A word of caution about CEH V8/V9

I just barely passed my CEH V8 exam today, and while I should elated, I'm actually a bit angry.

I'll start off with a coworker's quote "I feel like I went to a baking class and was then given a plumbing exam."

So in preparation for CEH, I used the following:

1) Matt Walker AIO + Practice Exams books.
2) VTC CEH video course
3) Random youtube videos for topics I wanted more info on
4) EC Council Licensed bootcamp style exam prep class & labs (4 days + review day/exam day).

I'm not a certificate whiz, but I've successfully done two other boot camp style classes & exams (Security + and ITiLV3) and done pretty well in them, I've been in the tech industry a long time, and have an excellent memory and decent test taking skills.

The exam I had today was something I barely recognized. Over half the questions were topics that were not covered in any of my studies.

I had questions on hard drive failure costs, backup failure rates, and numerous questions on the Risk Management Framework (which is different from the risk triangle/risk analysis matrix), and other weird stuff that just made me wonder if I had gotten a the right test.

I know V9 drops on Nov 1, and I wonder how many V9 questions I might have gotten. I've heard there are always sample/dummy/test questions on certification exams, but there just seemed to be too many for it to just be a sampling.

Over half my boot camp class didn't pass - and these are smart people with tough certs behind them (Oracle, Cisco, Voip certs, etc.) from a wide range of disciplines - DBA's, networking guys, web developers, security admins, etc.

Regarding the exam, one person summed it up incredibly well "I feel like I went to a baking class and was then given a plumbing exam."

I didn't expect an automatic pass because my company paid the money and I showed up. I studied hard, participated in class, and felt I knew the material. I was getting 85s on the Matt Walker stuff, I was getting high 90s in the pre-tests given on the 3rd and final day of the bootcamp.

Has anyone else experienced anything like this?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

TechGuru80

This is a question out of curiosity on the subject. What kind of Infosec experience do people have that are failing recently? Personally I did OSCP training and some self-study prep specifically towards C|EH, plus I work in Infosec and passed so my experience sounds a bit different than most. Just curious if people are just going through official courseware and/or work as something like sys admins where they touch security but not in a large capacity...or jobs that are not technical.

Sch1sm

certlover wrote: »

In Vue website, we have 2 exams : 312-50 and 312-50v8.
My scheduled exam is showing : v8, do you think I still may get the v9 ?

Cheers

I sat 312-50v8 and with absolute certainty I can say my exam had several questions from version 9 on it. Cancel your exam and get a refund until this is sorted out.

certlover

Just contacted VUE and they said that my exam which is scheduled on Oct 28 is already expired and I can only take it on this date whitout possibility to re-schedule....... , confused

Sch1sm

Better hope you guess the right answers then, unlucky dude.

OctalDump

IronmanX wrote: »

Nice Post BillV

I think you guys are fighting a loosing battle:
"4. Our exam is updated from to time to capture all the latest skills and knowledge a CEH should have as per industry requirements. So should you see any updated content, it only confirms are test are updated and test the current skills and knowledge the industry expects a CEH to hold."
^^^That pretty much covers their butts. They can add anything they want.

I mentioned before I was tested in march on a bunch of stuff not covered in the v8 course.

Yeah, this is what I was thinking. They say that the current exam is versionless but regularly updated. This means the CEH v8/v9 designation makes no sense for the EXAM, but could still be used for versioning courses and study materials. This can be a totally legitimate way of running an exam, as long as it is well understood by everyone involved. Incremental changes to the exam that don't change more than 10% of the content at a time shouldn't affect the pass rate for most people.

However, if the people paying for the exam don't like this, EC-Council might have to change their system. It isn't a cheap exam.

I'm still concerned that maybe people who failed for other reasons, might think that it is because of something that ECC has done to the exam.

binarysoul

BillV_ wrote: »

Again, the version number complaint is invalid. It is an ANSI test. The version number is irrelevant. Whether you "study for v8" and take the "v9" exam doesn't matter. The exam is based on the job requirements, not the EC-Council courseware.

Exam is based on job requirements? The "job requirements" are determined by who? ANSI or ECC?

1. If ECC tries to point blame to what ANSI wants, then people might as well be certified by ANSI, so no point for ECC to exist anymore.
2. If it's ECC who formulates what "job requirements" for an ethical hackers are, then it MUST come up with a blueprint that has a start and and an end. It shouldn't try 'save the world'.
3. This whole excuse of "updates in industry" are done by requiring candidates to complete continuing education.
4. Remember, no other cert vendor has been as widely criticized. Isc2 back in April changed their exams; it went smooth.
5. All in all, it's a failure of leadership in ECC.

TK1799_st

binarysoul wrote: »

Exam is based on job requirements? The "job requirements" are determined by who? ANSI or ECC?

1. If ECC tries to point blame to what ANSI wants, then people might as well be certified by ANSI, so no point for ECC to exist anymore.
2. If it's ECC who formulates what "job requirements" for an ethical hackers are, then it MUST come up with a blueprint that has a start and and an end. It shouldn't try 'save the world'.
3. This whole excuse of "updates in industry" are done by requiring candidates to complete continuing education.
4. Remember, no other cert vendor has been as widely criticized. Isc2 back in April changed their exams; it went smooth.
5. All in all, it's a failure of leadership in ECC.

I second this - failure in leadership.

Remember, the VP had no idea this was going on until I contacted him.

"Strange things are afoot at the Circle K," Bill and Ted's Excellent Adventure

supasecuritybro

TK1799_st wrote: »

I second this - failure in leadership.

Remember, the VP had no idea this was going on until I contacted him.

"Strange things are afoot at the Circle K," Bill and Ted's Excellent Adventure

I don't care if they updated the test but at least allow me the chance to take the exam I paid for and not push me to the next one without a heads up. On Preason Vue you cannot choose the v8 anymore.

BillV_

binarysoul wrote: »

Exam is based on job requirements? The "job requirements" are determined by who? ANSI or ECC?

1. If ECC tries to point blame to what ANSI wants, then people might as well be certified by ANSI, so no point for ECC to exist anymore.
2. If it's ECC who formulates what "job requirements" for an ethical hackers are, then it MUST come up with a blueprint that has a start and and an end. It shouldn't try 'save the world'.
3. This whole excuse of "updates in industry" are done by requiring candidates to complete continuing education.
4. Remember, no other cert vendor has been as widely criticized. Isc2 back in April changed their exams; it went smooth.
5. All in all, it's a failure of leadership in ECC.

There's actually a whole process that goes into it, following regulations from ANSI, from psychometric evaluations to full panels of "industry experts" (people working in the field). So to answer your question, neither ANSI or ECC comes up with it. The people that are in this line of work do.

1) ANSI doesn't certify people, it creates standards for organizations that provide certifications (among other things)
2) The blueprint is out there, and has been linked to. My statement above covers the job requirements
3) Yes, you will be required to obtain continuing education credits but that's separate from the idea that the exam evolves. I wouldn't really expect you to answer questions about the Melissa virus on a CEH exam but I would highly expect you to be familiar with Heartbleed and Shellshock (at least have heard the name, and, maybe, have a general idea of what the vulnerability is)
4) They all receive criticism for different things, a lot of people flipped out about the CBK for CISSP changing when that switched over (for the exact same reason... "I studied for the current domains, now I have to start all over")
5) This is speculation but it sounds like people that shouldn't be passing the test, aren't passing the test.

TK1799_st

BillV_ wrote: »

5) This is speculation but it sounds like people that shouldn't be passing the test, aren't passing the test.

Wow - that's a pretty bold statement -- or assumption....

Sch1sm

I've avoided taking the bait from BillV_ up until now but it's just ridiculous. Are you genuinely just spending your time going through every thread here just to antagonize people?

I'm going to assume that you're not actually trolling here and genuinely don't understand how exams work so I'll attempt to break it down for you so you can understand why people are upset with this situation. To have an exam on something you need to define the scope of the questions which will be asked. To give an extreme example to illustrate my point - you wouldn't go into an exam based on the work of Shakespeare and expect to be asked to solve a polynomial equation would you? Of course not! The EC-Council has defined the scope of their exam in their official course material. They have official textbooks that contains all of the material you can be asked questions on. In this case the material is version 8 of the certification. People booked exams based on their knowledge of this material and expected to be asked questions on that material and that material alone. Now the situation has occurred where people have been sat exams that are supposed to be based on version 8 of the certification (this is stated in the exam code that is presented at the testing center which ends in v8 (that stands for version 8 )) but clearly deviate from the material covered in the v8 textbooks. Having looked at the EC-Council's official website which is advertising their new version (v9) it is clear to test takers their version 8 exam has several questions that are based on material that is "new to version 9".

You keep mentioning how the exam needs to evolve. Of course it does! To update it, you release a new version of the exam! This is fine, nobody is complaining about the concept of updating the exam to keep up with current trends in the industry. The problem stems from controlling the versions being presented to students. For example, if the EC-Council stated back in, say, February that they will be phasing out version 8 and bringing in version 9 at the end of the year and anybody sitting the exam after September will be presented with the version 9 exam this situation wouldn't have happened.

The CEH exam is made up of 125 multiple choice questions with a pass rate of 70%. This is a reasonably high pass mark so every correct mark you can get matters. In a multiple choice exam there is no freedom to write about any relevant knowledge you have outside of the course material - you simply have to pick one of 4 possible answers you're presented with. This is where saying things like "oh you should know about x or y already!" fall flat. If it isn't covered in the official material that is produced specifically for this exam it is absolutely unfair to test students on it. To make things worse, there isn't even any material for version 9 so it's impossible for students to properly prepare for the exam they're being presented.

Hopefully this post clears a few things up for you.

BillV_

TK1799_st:
I would disagree with my statement being that out there. I'd say it's an informed assumption based on all of your other posts. However, like I said before, I'm not going to discount your complaints. I'm still willing to give you the benefit of the doubt. Please tell me anything relevant about your background or experience that qualifies you for the CEH.

Sch1sm:
It's not bait. I'm genuinely attempting to clear things up, as there seems to be a large amount of confusion here. I think I understand how exams work, as I've taken a lot of them. It seems to me that I also understand the exam in question more than you do. The scope of questions is defined in the blueprint. I'm not aware of any questions on the CEH exam about Shakespeare or polynomials but it does have questions about packet sniffing, port scanning, identifying attacks, common/well-known vulnerabilities, and other hacking techniques. So if you don't know enough about those (and similar) topics, then no, you will not pass.

Your statement is incorrect. I've explained this several times, in my multiple "trolling" posts, but it seems like you're still failing to understand or comprehend.

The EC-Council has defined the scope of their exam in their official course material. They have official textbooks that contains all of the material you can be asked questions on.

I'm sorry but, once again, this is incorrect. The exam is developed according to ANSI guidelines. Part of those requirements is to make the exam fair to everyone, regardless of the route or method of study taken. This means you can not study anything at all, you can read the Sybex or Wiley study guides, or you can attend an official class/read the official courseware. This means that the exam cannot be developed based on the official courseware. The exam must be independent and be based upon the job requirements of someone in an "ethical hacking" position.

So yes, the courseware has a version number assigned to it. Previously, the most current courseware was v8. The new courseware is v9. Why would they update their courseware? Well do you want to learn about tools that no longer exist, vulnerabilities that have been patched for 10 years, or techniques that no longer work? Of course not. Thus, the reason for the update.

People booked exams based on their knowledge of this material and expected to be asked questions on that material and that material alone

There is nothing that says you only need to read one book, and that one book will be solely used for the exam.

Yes, there are 125 graded multiple choice questions. You need 88 correct (70.4%) to pass.

It's unfortunate that you didn't pass. I hope you do better next time.

Sch1sm

You are either hopeless or an extremely dedicated *****.

BillV_

Sch1sm wrote: »

You are either hopeless or an extremely dedicated *****.

Sorry you feel that way. I really can't make it any more simpler than what's above.

gncsmith

While I have no "Dog in this fight", I do intend on studying for and taking the CEH next year; so, my question to you BillV_ is how would you prepare for and supplement (aside from the books, and videos) in order to successfully tackle this exam?

BillV_

gncsmith wrote: »

While I have no "Dog in this fight", I do intend on studying for and taking the CEH next year; so, my question to you BillV_ is how would you prepare for and supplement (aside from the books, and videos) in order to successfully tackle this exam?

What's your background? And what other certifications do you have (looks like Net+)?
And how do you prefer to learn (self-study, books, classroom)?

IronmanX

Sch1sm wrote: »

You are either hopeless or an extremely dedicated *****.

I'm Reading all these posts from people who failed and feel the same way towards them.

BillV_ has explained in great detail why things are the way they are.
Yet I still see recent posts like:
"The EC-Council has defined the scope of their exam in their official course material. They have official textbooks that contains all of the material you can be asked questions on. In this case the material is version 8 of the certification."
This is wrong.
EC-Council has defined the scope of their exam in their blue print and this has not changed.
There are no official exam textbooks. As stated by Bill ANSI requires that a person be able to obtain a cert no matter what material they read.

After reading through all this I will say I do think you guys have recourse just not with EC Council. Why is the testing centre appending a version number to the exam code? This is misleading and you should be going after them for a free retake. I'll assume that you guys who have failed have documentation that says 312-50v8? Right now when searching Pearson Vue there are no 312-50v8 listed just "312-50". However there is "312-49v8: Computer Hacking Forensic Investigator " so I can totally believe that Pearson Vue has screwed up and put v8 at the end of 312-50 which is misleading you the test taker. Go after them for a free retake and good luck.

IronmanX

No version number on the exam since ANSI approved the CEH Cert.

There is a blue print for the exam as per ANSI requirements (This is what you must know).

There are version numbers on the official EC Council approved courses. Also the courses have objectives. However these course objectives do not directly correlate to what is on the exam. You have no recourse when it comes down to being asked questions that where not in the course but where on the exam. The courses objectives and the exams blue print are not identical.

BillV_

IronmanX wrote: »

No version number on the exam since ANSI approved the CEH Cert.

There is a blue print for the exam as per ANSI requirements (This is what you must know).

There are version numbers on the official EC Council approved courses. Also the courses have objectives. However these course objectives do not directly correlate to what is on the exam. You have no recourse when it comes down to being asked questions that where not in the course but where on the exam. The courses objectives and the exams blue print are not identical.

Okay, I lied. Turns out it can be put more simply

Luc1an

Hi all, I've just joined this community and got frozen reading this all.

I will take this exam tomorrow morning and well... I can understand all of those who complain about this suddent questions change but I tend to agree with those who are explaining that if you pass this exam and get certified should be because you really know about "Hacking".

My case is this.... I've took the oficcial EC-Council class training from October 5th to the 9th. I paid for the class training, the course materials and the exam all together. The exam is pre-booked by EC-Council thru VUE to be taken in 2 weeks after the class training. That's tomorrow !!! I will be honest. I have no early experience on Security as I'm now being focused on it and really want to take my IT carrear into this area. So far I've got several certifications like MCSE, BlackBerry, Mirapoint, PMP, ITIL, Red Hat..... but nothing about security.

I really don't know what I will find tomorrow when I sit into the exam's room but I fully understand that to be a CEH you need to demostrate you deserve it. Otherwise the certification whould just... a paper !!!. However in the other hand EC-Council should then take your money for this "pack", class training, course material and exam all together and then pretend you are able to take the exam sucessfully.

Wish me good luck !!! And guys... don't desperate, work hard and you will get it.

BTW.. If i don't pass tomorrow I will try to take the exam again in the future but abviously I won't pay again 2.xxx € for the new training materials. Could you please provide me with some info about what books should I consider for a possible exam re-take?

Sorry for my english.. I'm not a native speaker

gncsmith

Well, my background. My first computer was a Commodore 64 with a tape, I've been building/repairing computers since 1998 (while in the Marines I was matching my salary with side work), when I got out in 2002 I attended a local community college for Computer Networking (taking Cisco Acad but didn't take the exam). For the last 10 years I've worked for the federal government, 4 of which has been as a Business Analyst and Security Manager for an HRIMS. I am pursuing certs and college courses to prepare for a more technical role, which to me, is more interesting and fulfilling.

I best learn by watching and doing but do well reading too. No matter which method, I MUST take notes, sometimes to the point of just rewriting multiple times just to ensure they stick into my brain.

BillV_

Good luck on your exam. Hopefully the in-person training class has prepared you for it properly. As you are new to security, keep in mind that the CEH certification does state you should have 2 years of working knowledge. The test can prove difficult otherwise. I'm not familiar enough with any of the current third-party study guides on the market to recommend one.

TK1799_st

Sorry Billv_ I don't need to state my quals to you or anyone else on this forum. I've listed my already gained cert's...I know how ECC works - I have tested and passed with CHFI. I know what I'm talking about - as do the others who have committed. ECC already has stated the v9 was released too early.

Your comments and those of IronmanX are irrelevant. What occurred was a mistake on ECC part - they are now meeting to fix it or refund it. Why don't you knock out your quals on providing opinion on why everyone should listen to you? I don't care one way or the other. It's doubtful we should ever meet and have a cup of coffee together and talk IT security...so my reason being here is to warn others not to go down this road at the moment...

BillV_

gncsmith wrote: »

Well, my background. My first computer was a Commodore 64 with a tape, I've been building/repairing computers since 1998 (while in the Marines I was matching my salary with side work), when I got out in 2002 I attended a local community college for Computer Networking (taking Cisco Acad but didn't take the exam). For the last 10 years I've worked for the federal government, 4 of which has been as a Business Analyst and Security Manager for an HRIMS. I am pursuing certs and college courses to prepare for a more technical role, which to me, is more interesting and fulfilling.

I best learn by watching and doing but do well reading too. No matter which method, I MUST take notes, sometimes to the point of just rewriting multiple times just to ensure they stick into my brain.

Okay, so from your Security Manager role, how much of that has been hands-on? And in doing what sort of tasks/job functions? Have you gone through the STIGs and manually hardened systems? Have you used (the now gone) Gold Disk? Written SOPs/Security Guides or done anything with DIACAP? Some of that will give you a good baseline/fundamental level of security knowledge that will certainly be beneficial.

I would recommend you pick up a copy of any of the most recent study guides. Do not expect this to be the only resource to use. This will just get you acquainted with the types of topics you should expect. You then need to spend some time using the most common tools in a lab environment. If you don't have VMware, grab the free VirtualBox. Stand up some targets and play with the tools to get a good understanding. You should know the most common nmap switches from memory, so when I say 'what does this do? nmap -sS -sV -v -T4 -sC -p 80 192.168.1.1' you should recognize it without having to look it up. I suspect you'll be familiar with new/major vulnerabilities that have, and will, come out. Know your common ports and protocols too. Being on the Federal side of things, you should actually have access to the VTE/Virtual Training Environment. It used to be run by CERT but is managed elsewhere now. They used to have a CEH course in there, and I assume still do.

If you haven't already, grab a Linux distro and get familiar with the basics of Linux system management. Pull down Kali if you want all the tools ready to go. Use some of the vulnerable systems that are out there (like metasploitable, or check vulnhub).

It can be summarized as an "Intro" or "fundamentals" of ethical hacking certification. But you need to have spent some time with the tools of the trade to successfully pass this exam.

iBrokeIT

After reading this thread as an outsider and reviewing post histories its pretty clear that BillV_ and IronmanX are either ECC employees/trainers or unbashed ECC fan boys...

Seems like ECC made a serious mistake, didn't have the controls to realize and now the ***** accounts here are trying to minimize the impact to the reputation of ECC by tearing down other people.

BillV_

TK1799_st wrote: »

Sorry Billv_ I don't need to state my quals to you or anyone else on this forum. I've listed my already gained cert's...I know how ECC works - I have tested and passed with CHFI. I know what I'm talking about - as do the others who have committed. ECC already has stated the v9 was released too early.

Your comments and those of IronmanX are irrelevant. What occurred was a mistake on ECC part - they are now meeting to fix it or refund it. Why don't you knock out your quals on providing opinion on why everyone should listen to you? I don't care one way or the other. It's doubtful we should ever meet and have a cup of coffee together and talk IT security...so my reason being here is to warn others not to go down this road at the moment...

No worries. Good luck with your goals, and if you end up attempting the exam again.

Sch1sm

iBrokeIT wrote: »

After reading this thread as an outsider and reviewing post histories its pretty clear that BillV_ and IronmanX are either ECC employees/trainers or unbashed ECC fan boys...

Seems like ECC made a serious mistake, didn't have the controls to realize and now the ***** accounts here are trying to minimize the impact to the reputation of ECC by tearing down other people.

Yeah, someone else has already asked Bill if he works for ECC. It wouldn't surprise me. According to other posters the ECC Vice President of NA is looking into it and has accepted a mistake has been made somewhere so hopefully it all gets sorted.

BillV_

iBrokeIT wrote: »

After reading this thread as an outsider and reviewing post histories its pretty clear that BillV_ and IronmanX are either ECC employees/trainers or unbashed ECC fan boys...

Seems like ECC made a serious mistake, didn't have the controls to realize and now the ***** accounts here are trying to minimize the impact to the reputation of ECC by tearing down other people.

I am neither an employee or a trainer. And I don't think any mistake was made, other than at least one person here that wasn't prepared for the exam, has failed. That has become clear throughout other posts made and the level of knowledge/skill presented. For the others, I'm not sure, they may have had a poor instructor that didn't properly prepare them. That's what instructor reviews are for.

gncsmith

Yes, in my Security Manager role, I have written SOP/Security guides. In fact, shameful as it is, they didn't have anything other than some notes from the vendors security manual. We just passed an audit by KPMG (previously failed the last two) because I documented and wrote them. This audit was an eye opener for me (for management too but that's another story) and I realized the "itch I couldn't scratch" was my dissatisfaction with my job and that I really enjoyed the security role the most. I conduct internal reviews on role based security roles, query usage, user behavior, etc. as well as work with program manager and developers to create or update security roles. I have not used the Gold Disk, nor have I gone through STIGs or manually hardened systems. I have been building a home lab with two servers (one to run multiple VMs) and some Cisco routers/switches and will be pursuing Linux+ for further learning. Currently, I'm running Fedora on my laptop and have CentOS on my servers. I have the Linux Bible and accompanying Linux Command Line book so that's a larger task for after the beginner's certs I have lined out. I also have Kali in a VM but haven't explored it much because I get distracted by "bright, shiny things" and would rather stay focused on my path.

As you pointed out, I only have the Network+, will be taking the Security+ later this afternoon, and then on to more intermediate certs.

As for the 2 years of working knowledge, well, I guess I'll push back the CEH until then. My main focus is to make a transition into InfoSec or something similar that will pay equivalent to what I make now so I can gain more experience.

Thanks for all the information.

BillV_

Sounds like you're heading down the right path. The 2 years is the recommendation from EC-Council. Not necessarily a requirement. But you will have to submit an eligibility form to take the exam if you don't take a class. I know plenty of people that have put in the effort, and then went and tackled the exam without having the two years of experience.

You'll definitely want to spend some time with Kali, or least the tools, when you're ready to prepare for the CEH. You may want to check out Counter Hack Reloaded by Ed Skoudis and/or The Ethical Hacking and Penetration Testing Guide by Rafay Baloch. Both would be excellent resources, and will probably prepare you better for the exam than a study guide (though you'll still want one just to get familiar with some of the things specific to CEH).