Sistema de blogs Diarium
Universidad de Salamanca
Pablo Gallardo's Blog
My professional web log about IT, Cybersecurity & Project Management
 

How to get Certified Ethical Hacker (CEH) Certification

Certified Ethical Hacker (CEH) program is a set of certifications provided by EC-Council and related to cybersecurity.

CEH is a certificate that appears in most of the professional certification paths suggested by EC-Council, so it can be considered a core module on Cybersecurity among all the ones offered by EC-Council.

Based on my personal experience, the organization of this course is quite sketchy and scattered, specially compared with other certification providers like ISACA or AXELOS. I really needed to take many notes and spend time to do some research until understood how things were organized.

The different CEH training platforms are not unified and you must register into different EC-Council platforms without single sign-on. This makes discovery, registration and logon process quite confusing until you understand the purpose of each portal.

Because of this, I would recommend to use a guide (like the one you are reading) to complete the course in a more straightforward way. This post sums up my conclusions.

I enrolled for CEH course on July 2020, when the latest CEH version was v10. As there are already newer versions for this course (for instance, v11) some information on this post may be out-of-date.

 

What is CEH Cerfication?

There are different certifications issued by EC-Council containing the name Certified Ethical Hacking (CEH), so it is convenient to understand each of them:

  1. Certified Ethical Hacker (CEH) (with no suffix, but also referred sometimes as CEH ANSI): focused on theoretical knowledge about cybersecurity.
  2. CEH Practical: focused on skills/abilities about cybersecurity.
  3. CEH Master: it is a certificate that it is automatically achieved once candidate has obtained both CEH and CEH Practical.

All these three certifications are grouped under the Certified Ethical Hacker (CEH) Program. They also belong to the  EC-Council Continuing Education Scheme.

Since CEH v8, CEH is American National Standard Institution (ANSI) 8570 Accredited.

 

Who can be interested in obtaining CEH Cerfication?

Certfied Ethical Hacker (CEH) focuses on exploiting IT vulnerabilities, introducing hacking tools, and learning potential attack vectors to information systems.

CEH is useful for candidates interested in the following careers:

  • Ethical Hacker
  • System Administrator
  • Penetration Tester
  • Security Professional
  • Security Analyst
  • Security Consultant
  • Security Auditor

 

How many versions of the certificate are there?

CEH certificate title usually comes with a version. For example, the newest certificate that has been released as of October 2020 was CEH v11 (version 11).
Periodically, EC-Council issues a new CEH certificate version.

  • v11: since Sep-2020
  • v10: from Mar-2018 to Aug-2020
  • v9
  • v8: it was the first instance accredited by ANSI.

 

Is there a official online community to prepare CEH exam?

Not that I know of. I have only found some sparse topics in IT forums regarding CEH exam, but I found no posts discussing specific question or modules, for example.

It was surprising for me because I had previous experience with other certification issuers that manage their own official communities for exam preparation. For example, AXELOS and ISACA have both their own communities.

The closest I have found is the following unofficial fora:

 

CEH (ANSI)

What is the eligibility criteria for CEH (ANSI)?

There are two options:

  1. Attend official training: If a candidate has completed an official EC-Council training either at an Accredited Training Center, via the iClass platform (official online training), or at an approved academic institution, the candidate is eligible to attempt the relevant EC-Council exam.
  2. Attempt exam without training: In order to be considered for the EC-Council exam without attending training, candidates must first be approved via the eligibility application process. The application can be found here.

More information on this link.

What is the previous knowledge I am supposed to have before studying for CEH (ANSI)?

You need at least:

  1. Expert knowledge of computer networks. An in-depth course of computer networks like the ones offered at university. Or studying a book like “Computer Networks” by and Andrew S. Tannenbaum & David J. Whetherall.
  2. Advance knowledge of  operating systems, specifically Windows and GNU/Linux. It includes how to access basic configuration like firewall utilities or common commands for terminals.
  3. Advance knowledge of SQL syntax and relational tables. Important to understanding SQL injection.
  4. Basic knowledge of HTML and PHP. Important when performing XSS attacks.
  5. Basic knowledge on cybersecurity. The EC-Council proposed learning program suggests that candidate is a Certified Network Defender (CND) before going for CEH, though it is not mandatory.

On the other hands, it is NOT required necessarily:

  1. Programming/development skills
  2. Project management skills
  3. Software engineering knowledge

An equivalent of bachelor in Computer Science should be enough. If you do not have formal university studies, refer the list above of required knowledge.

How can I get the official preparation material?

The exam candidate can either register for the exam directly or prepare it through the official material and/or courses.

Some candidates may opt to use the available non-official bibliography to prepare the exam and then register for the exam.

In my case, I contacted EC-Council through this form for further information and pricing and they called me back. After the first call, they sent me by e-mail some bundles that included preparation material and exam fees.

There is no official printed material. All official preparation material is online, and there are restrictions to print the material to paper. So if you go for the official training material, you will have to study it with a computer; you can even download a mobile phone app to read it from tablets or smartphones. The time to access this online material is limited, usually one year; so do not enroll the training course if you do not plan to start it immediately or in the forthcoming months.

EC-Council provides a CEH iLearn package for self-paced training. It contains videos, written material and virtual labs.

EC-Council also provides CEH iWeek program, that allows the candidate to receive online, instructor-led, live training.

How to prepare CEH (ANSI)?

The basic official self-paced training package offered by EC-Council is called CEH iLearn. It consists of a limited-time subscription to the following platforms:

  1. iClass
  2. E-Courseware
  3. Labs (sometimes referes as iLabs)

The material found in the CEH iLearn package (all accesible from the iClass platform) should be a complete reference to get the required knowledge to answer the CEH exam questions and also complete the CEH Practice.

iClass is the platform from EC-Council to receive online training. Here you will find the CEH course organized by modules, containing stream videos where an instructor speaks about the relevant topic, and includes links to readable material (that is the one that the instructor uses as a guideline in his stream videos) and access to virtual environments to test the practical part of the module. All the required preparation is accessible from this platform, though you will be redirected to other platforms in some ocassions.

Readable material is uploaded to a third-party platform different to iClass called VitalSource. Nevertheless, this platform is still accessible from iClass. The readable material is what EC-Council calls E-Courseware.

Labs are virtual environment that allows exam candidate to put in practice the learnt knowledge. These labs are also located on the third-party platform One Learn-Lab on Demand. As these labs were formerly hosted by EC-Council under the iLab hostname, these labs are referred often as iLabs. Again, these labs are also accessible from iClass.

In order to prepare the CEH exam (before going for CEH Practical), you must focus on the E-Courseware rather than the lab lessons and practices.

Additionally (and with an extra cost), the candidate may hire an exam preparation module, also provided by EC-Council.  The official web to prepare the questions for the exam is Cyber Quotient. It works also by limited-time subscription.

 

Other non-official material I have heard of from other exam candidates:

 

EC-Council also provides a free 50-question assessment available from this link.

How is CEH exam?

CEH exam is multiple choice question (MCQ), with 4 choices and only one correct answer. There are 125 questions. The exam lasts 4 hours as maximum.

The score required to pass the exam varies depending on the exam. More information in the link below:

https://cert.eccouncil.org/faq.html

Characteristics of this exams:

  • Exam Code: 312–50
  • Number of questions: 125
  • Duration: 4 hours
  • Exam format: multiple choice
  • Exam delivery: Pearson VUE

How do I register for CEH exam?

When you have finished the course, you can complete the evaluation that you will find in Aspen platform to get the certificate of attendance.

When you are ready for the exam, you must register for it on both EC-Exam Center (EEC) and ExamSpecialists.

Once registered on the second link (ExamSpecialists), you must go to “Schedule Session”, select exam “CEH v10″, enter exam voucher code and then select a date for the proctor exam.

Note: in my case, link was redirecting me from Aspen to proctor.examspecialist.com, but the correct address for me was proctor1.examspecialist.com, so I had to correct the address manually.

There is one tab on this tab called “Test equipment”. Use it to test if your computer is valid to perform the exam. Based on my own experience, the only configuration allowed is:

  • Valid operating System: Windows 10
    • Unofficially MacOS X should work as well, but I did not succeed on using it
  • Valid browser: Chrome
    • Browsers not allowed: Firefox.

How do I perform CEH ANSI exam?

Exam is proctored. Ensure you make the exam in a place with a reliable connection, where you are not going to be disturbed during the exam time.

There are no pauses allowed during the exam. Ensure you are fed, hydrated (not too much) and relieved.

You need to have the following material for the exam:

  • Laptop/computer with camera, microphone, Windows 10 and Chrome
  • Laptop charger (if applies)
  • ID documentation
  • CEH ANSI exam voucher code
  • Two sheets of scratch paper (optional)
  • Pen (optional)

When you are ready to start the exam, open Chrome, go to ExamSpecialists, select your exam session and click “Start exam”. You need to allow camera and microphone. Your proctor will give you instructions with voice, telling you to run the application “Support-LogMeRescue.exe”.

Once the support application is running, he/she be able to see and control your desktop. He/she will stop using voice and continue with chat text messages.

Then proctor will address you to log in on ECC Exam, and enter voucher code. He/she will take control of your desktop to introduce his/her proctor credentials. At this moment, exam will start.

The preparation of the exam takes 15-30 minutes, so take it into account to plan the real start time of the exam.

Once you submit the exam, you will get the pass/not passed result immediately. You can download a PDF called “Exam Transcript” with the result and number of passed questions against the total per section.

How do I get the CEH ANSI certification?

Certification is issued 5-7 working days after you have finished the exam, only if you have passed the exam. It appears on Aspen platform.

You can get a printed copy of the certificate at an additional cost ($75.0) from this link. You can also write to certsupport@eccouncil.org.

When does CEH ANSI certification expire?

CEH ANSI expires after 3 years since the time of certification. This is effective since 1 January 2009.

Certified members need also to pay EC-Council Continuous Education (ECE) Membership anually. FAQ here.  Annual membership can be purchased here. It was $80.00 in 2020.

 

 

CEH Practical

How to prepare CEH Practical?

CEH Practical is prepared using the same EC-Council material as in CEH. You can access all the CEH iLearn preparation material from iClass. To prepare the CEH Practical exam, you should focus on the lab lessons and practices instead on just text slides.

You can read the main post about this topic.

How is CEH Practical exam?

There are 20 challenges in the exam. Passing score is 70%. It means, if you complete 14 challenges correctly, you will pass the exam.

The exam lasts a maximum 6 hours.

Exam is proctored. You can do it from home.

The proctor will see and record your screen, but it does not mean that you are restricted to only access the exam environment. It is an open book exam, it means, you are allowed to use all resources in your computer, visit webs or lookup for information from the internet.

However, there are important restrictions:

  • You cannot lookup the CEH official training material
  • You must be alone in a quiet room
  • You cannot receive direct help from another person
  • You cannot leave your computer during the exam (except for two 5-minute stops).

Based on the statements of different users that have performed the exam, most of the challenges are just as in iLabs.

You are be provided with 2 virtual machines (Windows and Kali box). Virtual machines do not have internet access, but you can access it from you host.

How do I register for CEH Practical exam?

This is a proctor exam you do it from home or office with your own computer.

You need to be registered on both Aspen and ExamSpecialist platforms.

Exam candidate receives on their e-mail an Aspen Dashboard access code, after they purchase the rights to perform the CEH Practical exam. It is valid for 1 year from the date of receipt.

Exam candidate needs to introduce CEH Practical exam code in Aspen platform in order to be able to book for the exam.

When you are ready to start the test, go to Aspen platform, find your scheduled exam and click on “Start test”. It may redirect you to ExamSpecialist platform.

From there, it will be redirected to Exam Specialists, that is the platform to schedule and perform the exam. Register in the platform if you have not done it yet. Go to “Schedule Exam” and In this case,  you do not need to enter voucher code at this point.

Note: in this case the correct platform is proctor.examspecialist.com, so redirection is correct.

Exam sessions should be booked at least 3 days in advance of the desired exam date.

Once you are ready to proceed with your exam, please ensure you understand the below:

  • Cancellation requests are to be made 24 hours in advance.
  • Rescheduling is possible 72 hours prior to the exam session.
  • Candidate has a grace period of 15 minutes to show up for the exam session.
  • After 3 no-show cases, the candidate will be required to seek special permission from the Director – Certification to proceed with their attempt.
  • If you need technical support or assistance, please contact us at support@examspecialists.com.

More information here.

How do I perform CEH Practical exam?

Exam is proctored. Ensure you make the exam in a place with a reliable connection, where you are not going to be disturbed during the exam time.

Ensure you are fed, hydrated (not too much) and relieved.

You need to have the following material for the exam:

  • Laptop/computer with camera, microphone, Windows 10, Chrome and Flash Player installed. You need to turn the camera 360 degrees, to it needs to be laptop or turnable  webcam. As you may need to install, it is recommended to have admin privileges on the computer.
  • A single screen. Multi-monitor or multi-screen is not allowed. If you have a laptop, its default screen is the only one allowed.
  • Laptop charger (if applies)
  • ID documentation

Take note that according to the per-requiste test in Aspen, Flash Player is required even when it does no longer receive support from Adobe, and thus it is not safe to use it. You may need to accept some warning messages before being able to allow to enable Flash Player on your browser.

When you are ready to start the exam, open Chrome, go to ExamSpecialists, then go to “My sessions”, select your exam session and click “Start exam”. You need to allow camera and microphone. Your proctor will give you instructions with voice, telling you to install a GoToMeeting app.

Once the support application is running, he/she be able to see and control your desktop. He/she will stop using voice and continue with chat text messages.

I have failed CEH Practical exam. Can I retake it?

Yes, of course.

Retake exam requests can only be purchased by writing to practicals@eccouncil.org.

How do I get the CEH Practical certification?

Certification is issued right after the exam, only if you have passed the exam. It appears on Aspen platform.

You can get a printed copy of the certificate at an additional cost ($75.0) from this link. You can also write to certsupport@eccouncil.org.

When does CEH Practical certification expire?

CEH Practical expires after 3 years since the time of certification.

 

CEH Master

How to become CEH master?

Upon completing the CEH (Master) program, consisting of CEH ANSI and CEH (Practical), the CEH (Master) designation is awarded. Once candidate achieves both the CEH ANSI and CEH Practical certifications he/she will become get CEH Master.

The candidate does not need to do nothing special to get the CEH Master, just pass CEH and CEH Practical.

You need to wait 5-7 business days before the certification appears on Aspen platform.

 

Keeping and renewing CEH Certifications

What all the requisites to renew an EC-Council Certification under the ECE Scheme?

All EC-Council Certifications that are under the ECE scheme require the following requisites to keep renew them:

  1. Pay an annual ECE membership fee
  2. Complete a 3 year ECE program, that implies reporting 120 ECE credits within the 3-year window from the date you got your certificate

Upon completion of the 3 year ECE program and meeting the requirements, the member’s certification validity will be extended for another three years from the month of expiry.

You just pay an annual ECE membership fee for all EC-Council certifications under the ECE Scheme.

Should you not meet the requirements (fail to pay the annual fee or to complete the 3-year ECE program), the certification will be revoked.

Which EC-Council certifications are under the ECE scheme?

The certifications under the ECE scheme are: CEH, CEH (Practical), ECSA, ECSA (Practical), LPT, LPT (Master), CHFI, EISM, CCISO, CND, ECIH, EDRP, CASE, CSA, CBP, CPM, CTIA, ECES, ECSS, CEI, CAST, CIMP and CDM.

How much does cost to keep an EC-Council Certification under the ECE scheme?

It costs what you pay for the annual ECE membership, that was $80/year in 2021.

In addition, you will have the indirect costs of courses or event you pay to get the required ECE credits, though you could get them for free.

How do I fulfill the requirement to pay an annual ECE membership fee?

To pay the annual ECE membership fee, follow these steps:

  1. Go to Aspen platform
  2. Login
  3. Go to tab “My Courses”
  4. “Membership type” box appears on top. If annual membership fee is not paid, you will find a “Pay now” button.
  5. You will be redirected to the EC-Council Store

The ECE membership validation period corresponds to the natural year (i.e., from 1 January to 31 December).

How do I fufill the requirement to complete the ECE program?

During the three-year period before certification expires, the certification must be renewed by participating in EC-Council Continuing Education (ECE) Program.

Upon completion of the 3 year ECE program and meeting the requirements, the member’s certification validity will be extended for another three years from the month of expiry.

If a certified member earned certification/s that are included under the ECE scheme, he/she will have to achieve a total of 120 credits (per certification) within a period of three years. Since January 1st 2013, each certification have its own ECE recertification requirements within its respective 3-year ECE window.

It means that ECE for CEH, CEH (Practical) and any other additional EC-Council certificate under the ECE scheme, must be managed separately. Qualified ECE activities must have been completed within ECE program’s 3-year window and must be submitted in only one ECE 3-year window; i.e., an ECE activity cannot be shared among different certificates.

The ECE activity must occur inside the 3-year window. If they are

In addition, any member certified or recertified from January 1st 2016 onwards is liable to pay an annual membership fee.

More information about the ECE Program can be found here.

How do I get ECE credits?

You get ECE credits by doing any of the following tasks:

  1. Volunteering in public sector – 1 credit per hour
  2. Association/Organization Chapter Meeting (per Meeting) – 1 credit per hour
  3. Author Article/Book Chapter/White Paper – 20 credits
  4. Authoring Course/Module – 40 credits
  5. Author Tool – 40 credits
  6. Authoring Book – 100 credits
  7. Contribution to the exam development:40 credits- 100 credits
  8. Certification/ Examination – 40 credits
  9. EC-Council Examination (ECE) – 120 credits
  10. EC-Council Survey – 20 credits
  11. Education Course – 1 credit per hour
  12. Education Seminar/Conference/Event – 1 credit per hour
  13. Higher Education – 15 credits per semester hour
  14. Identify New Vulnerability – 10 credits
  15. Presentation – 3 credits per hour
  16. Reading an Information Security Book/Article Review/Book Review/Case Study – 5 credits
  17. Teach New – 21 credits per day
  18. Teach Upgrade – 11 credits per day
  19. Review board- 80 credits

You can check the detailed list on this link to Aspen platform.

If the particular event or activity is not listed on the Delta portal, you can contact the Administrator at delta@eccouncil.org for assistance

How do I register ECE credits?

You can register your ECE credits on Aspen platform.

Steps to register your ECE credits:

  1. Logon on Aspen.
  2. Click on “My Courses” tab, find the certification to which you want to add ECE credits and then Click on “ECE Status”
  3. Click on “Manage My Events”
  4. Click on “Add New Event”
  5. Here you will find option “Add Event”

Events that are EC-Council related may be added automatically. For example, when you pass CEH Practical after CEH ANSI, 20 ECE credits corresponding to CEH Practical will be added automatically to your CEH ANSI.

What can I do if my certification has been revoked?

If member fails to meet certification requirements during the suspension period, he/she will have the certification revoked and will no longer be allowed to continue usage of the certification logo and related benefits. Members whose certification is revoked will be required to retake and pass the respective new exam to regain their certification.

Can ECE credits be audited?

Yes, ECE credits can be audited.

Certified members are required to maintain sufficient evidence to show your involvement in activities that earns you ECE credits.

 

You might also be interested in…

External References

pmgallardo

About pmgallardo

I studied Computer Science at University of Salamanca. Since then, I have been working first as developer and then as SAP consutant. This blog is about problems I dealt when using computers, and more important, the solutions I found. Whenever I am on an issue and suddenlly I have a flash that leads me to a solution, I document my discoveries in a post.

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

No comments yet.

Leave a Reply


*

Política de privacidad
Studii Salmantini. Campus de excelencia internacional