrating, as I like to get to the meat of the question quickly, answer it, and move on.

    Honestly, I found that with most of these, I didn't even have to read the question. In a lot of them, it seemed like a big long background story with a simple question that, while related, did not require the preceding information to answer correctly.

    Oh yeah...CONGRATS icon_thumright.gif
  • ajs1976ajs1976 Member Posts: 1,945 ■■■■□□□□□□
    congrats
    Andy

    2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete
  • JDMurrayJDMurray Admin Posts: 13,090 Admin
    Congratulations on the pass! icon_cheers.gif Thanks for the excellent review!
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Thanks for sharing your experience and congratulations on the pass.
    Do you have a lab that you practiced on? I'm interested in taking this test after the eCPPT exam.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • Excellent1Excellent1 Member Posts: 462 ■■■■■■■□□□
    Thanks all for the congrats.

    @Falasi: No, no email here, either. I googled around a little bit and saw that this is (or was) typical for EC council certs. Seems like they don't handle it like MS and Cisco. I was surprised (even CIW sends an email, lol), but maybe someone else can clarify this for both of us.

    @Hutch: Yeah, I did the same thing. You would see this huge wall of text, then at the bottom the question would be, "so which port number is xxx?". It was sort of comical on some of them. Still, they weren't all softballs. I didn't do a lot of study on IV's, so that sort of surprised me.

    @Jameslee: I used vmware workstation 8 and ran several vm boxes to try different tools without having to worry about antivirus freaking out. I also spent a good bit of time playing with a couple of backtrack distros (mainly r2 and r3 and exploring the differences between kde and gnome). It's probably not necessary to lab everything to pass the test, but I like to really learn the material--and for me, that means actually using the tools.

    Anyway, it was a good experience and is really one of the reasons I bothered with my MS program--I know there are some things that I would never really delve into if not for the requirements. Since my Cisco exams, I've tended to be pretty much fixated on how 0's and 1's get from a to b, but this exam offered an interesting view of some of the things that are out there. I would say the one thing that surprised me the most was just how easy it is now to do serious damage with no real understanding of the tools being used. Script kiddies have been around a long time, but now instead of being an irritant, they're like the 9 year olds in third-world countries carrying around rpg's: they may not look like much, but you have to take them seriously.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Excellent1: You make a good point about the script kiddies. But I find some of the tools a little difficult to use.

    The script kiddie subject reminds me of this: Worlds worst hacker. IRC transcript « TheMostBoringBlogInTheWorld
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • TechTesterTechTester Registered Users Posts: 2 ■□□□□□□□□□
    Excellent1 wrote: »

    @Falasi: No, no email here, either. I googled around a little bit and saw that this is (or was) typical for EC council certs. Seems like they don't handle it like MS and Cisco. I was surprised (even CIW sends an email, lol), but maybe someone else can clarify this for both of us.

    I just passed CEH last week and also haven't received any acknowledgment from EC Council. From what I've read online 1 month seems to be the average lead time to get the certification package in the mail. I assume all required info will be in that.
  • Dave BDave B Member Posts: 9 ■□□□□□□□□□
    I passed the CEH cert last month and within a week I had an email congratulating me on passing. Then I received a second email telling me that my certifiction packet was in the mail and would arrived in 4 to 8 weeks. I guess it depends on the vender you used for the test. I went to an Info Sec course and proctored the test through them.

    Dave
  • Excellent1Excellent1 Member Posts: 462 ■■■■■■■□□□
    Yeah, I finally received the email about the certification kit in the mail. There is a registration code for the forums, as well. I was looking at the logo downloads, and the only ceh logo download I found was for a ceh.exe file. Might run it in a vm later, see what it does, but that's really weird. The whole site (along with the email that was sent) comes across with a "Nigerian Prince" type of flavor.

    Anyway, it's all good--makes me really appreciate Cisco and Microsoft, haha.
  • Dave BDave B Member Posts: 9 ■□□□□□□□□□
    I received the packet in the mail also, pretty quickly considering. I have downloaded the logos and didn't have any problems on that front! So far no real issues with any it, I guess I am just happy to have the cert done!
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    lol, I forgot about the ECC exe logo. I remember that being brought up on the forums, but I guess ECC never thought it was worth changing. They also dont think that its worth giving wallet cards, or taking the time to be active on their forums, or many other things.
  • Excellent1Excellent1 Member Posts: 462 ■■■■■■■□□□
    Dave B wrote: »
    I received the packet in the mail also, pretty quickly considering. I have downloaded the logos and didn't have any problems on that front! So far no real issues with any it, I guess I am just happy to have the cert done!

    Yeah, I have the logos now too--but they are not correct. You're supposed to use the logos with the version, but the ceh.exe file you download is a self-extracting file that gives you the old un-versioned logos. All-in-all, the site and the emails/responsiveness of EC-council is a pretty disappointing experience. For the money they charge, you'd expect a little more (at least, I do). I mean, when CIW has you beat hands down, it's time to look at your business model, haha.

    Anyway, it's all good. Was good info, lots of fun, but can't say that it's worth anywhere near what they charge.
  • kad5118kad5118 Banned Posts: 9 ■□□□□□□□□□
Sign In or Register to comment.