About the Certified Ethical Hacker (CEH) Exam

Introduction

The Certified Ethical Hacker (CEH) certification is designed to test your skills in identifying vulnerabilities and understanding the different kinds of attacks that can exploit them. The idea is that you, as the successful candidate, understand how to probe a system or application or platform (in an ETHICAL way) to find vulnerabilities that a less-ethical hacker (cybercriminal) would exploit to damage systems, disrupt business and/or steal money. You then, as the ethical hacker, would alert those who can patch or otherwise address that vulnerability before the bad actors do.

The Exam

The content of CEH is very technical – you’re expected to know the details of different methods and tool and resources, and put them to use in the real world. The CEH isn’t about theory, it’s about responding to real issues and events, and as such it expects you to have real experience and knowledge.

The exam itself is pretty straightforward, and follows a similar path to other technical certifications. Details include:

  • Proctored exam via computer, either at a Pearson VUE center or the ECC Exam Center
  • Comprised of 125 multiple-choice questions
  • Four (4) hours to complete = 240 minutes / 125 questions = (just under) 2 minutes per question
  • The CEH is an adaptive test, meaning that the questions will vary in difficulty and length
    • If you answer the harder questions correctly, the test will likely be shorter. If you miss the harder questions, easier questions on the same topic will follow, which may lengthen the exam
  • As a result, the passing grade varies somewhat – most rule-of-thumb estimates are 70%, but that can change a based on your particular exam – anywhere from 65% to 80% can be a passing grade, depending on your particular exam

Eligibility

To take the  CEH exam, you need to meet one of three (3) prerequisites:

  1. Hold a Certified Ethical Hacker certification from version 1 through version 7 (previous versions)

OR

  1. Demonstrate 2 years of experience in an InfoSec domain

OR

3. Have completed an EC-Council training (must show proof of completion)