Certified Ethical Hacker exam overview: Application process, rules and eligibility
If you're an ethical hacker, keeping up with the latest vulnerabilities and hacking methods is a full-time job. CEH (Certified Ethical Hacker) certification helps you stay up to date with the latest attack techniques and show employers you have what it takes to keep up in the ever-evolving world of cybersecurity.
Earn your CEH, guaranteed!
Here's everything you need to know about the CEH exam, including how to schedule and prepare. And, if you're only thinking about joining the fast-paced world of ethical hacking, check out our How to become a Certified Ethical Hacker podcast.
What prerequisites are there for the CEH exam?
Before enrolling in certification training, you must know whether you're eligible to take the test. EC-Council has CEH exam requirements all potential candidates must fulfill. There are two ways to meet the requirements for the Certified Ethical Hacker exam, and both require candidates to prove eligibility before being approved.
1. Complete an official training course accredited by the EC-Council. The time it takes to complete these courses and their difficulty level can vary, but all approved training guides teach the information necessary to pass the CEH exam. This is often the preferred method of meeting eligibility, as many CEH certification training courses offer additional study resources and a voucher for the exam. Some even combine penetration testing training for multiple exams, like Infosec's Ethical Hacking Dual Certification Boot Camp (CEH and PenTest+).
2. If you prefer the self-study route, you need to meet a few CEH exam requirements before you can take the test. They are:
-
Two years of work experience in information security.
-
Documentable work experience in all nine CEH domains.
-
$100 non-refundable eligibility application fee or hold a CEH certification from versions 1 to 7.
For those who lead ethical hacking instruction or training courses or hold a Ph.D. in a relevant field, the experience and education requirements are waived. However, the eligibility application form is required.
Once you've submitted your eligibility application, you should receive a response within five to 10 days. If approved, you'll get instructions on how to buy an exam voucher. Remember that approved applications are only valid for three months, so buy an exam voucher before it expires. Exam vouchers are valid for one year.
Scheduling the exam
Once you're approved to take the CEH certification exam, you'll receive an EC-Council voucher code you can use to schedule your exam. However, you can also purchase a voucher through Pearson Vue and schedule the exam at either ECC exam centers or Pearson Vue testing centers. You can find ECC exam centers on the campuses of numerous universities and community colleges, and there are multiple Pearson Vue testing centers in nearly every state in the U.S. Alternatively, you can request to have your CEH exam virtually proctored by EC-Council.
Latest CEH exam version
CEH v12 uses CEH Exam Blueprint v4, updated in January 2021. While the CEH exam objectives haven't changed in CEH v12, there may be questions containing updated information on the latest threats due to new technologies. These include:
-
Techniques for establishing persistence
-
NAC and endpoint security evasion
-
Edge, Fog, and Grid computing
-
MITRE ATTACK framework
-
Diamond model of intrusion analysis
Format and testing rules
Knowing about an exam can make it less intimidating when test day arrives and help keep you from violating the rules while taking the test. Studying the nine domains provides a great knowledge base, and here's what you can expect the exam format and procedure to look like.
Exam duration: Four hours
Number of questions: 125
Exam format: Multiple choice
Exam medium: Digital application
Breaks: None unless specified by the proctor
Passing score: There is no set passing score. Points are given based on each question answered and compared to a cut score.
Food and beverages: Beverages are allowed in any container, but food is not permitted.
Take care! There are several ways a Certified Ethical Hacker exam candidate can invalidate their test and automatically fail. These include:
-
Repeated talking or mumbling after a warning
-
Looking at another test taker's screen
-
Photographing any part of the exam
-
Any other violation of the NDA signed before taking the exam
-
Leaving the testing area outside of breaks
Retakes and appeals
If you don't pass the CEH certification exam on the first try, don't stress; the EC-Council allows retakes. If you've only taken the test once without passing, there is no required period before you can retake it. However, if you don't pass your first retake, there is a 14-day cooling period before you can retake the exam. Candidates are only allowed five retakes in 12 months. Luckily, exam vouchers for retakes are offered at a discounted price through ECC. Training organizations like Infosec offer an Exam Pass Guarantee, allowing you a free second attempt.
Earn your CEH, guaranteed!
There's also an appeals process available for candidates who believe their Certified Ethical Hacker exam was graded in error. Appealing exam-related decisions involves filling out the appeal form and emailing it, along with any corroborating evidence and the exam transcript, to certmanager@eccouncil.org within seven days of the exam date. The appeal will be sequentially reviewed by up to three governing bodies depending on how far the candidate takes the appeals process: The EC-Council, the Scheme Committee and the Honorary Council.
Is the CEH exam hard?
While the EC-Council doesn't publish pass rates for the CEH certification exam, many people earn their certificate on the first attempt. Some candidates who have obtained the certification say that CEH training courses and a broad range of learning materials helped them along the way. Enroll in an EC-Council-approved CEH training course and read our article on Everything you need to know about the Certified Ethical Hacker Certification.
Sources:
Certified Ethical Hacker (CEH) v12