A word of caution about CEH V8/V9

I just barely passed my CEH V8 exam today, and while I should elated, I'm actually a bit angry.

I'll start off with a coworker's quote "I feel like I went to a baking class and was then given a plumbing exam."

So in preparation for CEH, I used the following:

1) Matt Walker AIO + Practice Exams books.
2) VTC CEH video course
3) Random youtube videos for topics I wanted more info on
4) EC Council Licensed bootcamp style exam prep class & labs (4 days + review day/exam day).

I'm not a certificate whiz, but I've successfully done two other boot camp style classes & exams (Security + and ITiLV3) and done pretty well in them, I've been in the tech industry a long time, and have an excellent memory and decent test taking skills.

The exam I had today was something I barely recognized. Over half the questions were topics that were not covered in any of my studies.

I had questions on hard drive failure costs, backup failure rates, and numerous questions on the Risk Management Framework (which is different from the risk triangle/risk analysis matrix), and other weird stuff that just made me wonder if I had gotten a the right test.

I know V9 drops on Nov 1, and I wonder how many V9 questions I might have gotten. I've heard there are always sample/dummy/test questions on certification exams, but there just seemed to be too many for it to just be a sampling.

Over half my boot camp class didn't pass - and these are smart people with tough certs behind them (Oracle, Cisco, Voip certs, etc.) from a wide range of disciplines - DBA's, networking guys, web developers, security admins, etc.

Regarding the exam, one person summed it up incredibly well "I feel like I went to a baking class and was then given a plumbing exam."

I didn't expect an automatic pass because my company paid the money and I showed up. I studied hard, participated in class, and felt I knew the material. I was getting 85s on the Matt Walker stuff, I was getting high 90s in the pre-tests given on the 3rd and final day of the bootcamp.

Has anyone else experienced anything like this?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

lsimon305

All good stuff!

Just to add to my post here. For those of you who are seeing many questions you didn't study for remember to use multiple resources for studying and not just 1 or 2 resources. I took my test last week 10/13 and I felt pretty comfortable with the test. There were some questions that had 2 very similar answers and those are the ones I may not have gotten correct.

wayne_wonder

Do they plan to bring out a course book before the end of the month

Sch1sm

cehv9 wrote: »

I have compared the v8 and v9 course ware and the change is very minimal. The change is not big enough to "fail" candidates. They have only included a new module "Cloud Security" and removed "Buffer Overflow". They have moved certain things around, but that's all that they have done! So, in theory even if you were to take the v9 exam on v8 material, you should still be able to pass, since the change was very very minimal. But even then, people are reportedly seeing questions they didn't study for. I can only include that EC-Council have screwed up the exam big time and have somehow included questions not covered anywhere in the course ware.

This is absolute nonsense. The exam is 125 multiple choice questions with a high pass mark of 70%. Every single question counts in this context and it is absolutely unfair to include ANY material in the exam that isn't in the study material.

cehv9

wayne_wonder wrote: »

Do they plan to bring out a course book before the end of the month

Its already out

TK1799_st

If one compares the v8 Objectives to the v9 Objectives - there are a ton of questions that are asked on the current CEH exam that I took on FRI that are ONLY COVERED on the v9 Objectives. That is completely unfair and unprofessional. CompTIA would never conduct exams as such....they notify the public of their intent and even then offer a bleed over period for those - like me - who have studied right to the point of taking what I should have been offered....

From ECC website states a "snap shot" of the future v9 Obejctives:

Emphasis on Mobile Platforms and Tablet Computers

Heartbleed - Shellshock - Poodle + decryption of SSLv3 and what those results look like, ect...

Coverage of latest Trojan, Virus, Backdoors

latest mobile hacking tools

Yes - all this ensued into a 100 question block dealing with very specific answers - and the questions were written poorly and with general content leaving a possible 2 answer possibility - guess I picked 14 that the 50-50 gamble didn't work out for me...

That exam is a screw up that should not have been launched and since it was - is going to cause alot of problems.

More to come this week....when Pearson Vue gets back to me over this....EC Council - I doubt will be calling me back. ECC have not even posted the v9 Objectives in full!

TK1799_st

Watch buying anything from ECC that you think is v9.

I went on the iStore for v9 material -- and it's only v8.

They are still offering training at remote sites for v8 --- not v9.

At the moment, there is NO v9 material out there that I have found official - or 3rd party like Sybex.

This site lists exactly what I discovered:

http://cybersecurityzen.com/cybersecurity/certified-ethical-hacker-version-9-ceh-v9-339/

"Depending on your level of existing knowledge, you will need to study the material presented in the 18 CEH v9 modules, and then pass the EC-Council CEH v9 exam.
Easier said than done, because much of this course is taught using hands-on labs rather than information straight from a training manual."

I did not have that afforded to me - and apparently others as well had the same experience!

E Double U

CEH is the only cert that I've been interested in that I constantly hear bad things about lol.

cehv9

E Double U wrote: »

CEH is the only cert that I've been interested in that I constantly hear bad things about lol.

Some more https://www.reddit.com/r/CEH/comments/3oar60/is_anybody_else_using_iclassilabs/

TK1799_st

Apparently they updated the Objectives for v9 last night:

http://www.techexams.net/forums/ec-council-ceh-chfi/114580-word-caution-about-ceh-v8-v9.html

Interesting thing is - there may be some cover over the v8 - but a large percent of this is brand new.

With that, come new more unique questions - of which I had about 100 out of 125 - resulting in a failure.

Poor form on ECC for launching this....I'm hoping it was a mistake!

danny069

E Double U wrote: »

CEH is the only cert that I've been interested in that I constantly hear bad things about lol.

Lmao, people can talk trash all they want, if you want a cert you want a cert, what can I say.

TK1799_st

SOLUTION AND FIX

[FONT=georgia, serif]CEHv8 FAILED EXAM - Was version 9 - How to Resolve[/FONT]

[FONT=georgia, serif]Write an email to EC Councils - Certification Director

[/FONT]certdirector@eccouncil.org

I was instructed to contact you immediately in reference to the CEHv8 Exam I took on XX OCT 2015 at (TESTING LOCATION)

Upon opening the exam, I realized that the material I studied from the Official ECC CEH v8 course-ware, the Sybex Book for CEHv8, Secure Ninja Videos for CEHv8, and the tools provided to practiced with were not the same and I did not pass.

I believe at this point, Pearson Vue and EC Council owe me a new voucher to re-take the CEHv8 Exam. I also do not believe the CEH v9 Exam should not be released in the wild as of yet since there is no current study material available that I could find.

Please get back to me with an answer. I took FRI off from work and now have to take another day off to make this exam happen.

Just to confirm, I signed up and paid for the CEH v8 exam.

(NAME)

I will attempt to start a whole new threat so that others may find it and be able to get a free retake....

....now I'm waiting for the reply back from ECC Cert Director.....

JusCoolin

I want to start by saying I am highly upset with EC-Council just like a select few others on TE. I studied with the wife for about 2 months, took notes, flash cards, took the CBT Nuggets course, Cybrary.IT course and read 2 books from front to back. I took the C|EHv8 exam with a racing heart and failed it but definitely seemed like v9 material. Hardware cost and hourly wages should not be included in an Ethical hacking exam. All in all this I'am highly disappointed. That's my rant for today.

TK1799_st

Hang in there - ECC knows that there was a Cert Server push that should NOT have gone out...stay with it and it should be resolved correctly.

If you look at the newly released v9 Objectives - they are what is on the exam - some are in the same topic field as v8, but upgraded solutions and new exploits/attacks...not fair to **** an entirely new exam on unsuspected testers.

I've been in ambushes - don't like it - and come through it fighting!

Stay tough brother! ECC should be reaching out to us this week to resolve it!

JusCoolin

TK1799_st wrote: »

Hang in there - ECC knows that there was a Cert Server push that should NOT have gone out...stay with it and it should be resolved correctly.

If you look at the newly released v9 Objectives - they are what is on the exam - some are in the same topic field as v8, but upgraded solutions and new exploits/attacks...not fair to **** an entirely new exam on unsuspected testers.

I've been in ambushes - don't like it - and come through it fighting!

Stay tough brother! ECC should be reaching out to us this week to resolve it!

You should be an inspirational writer. I really appreciate it though. Keeping my head up and oh and i also wrote down as much as i could remember on the test. Amazes me how much I have written down.

GreaterNinja

So i spent a month reading these boring CEH V8 Books for class and now they are already pushing version 9 test? Great...

Sch1sm

TK1799_st wrote: »

Hang in there - ECC knows that there was a Cert Server push that should NOT have gone out...stay with it and it should be resolved correctly.

If you look at the newly released v9 Objectives - they are what is on the exam - some are in the same topic field as v8, but upgraded solutions and new exploits/attacks...not fair to **** an entirely new exam on unsuspected testers.

I've been in ambushes - don't like it - and come through it fighting!

Stay tough brother! ECC should be reaching out to us this week to resolve it!

Do you have a source for this or are you just trying to have a positive outlook?

OctalDump

I sat the exam recently and it matched expectations. There was content on the exam that wasn't covered in one book, but was covered in other sources. This isn't unusual, since it's hard for any book to cover everything.

I probably had some advantage since I have done other IT Sec courses and recently the Security+ exam which acted as a general refresher. Things like Risk Management and hardware failure rates, I've come across before.

There were about 15 questions that I wasn't sure of, and some of those I got right and some wrong. There was at least one question I was sure of that I got wrong. The detail of that question wasn't covered in depth in any of the CEH materials I used, but would have been in some of the secondary materials that are recommended.

The hardest part about the exam is its breadth. It does cover a lot of different areas. Consequently, the study guides don't go into a lot of depth (or else they'd be 5 times the size). Without the depth, it's harder for this stuff to stick. For example, there's a few pages in one of the study guides about nmap, and a couple of tables about the options. If you memorise that, you'd probably be ok for 80% (i.e. you'd pass). But memorising isn't understanding. On the other hand if you read something like the nmap Cookbook, and tried out a whole bunch of scans, and got a feel for which scans to use and when, you'd likely get all the questions. But nmap is just a small part.

I am guessing that if you don't use any study guides - nothing more than the CompTIA description of the objectives - then you'd need a fair bit of experience and probably have read 3 or 4 penetration testing books and also keep current. Which gets to the heart of the problem with certification generally. It's often sold as being an assurance of experience and competence, but its value is more often in getting entry to a field.

If you are using a cert to get entry into a new field, then you won't have the experience that the certifications assume to be testing. In most cases if you had that level of experience, the certification wouldn't be as much value.

Employers also play into this problematic situation when they ask for certifications in technology before allowing staff to use that technology, sending staff to bootcamps to get certified, and asking for certification above the level of the position.

I think certifications are probably most useful for people with some experience and some study, or where you have "informal" experience gained outside of work environment. This helps you bridge that gap.

TL;DR

You should still be able to pass CEH if you know pen testing very well, have experience, and are current and know the objectives - even if you haven't read a study guide. In which case, you probably don't need this certification.

I am interested to see how this all pans out.

JusCoolin

OctalDump wrote: »

I sat the exam recently and it matched expectations. There was content on the exam that wasn't covered in one book, but was covered in other sources. This isn't unusual, since it's hard for any book to cover everything.

I probably had some advantage since I have done other IT Sec courses and recently the Security+ exam which acted as a general refresher. Things like Risk Management and hardware failure rates, I've come across before.

There were about 15 questions that I wasn't sure of, and some of those I got right and some wrong. There was at least one question I was sure of that I got wrong. The detail of that question wasn't covered in depth in any of the CEH materials I used, but would have been in some of the secondary materials that are recommended.

The hardest part about the exam is its breadth. It does cover a lot of different areas. Consequently, the study guides don't go into a lot of depth (or else they'd be 5 times the size). Without the depth, it's harder for this stuff to stick. For example, there's a few pages in one of the study guides about nmap, and a couple of tables about the options. If you memorise that, you'd probably be ok for 80% (i.e. you'd pass). But memorising isn't understanding. On the other hand if you read something like the nmap Cookbook, and tried out a whole bunch of scans, and got a feel for which scans to use and when, you'd likely get all the questions. But nmap is just a small part.

I am guessing that if you don't use any study guides - nothing more than the CompTIA description of the objectives - then you'd need a fair bit of experience and probably have read 3 or 4 penetration testing books and also keep current. Which gets to the heart of the problem with certification generally. It's often sold as being an assurance of experience and competence, but its value is more often in getting entry to a field.

If you are using a cert to get entry into a new field, then you won't have the experience that the certifications assume to be testing. In most cases if you had that level of experience, the certification wouldn't be as much value.

Employers also play into this problematic situation when they ask for certifications in technology before allowing staff to use that technology, sending staff to bootcamps to get certified, and asking for certification above the level of the position.

I think certifications are probably most useful for people with some experience and some study, or where you have "informal" experience gained outside of work environment. This helps you bridge that gap.

TL;DR

You should still be able to pass CEH if you know pen testing very well, have experience, and are current and know the objectives - even if you haven't read a study guide. In which case, you probably don't need this certification.

Am I interested to see how this all pans out.

Noted, I appreciate your input OctalDump.

Sch1sm

I don't understand why people are trying to justify changing the material in an exam without any material for students to prepare for it. I could maybe understand if it was a written exam where you had an opportunity to write something about current events however this is an extremely limited framework of multiple choice answers. If you're sitting an exam that has an official curriculum set out beforehand it is completely unreasonable to ask anything that isn't covered in that material.

OctalDump

Sch1sm wrote: »

I don't understand why people are trying to justify changing the material in an exam without any material for students to prepare for it. I could maybe understand if it was a written exam where you had an opportunity to write something about current events however this is an extremely limited framework of multiple choice answers. If you're sitting an exam that has an official curriculum set out beforehand it is completely unreasonable to ask anything that isn't covered in that material.

I am not sure yet if the exam has changed radically. It might have. Or it could be that people who are failing are jumping on this as a reason. There were questions on the exam when I did it that weren't in the study guides I used. This is pretty common for certification exams, especially when they are as broad as the CEH.

I've failed exams because I assumed that the study guides I used sufficiently covered the material. Some exams seem worse for this than others.

I am very curious to see if it has changed. I think that if there has been any substantial change from the objectives, then people do have a legitimate complaint, since quite clearly it isn't what they paid for. The answer would be to let these people sit the "original" exam for free.

I am not sure on the details of the official courseware from EC-Council, but it seems obvious that the courseware should match the exam given. Since EC-Council controls both, this shouldn't be a problem for them. Again, simple fix.

Microsoft basically say on their page for the exam objectives "Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text", so they could put anything on the exam that they thought is relevant even if it isn't covered by the listed objectives. At least they are up front about being tricky

JusCoolin

And the EC-COUNCIL has spoken:

Hello JusCoolin,

Thanks for sharing your feedback to us, This feedback has been sent to me so i can assist you and explain the exam format, i am listing my view below and would be happy to hear your comments on it.*

1. The CEH exam follows the exam blueprint here https://cert.eccouncil.org/images/doc/CEH-Exam-Blueprint-v2.0.pdf

2. The exam format and pattern have not been changed in any way, we still continue to maintain the exam time and passing score.

3. As far as the quality of the exam is concern, our CEH exam forms are beta tested by a minimum 100 students and are pschometrically validated before they are live.

4. Our exam is updated from to time to capture all the latest skills and knowledge a CEH should have as per industry requirements. So should you see any updated content, it only confirms are test are updated and test the current skills and knowledge the industry expects a CEH to hold.

5. Our exams are written my Subject matter experts and are not build by our in-house teams to ensure our tests focus on measuring the required skills and knowledge.

6. Our courseware/ study material is a guideline that equips you with concepts, tools and techniques of ethical hacking and security assessments. Take note the final title earned by a student who successfully passed the CEH exam is "Certified Ethical Hacker" and does not carry any version no, irrespective of the courseware he used to prepare for the exam.

7. Further a student is required to keep himself updated with the current changes in the market. EC-Council has always encouraged Continuing education and hence we also grant recertification through our ECE policy if this criteria is met.

8. If you still feel there are specific questions that are out of the scope of the exam blue print, please specify which ones so we can take a look at it.

9. Also we have a healthy passing ratio on the test you have attempted.*

If there is anything else i can assist you with pleas let me know.

Thank you
Cherylann Vanderhide
Dir.

TK1799_st

RESPONSE BACK FROM EC COUNCIL:

Thanks for sharing your feedback to us, This feedback has been sent to me so i can assist you and explain the exam format, i am listing my view below and would be happy to hear your comments on it.

1. The CEH exam follows the exam blueprint here https://cert.eccouncil.org/images/doc/CEH-Exam-Blueprint-v2.0.pdf

2. The exam format and pattern have not been changed in any way, we still continue to maintain the exam time and passing score.

3. As far as the quality of the exam is concern, our CEH exam forms are beta tested by a minimum 100 students and are pschometrically validated before they are live.

4. Our exam is updated from to time to capture all the latest skills and knowledge a CEH should have as per industry requirements. So should you see any updated content, it only confirms are test are updated and test the current skills and knowledge the industry expects a CEH to hold.

5. Our exams are written my Subject matter experts and are not build by our in-house teams to ensure our tests focus on measuring the required skills and knowledge.

6. Our courseware/ study material is a guideline that equips you with concepts, tools and techniques of ethical hacking and security assessments. Take note the final title earned by a student who successfully passed the CEH exam is "Certified Ethical Hacker" and does not carry any version no, irrespective of the courseware he used to prepare for the exam.

7. Further a student is required to keep himself updated with the current changes in the market. EC-Council has always encouraged Continuing education and hence we also grant recertification through our ECE policy if this criteria is met.

8. If you still feel there are specific questions that are out of the scope of the exam blue print, please specify which ones so we can take a look at it.

9. Also we have a healthy passing ratio on the test you have attempted.

If there is anything else i can assist you with pleas let me know.

Thank you
Cherylann Vanderhide
Dir. Compliance & Governance
EC-Council.

_____________________________________________

My Counter Response:
First off I signed up to the CEHv8 - it's on my payment receipt and Pearson Vue account. I have screen shots. Second, EC Council does go by version numbers because I have screenshots of the website and iClass/iStore that show a version number. Third, the CEH website was updated in OCT, the very same month that people across the IT industry started to report a whole new set of questions, topics, and lab result questions that they did not study for because they were not on the Version 8 Objectives list. Last, the Version 9 Objective list is published with 18 modules, down from 20 that were listed on Version 8 of the CEH exam requirements. So ECC does go by versions and groups Objectives on what their test takers will be tested on. To say, it's an open field - one would never have enough time or money to gather all the books, videos, and tools to test just to prep.

ECC states that there are 140 NEW labs and 2200 commonly used tools. Really? - you expect students to know all that for a 125 Question exam and say ECC doesn't narrow it down into versions. CompTIA and other major vendors do narrow it down so students have a right and left boundary to study from. At some point there needs to be an organized list of Objectives. Clearly, ECC still uses versions because it's listed on the website. Throwing in "wild cards" when ever you like and banking a whole new set of questions by unknown exam writers and beta testing them by 100 students(who are already certified in CEH or going after certification in CEH?) is a poor choice by EEC. No one will gamble and spend the time necessary to study for CEH if this is the direction ECC is going to take from this point on. Defining Objectives, then turning around and stating that testing has occurred in beta form and throwing that down on an exam to an unprepared test taker is not professional.

At this point, my other recourse is to seek legal advice on what is apparently an attempt to restructure the CEH exam unannounced for motives I do not understand or know. ECC did not announce it nor was I notified through e-mail or phone. Both of which ECC has. Regardless, I'm still out $500 and 10 months of study/prep time on v8 with no clarification that the Exam was in beta test mode and "oh by the way, we are about to unleash a whole new set of questions that no one knows about on an exam you will take!" is at least unfair and very bias. Time that was spent to ensure my position within the DoD Cyber environment. All of that has been put into jeopardy due to ECC decision to push out an exam that no one is prepared to take and a set of questions (100+ I actually did not write them down and walked out them - that's illegal and therefore I do not have specific questions to discuss).

Understand that I belong to different hacking forums and discussions - plus my official duties within XXX. The actual reputation of EEC is on line at this point. Interestingly enough, a new development is also taking to replace the XXX 8750 List to the new 8140. If this situation is not resolved correctly, ECC may not find itself on that list and if so, may have serious competition from Offensive Security who uses Kail Linux and preps testers for such live hacking as that is the actual exam for certification. Added to this, all serious hacking attacks use said OS with included tool set and is becoming the "go-to" certification. Although I cannot speak officially for XXX and those highers that will or will not put CEH on the future list, but what I can do is inform and influence the cyber development environment that allows a clear and concise choice for those of us that need certifications in hacking that there are alternatives.

Although I used Sybex as a guide and official book for training where others used the All-in-One book - plus videos (CBT Nuggets and Secure Ninja), demonstrations, and actual use of these tools (the major 10) that prepped us for the Version 8 exam - and still failed - I can attest that whatever you decide to do is going to shape your repetition one way or the other - be it good or bad - that will be up to ECC.

Over to you,
_________________________

At this point - if I understand it well - the Objectives for v9 are just a guide and future test takers will have to know everything out there about hacking because they are going to field fluid questions from this point on after they are written by outside people and tested on a beta level with 100+ students (that may or may not be certified).

Also - Secure Ninja stated that they will be the premiere v9 video trainer at this point for CEHv9 -- if this is the case - save you money and your time and seek out Kali Linux, Metaspoit, and become certified by Offensive Security (OS). Oh by the way, Metaspolit is FREE to learn and is used for the certification testing for OS...uhm...I wonder where this will go at this point....

That is my next route after I speak to legal on a course of action.

Sch1sm

Nice to see they're taking these appeals seriously and not just sending out the same response to everybody..

danny069

That was a great response TK1799_st. The response from EC-Council was cold and unsympathetic. It is really not fair what they did to I'm sure hundreds, maybe even thousands of people around the world. Please keep us posted on what happens next. I really hope this gets resolved in a fair manner for you and all.

JusCoolin

TK1799_st Well said. I'm just waiting for her response now.

danny069

She must have a million emails lol

JusCoolin

danny069 wrote: »

She must have a million emails lol

Tried to butter her up in the beginning.....didn't work. She has good defense lol.

danny069

A lot of EC-Council's employees seem to be out of Malaysia/India. There may also be a delay in response due to the time difference. From the response it seems like it is a template since both of you had the same reply. Either way, they should offer a free retake valid for a year. $600 is a lot of money to lose, especially given the specifics of this situation. So it is interesting to see how this will all pan out.

Sch1sm

Did anyone get an e-mail offering them a discounted resit voucher? Quite the little scheme they've got going on.

TK1799_st

Sch1sm wrote: »

Did anyone get an e-mail offering them a discounted resit voucher? Quite the little scheme they've got going on.

Oh yes....here it is...

Hi,

Thank you for attempting our CEH examination.

EC-Council would like to support you by offering a retake exam voucher at a discounted price (USD349, normal price USD500) should you wish to reattempt the exam.

If you would like to benefit from this opportunity kindly provide your details at http://cert.eccouncil.org/retake-exam-promo.html and one of our representatives will contact you within 5 working days.

Best Regards,

Mohd. Saifuddin

feedback@eccouncil.org

EC-Council

[FONT=arial, sans-serif]Web: [/FONT]http://www.eccouncil.org

[FONT=arial, sans-serif]The wording in this e-mail has a strong scent of foreign influence in it...My Jedi senses tell me so...but blind I was by the Dark Side to not see this ambush coming....We are dealing with Sith here people!

I just dumped $500 into an Exam - was ambushed - failed to met the 70% - and they send me an e-mail that says, "Hi" [/FONT]

[FONT=arial, sans-serif]

I'm I dealing with high school students here???? [/FONT]

I wonder if I do - will my details get turned into a Nigerian 419 scam?