Dear readers,

Recently, I took the CEH (international) theory examination and passed it on my first try. Therefore, I decided to write my reviews on it and hopefully will be helpful for those who intent to take it.

The CEH that I recently took is the CEH version 11. Version 11 is pretty new as it was just launched around mid of the year (2020) if I am not wrong. Version 11 is a huge changed as compared to version 10 or all the previous version. They included new contents like IoT, exploitation writing such as buffer overflow, and many other new contents. I guess CEH tries to improve by including some exploitation writing lessons to helps to prevent creating script kiddies by introducing exploitation writing? Either way, it is interesting to see CEH intents to slowly catch up with OSCP.

Let’s go into my views on the training/lessons conducted for CEH.

Views on lessons

Due to COVID-19, it is awesome that my lessons were all on Zoom, allowing me to sleep more. Hahaha. The labs that allow me to practice trying out the tools and the penetration testing environments are also online. They have a website that allows you to connect to their Virtual Machines (VMs) with their own internal network to practice. Long gone were the days where they give you a CD with all the tools in it to do it in your own computer.

The lessons were pretty fast pace and they did not cover everything in the book since there were only 5 lessons. Each lesson was between 9am to 6pm with an hour of lunch break at 1pm and 15mins of tea break at 10am and 3pm. Depending on the course tutor, they have different preference. Some prefers to focus on theories since the main exam is about theories while some prefers letting the students do a lot of labs using the iLab given by CEH.

The book consists of almost 3122 pages (Excluding glossary, lab manuals, etc). Each module (a.k.a chapter) is very content heavy. Therefore, the course tutor definitely would not have time to cover everything. Even the lesson itself was very fast pace. It was pretty fine for my friend and I who took CEH together as we have Computer Science background and Cyber Security background. A lot of things were just refreshers to us. We definitely saw a few people in our class who had zero background suffered. Therefore, I recommend that you only take CEH if you already have a lot of tech background and at least some security related knowledge.

Things that you should at least know/experience in before taking CEH:

• Networking (OSI model, TCP/IP, UDP, DNS, routing, VLAN, DMZ, ports, HTTP methods, IP address range and subnet mask calculations, etc).
• Programming (C/C++, assembly, and JavaScript).
• Software Engineering (n-tier application architecture, API, SQL, etc).
• Cryptography (AES/DES/RSA, digital signatures, PKI, etc).
• Experience in HackTheBox, CrackMe, etc.
• Experience in Kali Linux, BackTrack, or Parrot OS.
• Experience in Metasploit and burpsuite.
• Experience in Command Line Interface (CLI) on GNU/Linux and Windows OS.

Things like cryptography is not just knowing they exist, the size of the keys, and application, but also knowing the encryption algorithm and how it actually works internally.

Basically, the lessons are very rush. During the first 5mins, the tutor will be giving very basic lesson on each module (e.g: Cryptography, IoT, Exploitation writing, etc). Then suddenly, the tutor will start to talk about more complex stuff on it. Those who do not have background will be lost while the rest of the people will feel it is a fresher course. Therefore, I recommend only those who have tech background and some security knowledge should take CEH else you will be lost throughout the entire course.

Views on theory exam

The theory examination for mine was at a physical location. No calculators were allowed. They will provide you pencil and rough paper if you need them to calculate stuff like subnet mask, etc). You have to bring your identification card and your exam voucher code. Computers will be given at the location to access the examination questions on the website. You only have four hours to complete it. If you prepared well, it should only take you between 40mins to an hour to complete it.

There are 125 questions and all the questions are Multiple Choice Questions (MCQs). There are four options in each questions and you have to pick one answer for each question. The passing grade is between 60% to 85% depending on the difficulty of the exam as stated on the CEH’s website. My required passing grade was 79% and I got 90.4% which is like 113/125 questions correct. The results will be given immediately after submitting the online test.

Basically, the exam questions can be found on websites posting Past Year Examination questions such as VCEguide. Despite version 11 cannot be found on multiple sources, version 11’s exam came out many questions from previous versions of CEH. Just practice all the 500+ questions available on each version of CEH from VCEguide and then try other websites. You will find probably around 90% of the questions are repeated during the exams as they are word for word same as the ones found online. I only practiced 300+ questions, caused me to find at least 40 questions during the actual examination new to me. Thankfully, my background in Computer Science and security helped me to be able to answer them. Meanwhile, my friend practiced more than 1k questions from multiple sources and only faced around 10 new questions during the actual examination. Therefore, practice all the available questions and you are bound to pass the CEH’s examination.

Summary:

• Exam venue: Physical
• Duration: Four hours
• Number of questions: 125
• Passing grade: Between 60% to 85%
• Not allowed: Calculators and phone
• Guide to passing it: Practice all questions at VCEguide.

Conclusion

Technically, you can actually pass the CEH examination without much tech or security knowledge or even without studying the book but by practicing the past examination questions. However, imagine you managed to get hired by security related companies/firms without at least OSCP but with CEH certificate. Are you really ready for the job when the tasks are given to you?

I hope today’s article has been helpful to you. Feel free to leave any comments below. You may also send me some tips if you like my work and want to see more of such content. Funds will mostly be used for my boba milk tea addiction. The link is here. 🙂