As the EC-Council states on its website, “to beat a hacker, you need to think like one!” Accordingly, the Certified Ethical Hacker (CEH) exam tests candidates’ knowledge on hacking techniques. These include pen testing methodologies, network security techniques, current security threats and countermeasures. To ensure exam success, it is important you understand these subjects well. Other than taking a hacking course, you can follow these 10 tips to help you pass your CEH certification exam.
Create a Checklist of Topics to Study
The CEH exam has 125 questions that span multiple subjects. Using a checklist can ensure you don’t get overwhelmed studying one area and forget about the rest. Your checklist should include the following topics:
- Foot printing
- Social engineering
- Session hijacking
- TCP handshake
- Current security issues in Windows 7 and 8 operating systems
- Latest trojans, viruses, phishing attempt schemes and malware types
- Latest mobile hacking tools
- Hacking in the cloud
- SQL injection
- DDoS attacks
- Shellshock (uses Bash vulnerabilities)
- Current security laws and current industry standards
- Security controls
- Determining access points for penetration (risk assessment)
Create a Study Plan
Now that you’ve identified what you need to study, it’s time to create a study plan. Be realistic about your work and life obligations. Try to schedule study time during your down time, or in conjunction with times when you may be using some of the material you are learning. For instance, if you are scheduled to attend a technical seminar or brief that is focused on discussing current network security trends, plan to study networking techniques before, during and after that seminar.
Other factors to consider while creating your study plan include:
- How soon do you intend to take the examination? Check the EC-Council Exam Center to find a time that works for you.
- How much can you spend on preparation material and training courses? Look for official, certified study materials and training to make sure you have a thorough understanding of each topic covered in the exam.
- What training method best suits you? Some people prefer self-learning, while others think there is no substitute for the classroom. Use your past learning experiences to help you pick the method to help you prepare best.
- How well acquainted are you already with the exam subjects? Your personal experience can save you some studying time, but you should take into consideration factors such as the exam length and question logic. Relying too much on experience alone is a poor strategy that will likely lead to bad results.
Use Real-World Environments to Study
It is important to understand the CEH exam material from a real-world perspective, as opposed to just reading about the concepts. This does not mean try to hack your neighbor’s wireless router, or pen test a business without permission, as both of these could land you in jail. But you can create a virtual lab environment at home that you can use to practice some of the techniques. If you have the ability, attend CEH training that will show you how to set up lab environments and provide training guidance.
Submit for Your Exam Early
The process to sit for the CEH exam can be time consuming. If you do not attend official training, you have to prove two years of information security related experience. There is a $100 fee to go through this process. If you are under a deadline to pass the exam, you need to consider the time it takes to go through this eligibility process. Include this processing time into your overall schedule for exam study and completion.
Get to Know Your Exam
The EC-Council website provides essential information about the CEH certification exam. It will also provide links to a lot of useful information, such as official training providers, exam topics, practice questions and study material.
The CEH Handbook contains essential details such as an overview of the certification and the exam, including its prerequisites, how many and what type of questions you are about to face, time allotted for examination and the passing mark.
Leverage Free Exam-Prep Resources
The CEH Exam Blueprint provides detailed information on the topics covered in the examination, including the percentage of questions dedicated to each subject. This helps a lot, especially in constructing your study plan.
Get Involved In an Exam Prep Course
Deciding to use a self-study-only approach may seem like a bold decision, but it may not be the best strategy. Going through a certification preparation course lets you spend time with an experienced instructor, with actual knowledge on how to beat the exam. It is an excellent opportunity to get all your questions answered, share experiences and strategies, and even network if it is in-person training. This results in a greater success rate on any certification exam.
Take Practice Exams
No CEH candidate should approach the exam without the help of practice questions. The CEH exam contains 125 questions that must be answered in four hours – that’s about two minutes per question. This means you must be at your best, not only in terms of knowledge of the current security domains, but also in terms of time management and stress control.
As for practice exam test results, do not be discouraged. Unless you are an experienced test taker, it is quite common for things to go sour during the first round of questions, especially if you are not done with your reading and prep course. Take your time to study and use every resource available to clarify any doubts. By the end of your study plan, you will see consistent results on practice exams.
Join an Online Community
A simple Google search will find several CEH forums, wikis and personal websites where both candidates and certified professionals share their certification experiences.
As usual, it is important to verify the credibility of any source you are using. For instance, if you are looking for a formal definition of a concept that is covered in the exam, the best approach is using official material, e.g., books, guidelines and other official publications. But, if you are looking for general advice, posting your question to an online forum such as reddit or TechExams can be quite helpful.
Ethical Hacking Instant Pricing – InfoSec
Many candidates visit online forums and search for “CEH success.” This can serve as both preparation and motivation for the upcoming exam. If you are feeling confident, searching “CEH failure” posts may also give you some important advice, as learning from the mistakes of others is way less painful than from your own.
A word of advice: Unless you have time to help others, stay away from toxic people and posts. Many unfortunate exam takers go online to vent their frustration and this can be discouraging.
Clear Your Mind
Use these tips to clear your mind and stay focused during the exam:
- Be aware of time. During the exam, you may reach a high level of concentration I like to call “the zone.” This means a greater focus, which is good for problem solving, but can cause you to lose track of time. What may seem like seconds can be precious minutes; hours tend to pass at a very fast rate, so make sure you have time to go through every question on the exam.
- Take your time reading the questions. Even with limited time, it is important not to rush. Take your time, pay attention to each question and answer option and make sure you understand what is being asked. Watch for distractors (options that are obviously false) in multiple-choice questions that can be quickly eliminated. It is also important to pay close attention to terms such as MOST, LEAST, NOT, ALL, NEVER and ALWAYS, since they can entirely change a sentence.
- Try to relax. Remember to stretch and relax your muscles during the exam. A relaxed mind can help you solve difficult questions.
- Remember, there is no reason to panic. Remaining calm will improve your concentration. If you followed your study plan correctly, your results will likely be great; if not, you will have a lot more experience during the next try!
In the end, the CEH certification is a great way to advance your infosec career. However, as expected, such benefits come at a cost: only the most dedicated candidates will succeed. Plan ahead and use these 10 tips as a basis for your study strategy, but also consider enrolling in official training.