PREPARATION
Though some of my previous years of work and graduate studies have been in healthcare and global futures security, I earned my first IT certifications this year (A+ in April, Net+ in June, Sec+ in July). A company I have project-partnered with in the past was aiming to support a cyber-security track individual who could operate in the private sector beyond TS matters, and I was the willing participant. Thus, they sponsored by self-study eligibility application. I have engaged totally in self-study, but with the understanding that their organization will need me at some future point to help them put some of the CEH suite of activities into practice (not necessarily as their lead, however).
Anyway, after finishing Sec+ in late July, I meandered for a few weeks through Walker's All-in-One (AiO) bundle, had a week off, and had close relative pass before spending the last 2 weeks in diligent preparation. I read posts from this forum from the beginning (August) to get an idea of what I should expect and how I can hedge my study plan to not be overly surprised. This mostly entails using multiple reference materials - like defense in depth as your strategy for mitigating the the risk of tunnel vision studying and getting waylaid by too much focus on X, Y, or Z.
Perhaps my favorite supplement were the Boson Practice exams. When others recommended them and noted their thorough explanations, I did not grasp how significant they would be. Honestly, I know I learned a huge amount in the final three days prior to the exam simply by supplementing what I understood with the answers supplied in the Boson answer description spaces. I had a discount from the summer that made the price around $75, but $100 would have been fine given how much I think they're worth.
I used Skillset sparingly. I didn't pay for the Pro-version (though September seems to be offering a 50% subscription rate), and so I never got much out of it (since I like to study intensely in batches, and I kept getting the "stops." A better resource for practice would be Quizlet, but much of the information is dated. However, Quizlet tech would be fantastic for uploading the glossary at the back of AiO or for the different tool names and their description/use. I did not "get into" the Cybrary.it course on the matter, though I may look into the CB Nuggets course even though I'm through, since there is some training I think could be extremely helpful to learn.
Weeks 1-3
Read each chapter, taking the quiz at the end of each. Slowly process and think about the information/implications
Week 4
Off; Work
Week 5
Funeral out-of-state. Read Walker's AiO review .pdf
Weeks 6-7
Take each 25-29-question quiz from AiO supplement book. Check Quizlet and Skillset (<5 hours).
Week 8
Take AiO and Boson software exams (300-Question AiO set; Boson tests A-D; 400-Question AiO set; Random Boson set);
Take actual exam
Regarding the Boson sets, I took the first 3 in the same manner and the 4th differently. For Tests A, B, and C, I took the exam in study mode and clicked, "show answer" to immediately see how each question was meant to be answered and the rationale. Furthermore, this also provided me with all kinds of information about the wrong answers that further prepared me for the REAL exam. For Test D, I took it in simulation mode. Whereas it took me about 2 hours to through each of A, B, and C, in the manner described, it only took about 80 minutes to go through D, since I wasn't learning anything (of course, I immediately retook D in study mode afterward, breezing through the exam to read the answer descriptions).
My scores in the AiO and Boson are listed below.
These scores are reflective of the following dates:
- 9/16 for AiO-300, (75%)
- 9/19 for Boson A-B, (61%, 78%)
- 9/20 for Boson C-D and AiO 400, (72%, 84%, 88%) and
- 9/21 for Random Boson (about an hour before I took the exam). (95%)
These should give you a little understanding as to where I was prior to taking the actual exam (which I took online through ProctorU).
EXAM REFLECTIONS
I was vastly over-prepared in some areas and felt under-prepared in others. I certainly thought during the exam. I likely over-thought many of the questions, as I marked nearly 30% of the questions to review before submitting. Whereas I was completing the Boson exams in 80-90 minutes. I took 3 hours for the actual exam. Part of that was being overly paranoid, but that also reveals how unsure I was on some questions - like where typos could have actually affected the meaning of the question and/or the correct answer. If I were to coach myself in preparing for the exam after-the-fact, I would recommend doing the drudgery work of making quizlet cards for each of the tools, specifically where switches were similar or the tools' names could be mixed-up. I would do the same for each of the famous exploits.
My recent trek through the CompTIA trio certainly helped me pick the information up quickly and compartmentalize it efficiently. I had a framework in place for the knowledge to fit, and that framework made the difference in allowing me to speed through certain sections. I am thankful to have completed this certification and now be able to spend time on the actual hands-on platforms, as I did not spend time working with a home lab (I have a Kali machine but haven't touched it for CEH prep). Certainly, as I try out some of the tools, my study has enabled me to quickly know what I'm doing and what's going on under the hood (as it should given I just earned the certification).
I hope listing out some of my experiences and reflections help you on your path toward CEH certification and development. Godspeed.
P.S. For those with the experience and willingness to do so, please advise as to how I might stabilize my knowledge with the practical skills. My intent was to take Off-Sec's free Metasploit course and read the Metasploit and Penetration Testing books of the same rank. If there is a better or more interactive way, I'm all ears. Thanks.
