In an attempt to meet the growing demand for new skills and security knowledge, EC-Council, the body responsible for compiling the CEH v10 certification, recently updated the Certified Ethical Hacker certification.
The refresh is one of many since CEH’s launch in 2003, and it means that candidates can expect a slightly different exam from CEH v9, which was launched in 2015. The certification now has over 18 modules that students need to learn and understand, and the global trend of cloud computing and remote hosted solutions means that those technologies are now more prominent in the exam.
The EC-Council advises that candidates check the exam blueprint and objectives prior to registering for the exam. Certified Ethical Hacker training courses can also help ensure candidates are prepared with the most up-to-date material needed to pass their CEH v10 exam.
Overview of CEH v10 Changes
CEH v10 focuses on making candidates more aggressive in their defence of networks. This offensive, proactive stance is a better way of defending network data against cybercriminals.
New modules that have been added include items such as:
IoT security: The proliferation of cheap, inexpensive internet-connected devices has opened up a proverbial can of worms for security experts as hackers are able to hijack many of these simple devices. CEH v10 explores this new class of network device and the potential vulnerabilities that they present.
More material: Expanded information on items such as threat and vulnerability assessments are included in CEH v10, giving this aspect of the course a welcome upgrade over CEH v9.
New business tool focus: Buzzwords like AI, cloud computing and machine learning are featured in the updated v10 of the CEH. Businesses are likely to use these tools, and intruders are likely trying to exploit them.
Practical exercises: CEH v10 now features practical modules for candidates to master.
What Else Changed with the CEH v10 Update?
The overall feel of the exam remains very similar to CEH v9, and the way the exam tests a candidate’s abilities has not changed much. Some of the new modules that have been added include:
Vulnerability Assessment Module
The vulnerability assessment material in version 9 of the CEH has been expanded, and it now has its very own module. The section comprises of tools, techniques and methodology that combine to create a stronger vulnerability assessment capability for successful CEH v10 candidates.
Malware Analysis Module
The EC-Council added a section on malware analysis that teaches candidates how to explore and analyze malware. It also teaches candidates which tools to use in conjunction with malware when conducting testing.
The IoT module goes into topics such as botnets and DDoS attacks as well as how to secure a network from vulnerabilities. This is the last module added to the CEH, and is a clear indicator of the way in which IoT devices have found their way into the modern enterprise environment.
This is a proctored exam that is a realistic simulation of an actual network by using virtual machines, virtual networks and virtual applications. These are a close approximation of what candidates will find out in the field, so this is an excellent way to test real world skills.
Successful candidates are therefore able to:
Demonstrate competency in understanding attack vectors
Perform network scanning to assess vulnerable targets on the network
Perform OS banner grabbing, service and user enumeration
Hack systems, steganography, steganalysis attacks and hide activities afterwards
Identify and utilize viruses, worms and malware to exploit system vulnerabilities
How has the CEH v10 Exam Changed?
Apart from the additional sections and modules already covered, there are not many changes to the way in which the CEH is delivered. However the questions and question weightings are set to change after September 30, 2018.
Below is a table that shows the question amounts and percentages before and after the update to the exam:
Pre Sept 30th 2018
Post Sept 30th 2018
Tools / Systems / Programs
Procedures / Methodology
Regulation / Policy
The CEH remains unchanged in principle, and the following stats still apply:
Number of questions: 125
Test duration: 4 hours
Test format: Multiple choice
Test delivery: ECC Exam, VUE
Exam prefix: 312-50 (ECC EXAM), 312-50 (VUE)
Ethical Hacking Instant Pricing – InfoSec
The CEH is an ANSI certified exam, and it is DoD 8570 compliant. The CEH is regarded by many as the standard by which all other cybersecurity and pentesting courses are measured – and with good reason. CEH v10 offers theoretical knowledge combined with practical, proctored assessments to make sure that any candidate that passes the course is a knowledgeable and formidable cybersecurity expert.
Remember to always check the current Blueprint and courseware before taking the CEH exam, and remember that the courseware is designed to give candidates a real world understanding of ethical hacking. The exam seeks to test candidates’ abilities, not the efficacy of the courseware.