Experience with CEH Exam
I passed EC Council’s Certified Ethical Hacker exam recently and thought I’d share my thoughts.
Firstly, in terms of preparation, I used Matt Walker’s “CEH All in One Exam Guide”, along with the Boson exam sims.
I quite enjoyed the book, the writer has an engaging tone that’s often lacking in dry IT study guides. I’m not sure how it compares in content to the official training, but I didn’t find it lacking in any areas.
The Boson exam sim was my first time using Boson, and I quite liked it. The explanation answers to each question were excellent. Contrary to what I’ve read online, only about 4 or 5 questions from the sims appeared on the exam. The actual presentation is very similar though.
I did fairly minimal study for this, reading the book once and doing the Boson exams twice, but it was enough to pass comfortably enough. One thing I wasn’t particularly ready for was the number of questions on specific tools. So my top tip for the exam is know your tools and what they do, it’ll bag you at least 10 questions! Around the same time as I began studying for CEH, I also started on TryHackMe, which I highly recommend as a fitting accompaniment to the exam content.
In the end, I have mixed feelings about how worthwhile CEH is. I feel like it’s an exam that gets a lot of mileage out of its “cool” name. You can pass this exam with practically zero hands-on offensive security experience, and after completing Red Hat Certified System Administrator last year – an exam you simply cannot pass without spending many hours in a Linux terminal – my opinion of these pure multi-choice exams on what is supposed to be a technical subject has diminished. Sure, it gives you a birds-eye view of the offensive security landscape, and of course there is CEH Practical for more hands on, but I still feel that this certification is put on a pedestal that it doesn’t quite deserve. Combined with the pushy marketing department hounding me to do paid training, it just left me with an impassive opinion on the whole thing.
So CEH, take it or leave it. If you have Security+ or PenTest+, I think jumping straight to OSCP would be something worth considering, and give CEH a miss. As much as I’d love to do OSCP, it’s CISSP for me next, as it aligns more with where my career is at the moment. Definitely intend to do OSCP at some stage after though.