The CEH exam: Application process, rules and eligibility
EC-Council is the owner and creator of the popular Certified Ethical Hacker (CEH) credential, which is one of the most popular entry-level cybersecurity certifications. Ethical hackers are individuals hired by an organization to hack into networks using penetration testing techniques in order to discover and report back on security vulnerabilities that may be exploited by cybercriminals. These individuals are also referred to as “white-hat hackers.”
CEHs play a pivotal role in the information technology sector. Companies, now more than ever, are increasing the demand for ethical hackers that can help keep their networks and data safe against the ever-evolving threats of the internet. This is definitely an incentive for IT professionals with the right mindset to follow a career path that can definitely be interesting, stimulating and financially rewarding. In fact, the average CEH holder salary is $82,966 in 2022 according to Payscale.
Who should take the CEH exam?
As EC-Council states, “to catch a hacker, you need to think as one.” A CEH must apply the same knowledge and tools as malicious hackers, but in a lawful and legitimate manner. The CEH credential can help professionals pinpoint and refresh the know-how required to do just that.
According to the EC-Council, “The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure” all from a vendor-neutral perspective. The certification can help professionals stand out by proving they have the proper theoretical background, as well as the practical skills and experience needed to harden the IT framework of a company. A CEH should be able to apply effective tools and techniques to identify problem areas beyond what can be highlighted by scanning software.
Today, the certification is regarded as one of the most sought-out credentials for professionals. The U.S. Department of Defense has included it as a mandatory standard for Computer Network Defenders Service Providers (CND-SP) in Directive 8570, and it is also ANSI 17024 compliant.
Eligibility for the CEH exam
There are two options for professionals to meet the CEH certification requirements and achieve CEH exam eligibility.
- Attend official training at an approved training provider like Infosec. There are no further CEH requirements if you complete an official training course, and there are no further steps in the application process.
- Attempt the exam without official training. To be considered for testing without attending training, candidates must be approved via the CEH application process. They must have at least two years of work experience in the Information Security domain. They’ll need to fill out the Eligibility Application Form (https://cert.eccouncil.org/Exam-Eligibility-Form.html), email it to firstname.lastname@example.org for approval and submit a $100 eligibility fee.
The application processing time takes five to ten working days. Should applicants not hear back within this time period, they can contact email@example.com.
If approved, testers will receive the eligibility code and the relevant voucher code, which they can use to register and schedule the test at Pearson VUE and EC-Council (ECC) test centers. They have three months to purchase the test voucher from EC-Council through its webstore. The candidate needs to test within one year from voucher release.
Costs include a $100 non-refundable application fee and $950 for the voucher at ECC centers. The Pearson Vue voucher will cost $1,199. The CEHv11 Courseware (Digital Courseware and digital Lab Manual) costs $850.
Note that if the application is not accepted, the application fee of $100 will not be refunded. Candidates can submit an appeal by contacting firstname.lastname@example.org for further assistance.
Scheduling and taking the exam
Once the EC-Council has approved you for the CEH certification, you will receive information about where and when to take the exam. The applicant will be required to purchase a voucher directly from EC-Council to register and schedule the test at Pearson VUE and EC-Council test centers. The approved application stands valid for three months from the date of approval; the candidate needs to test within one year from voucher release.
The process you follow for scheduling your CEH exam will depend on whether you choose to take it at a Pearson VUE testing center or the ECC exam center. You will need to contact the relevant authority to request scheduling information in both cases. You can do that here for the ECC center and Pearson VUE.
Can you take CEH exam online?
If scheduling the CEH exam through the ECC exam center, testers will be able to choose between a remote proctored format (via ProctorU) or an in-person mode at a physical ECC testing center. If taking the test at Pearson VUE, note that no remotely proctored exams are available; your only option is in-person testing at an actual testing center.
Scheduling can be done up to six weeks in advance. Remotely proctored sessions should be booked at least three days before the desired exam date. Whether you take the CEH exam at home via ProctorU or in person, all exams are delivered over the computer. It’s also important to make sure you have your eligibility number. This is provided to you after passing your initial application, and you cannot take the CEH exam at either the ECC exam center or a Pearson VUE facility without it.
The cost of taking the CEH exam
If you choose to forgo official training, you’ll pay the $100 non-refundable application fee and $950 for the voucher at ECC centers. The Pearson Vue voucher will cost $1,199. Online boot camps and training courses often include the price of the exam voucher in the training cost.
Vouchers are valid for one year but can be renewed once for an additional three months for $35 if the voucher is still valid and unused.
What are the EC-Council’s certification exam policies?
Several policies have been devised by the EC-Council to keep the high standards requested for their certification program and to support their goals. EC-Council’s Certification Agreement v5.0 covers all points set forth below:
- The Non-Disclosure Agreement (NDA) prevents candidates from disclosing information on the test and questions.
- Professionals must also adhere to an EC-Council Candidate Certification Agreement that binds them to rules and regulations regarding the use and achievement of all certifications held.
- A Security and Integrity Policy governs what constitutes fraudulent behavior and cheating, as well as what the consequences are.
- The retake policy allows candidates to buy another exam voucher without waiting for the test on the first attempt. Subsequent failures to pass the exam will require the candidate to wait 14 days between retakes up to a maximum of five times in 12 months. A sixth attempt requires a 12-month waiting period.
- The extension policy allows candidates to extend the validity of their voucher past the normal 12-month period. A one-time extension is possible for three months at the cost of $35 if the voucher is still valid and unused.
- The voucher policy regulates the use of exam vouchers that are non-refundable, non-transferable and non-exchangeable.
- The accommodation policy allows candidates with certified disabilities to take the test despite difficulties in using standard equipment or other impediments.
CEH exam format
A proctor will supervise those attempting the exam at a physical testing center at the site; whereas those attempting the exam online will be monitored remotely by an authorized proctor. The CEH exam uses the following exam codes: 312-50 (ECC EXAM), 312-50 (VUE).
Candidates that successfully pass the test will receive their CEH certification and membership privileges.
How long is the CEH exam?
The CEH test lasts up to four hours.
How many questions are on the CEH exam?
The CEH exam entails 125 multiple-choice questions.
What topics are on the updated CEH exam?
The most recent CEH update (CEH Exam Blueprint v4.0) was in January 2021. If you take training through EC-council, they are on version 11 of their materials, so although the exam is only on its fourth iteration, you may see CEH v11 used as well. The CEH v4 topics (CEH v11 objectives) include:
- Information Security and Ethical Hacking Overview (6%)
- Reconnaissance Techniques (21%)
- System Hacking Phases and Attack Techniques (17%)
- Network and Perimeter Hacking (14%)
- Web Application Hacking (16%)
- Wireless Network Hacking (6%)
- Mobile Platform, IoT, and OT Hacking (8%)
- Cloud Computing (6%)
- Cryptography (6%)
This knowledge-based exam covers the skills that subject-matter experts believe are necessary to succeed in the field. CEH exam topics (subdomains) on which the students need to concentrate when preparing for the test, including the following:
- Footprinting and reconnaissance
- Network scanning
- Vulnerability analysis
- Malware threats
- Social engineering
- Denial of service attacks
- Session hijacking
- Evading IDS, Firewalls, and Honeypots
- Server hacking
- SQL injection
What is the passing score for CEH?
The CEH exam passing score is interesting because there is no specific, preset passing score or percentage. EC-Council warns that a common misconception is that you must answer 70 percent of the questions correctly to pass. However, the actual percentage varies and is based on the difficulty of the questions delivered and the input provided by the subject-matter experts who set the cut score to reflect pass/fail status.
In general, cut scores vary according to which question bank is used and can range from 60% to 85% and are based on the knowledge and skills needed to demonstrate competence in the subject areas delivered to a candidate.
Certified Ethical Hacker exam pass rates vary based on how much training and experience the candidate has, but Infosec’s Ethical Hacking boot camp has a 93% exam pass rate.
The value of becoming a CEH
As companies, now more than ever, are increasing the demand for certified ethical hackers — also referred to as “white-hat hackers” — IT professionals with the right mindset and background are considering this career path that is proving to be also a financially-sound choice with an average yearly salary earned by a CEH of $83,591 in 2021.
The CEH credential is a great choice for those who want to excel in this career. CEH v11 is mapped to important Specialty Areas under the NIST/NICE framework’s Protect and Defend (PR) job role category overlapping with other job roles, including Analyze (AN) and Securely Provision (SP). It is also a DoD-approved 8570 baseline certification for CSSP Analyst, CSSP Infrastructure Support, CSSP Incident Responder and CSSP Auditor.