Certified Ethical Hacker (CEH)

What is the CEH certification?

The Certified Ethical Hacker, or CEH certification, was created by the EC-Council in 2003. It is one of the most requested certifications on cybersecurity job postings, and it meets several DoD Directive 8570 requirements for those who work for or contract with the Department of Defense. The CEH tests your knowledge of ethical hacking, including core concepts, methodologies, tools and countermeasures. To learn more about ethical hacking careers and certifications like the CEH, watch our free webcast, Learn how to hack and conduct a penetration test.

What are the CEH domains?

The current version of the CEH exam covers nine knowledge areas, or domains.

Learn more about the CEH domains.

 

What does a CEH do?

Ethical hackers help organizations identify weaknesses in their security by trying to break into their systems — but it’s not all about hacking, warns Infosec Principal Security Researcher Keatron Evans.

“It’s the same process that a malicious threat actor would go through if they’re trying to break into your organization,” says Keatron. “They would do reconnaissance and research about you, and then based on what they find they would start trying to break in.”

Watch the live demo from Keatron to see a penetration test in action.

 

The CEH exam

In 2021, EC-Council updated the exam to follow the new CEH v4 exam blueprint, which significantly changed the CEH exam. The goal of the exam is to test whether you have the knowledge required to perform an ethical hack or penetration test. Read an overview of the CEH exam to learn more.

  • What is the CEH exam outline and structure?

    Certified Ethical Hacker (CEH) exam

    The CEH exam is a four-hour, 125 question multiple-choice test. The purpose of this exam is to test your theoretical knowledge of ethical hacking based on the nine CEH domains.

    There is a misconception about CEH passing scores, as we explain in our CEH exam article: “EC-Council warns that a common misconception is that you must answer 70 percent of the questions correctly to pass. However, the actual percentage varies and is based on the difficulty of the questions delivered and the input provided by the subject-matter experts who set the cut score to reflect pass/fail status.”

    What’s the CEH Practical exam?

    The CEH Practical is a completely separate exam and certification from the CEH. It is not required to earn your CEH. It is an additional option that EC-Council describes as a “next step” to consider pursuing after earning your CEH. The CEH Practical exam is six-hours and covers 20 different real-life scenarios in an environment that mimics a corporate network.

  • How hard is the CEH exam?

    The CEH exam is considered entry-level, but it requires a solid understanding of hacking principles in order to pass. That is why EC-Council requires taking an accredited partner training course or having two years of related experience. If you have the required experience or complete the necessary training, you should have the knowledge required to pass the exam.

    The CEH exam is a four-hour test with 125 multiple-choice questions. This means that if you have the required knowledge, you should have plenty of time to answer each question.

    Pass rates vary depending on an individual’s experience, study habits and test-taking strategies. Those who take an Infosec Ethical Hacking Dual Certification Boot Camp, which covers both the CEH and PenTest+ material, average a 93% pass rate.

    For advice on passing the CEH exam, check out our article on CEH exam tips.

  • Where do I take the CEH exam?

    You can take the CEH exam either in-person or remotely. The testing center will proctor the exam if you take the exam in person (ETC/Pearson Vue). If you take the exam remotely (ECC/Proctor U), you will have a remote proctor who will use your webcam to verify compliance with EC-Council testing policies.

    In addition to Pearson Vue, you can take the exam at EC-Council (ECC) test centers.

  • How much does the CEH exam cost?

    The CEH exam voucher may be bundled into the price of various CEH training courses, so be sure to check what’s included if you purchase training through an accredited partner.

    EC-Council sells CEH exam vouchers for two different prices depending on if you are taking the exam through Pearson Vue ($1,199) or an EC-Council test center ($950).

  • What is the current CEH version?

    The version numbers for CEH can be confusing as EC-Council has both a current exam version (v4) and a current training version (v11) for the CEH prep they sell.

    No matter where and how you train for the CEH, the exam will follow CEH Exam Blueprint v4, which was introduced in 2021. You can train for the exam through self-study (along with 2 years of experience), through an accredited partner or through EC-Council.

  • How do I earn CPEs and renew my CEH?

    A CEH certification is valid for three years from the day you are certified. CEH renewals are based on the EC-Council Continuing Education (ECE) program.

    To earn a three-year renewal, you must earn 120 ECE credits within that period. Retaking the CEH exam is one way to earn the required 120 credits, but other options are listed on the ECE Policy page. CEH holders will pay an $80 maintenance fee each year, and register credits earned the previous year by February 1.

Free and self-study CEH materials

A variety of resources are available to help you prepare for your CEH exam, but a good starting point is the CEH exam blueprint. This exam outline is the definitive resource on what will be included in the CEH exam. Based on this outline, you can develop a training plan and seek out training resources.

 

CEH study guides and CEH books

A number of study guides and books are available to help you prepare for the CEH exam. You can find them at your local library or book store, or at online stores like Amazon and elsewhere. Two of the most popular are:

  • CEH v11 Certified Ethical Hacker Study Guide by Ric Messier
  • CEH Certified Ethical Hacker All-in-One Exam Guide, Fifth Edition by Matt Walker

You can also find a number of free video walkthroughs of key concepts and tools, such as this video featuring Infosec Skills author Mike Meyers demoing password cracking.

CEH practice questions and exams

Practice questions and exams are a great way to gauge your progress when studying for the CEH and identify topics that might require additional focus. Some sources of CEH practice questions include:

  • Official EC-Council 50 question practice assessment
  • CEH v11: Certified Ethical Hacker Version 11 Practice Tests by Rick Messier
  • Pocket Prep Desktop or Mobile App
  • Boson CEH practice exam

In addition to these options, many CEH training courses and content include practice questions. For example, Infosec Skills CEH training includes a customizable practice exam with more than 1,000 questions.

component 6 column content 1 column image
 

Other free CEH training resources

Books and practice exams are great resources to help you prepare, but don’t be afraid to join online communities as well. Some other places to look for free CEH training materials include:

  • Forums: TechExams, Reddit and similar forums commonly include posts by people preparing for the CEH exam or who have already taken it.
  • Podcasts: The CEH exam is designed to help advance your career in cybersecurity. Learn more about career and training journeys with podcasts like Cyber Work.
  • Other social media: The CEH is a popular exam, and many people have created free training videos on YouTube, TikTok, Twitch and other platforms.

CEH jobs and careers

The CEH is one of the most requested certifications in security job postings in the U.S. and is one of the certifications included in the DoD Directive 8570. Learn more about the job outlook for CEHs.

  • What does a CEH do?

    A CEH has the knowledge and skills to be an ethical hacker or to defend an organization against cybercriminals. Common job titles that a CEH may hold include:

    • Ethical hacker
    • Junior penetration tester
    • Assurance validator
    • Security analyst
    • SOC analyst

    More senior roles related that can benefit from a CEH include:

    • Cybersecurity engineer
    • Cybersecurity auditor
    • Information security manager
    • Security consultant

    For more information on different cybersecurity roles, check out Infosec’s role page.

  • Is the CEH worth it?

    The CEH is one of the best-known and most sought-after entry-level cybersecurity certifications. If you need to meet DoD 8570 requirements or want to build your offensive security skills to expand your job opportunities, earning the CEH may be a great choice for you.

    Holding the CEH credential can help you demonstrate the required knowledge and skills to interview for a cybersecurity job. From there, the know-how and abilities that enabled you to pass the exam will help you land the role.

  • What is the CEH salary?

    Ethical hackers in the U.S. can expect a base salary of around $93,000, although salary can vary quite a bit based on location, experience and company. Below is salary data from various sources as of March 2022:

    • Payscale: $93,000 base
    • Glassdoor $92,547 base (with total compensation of $113,947)
    • Salary.com: $102,764 (with total compensation of $109,166)
  • How many people have a CEH?

    While the EC-Council does not publish exact figures, this has been a popular certification since 2003. The CEH Hall of Fame, launched in 2021, recognized 100 of the top CEH holders, all of whom have scored at least a 90% on the exam.

    It’s one of the most popular entry-level cybersecurity certifications available.

  • Where can I find ethical hacker jobs?

    A CEH certification is a common requirement in job listings. To find ethical hacker jobs on general boards like Indeed, Monster, Glassdoor, LinkedIn and CareerBuilder, search for the keyword “CEH”.

    Security-focused job boards such as ClearedJobs and infosec-jobs.com are also good sources of roles for CEH holders. Other good sources of security job postings are cybersecurity groups (ISSA, ISACA, BSides, OWASPWomen in Cybersecurity and others) and cybersecurity websites.

    Before your interview, check out our free ebook of cybersecurity interview tips, “How to stand out, get hired and advance your career.”

  • What are on-the-job CEH tools?

    Certified Ethical Hackers use a variety of different tools in their job. Some of the most common ones featured on the CEH exam include:

    • Aircrack
    • Burp Suite
    • Cain
    • John the Ripper
    • Kismet
    • Metasploit
    • Nessus
    • Netcat
    • Netcraft
    • Nikto
    • nmap/Zenmap
    • THC-Hydra
    • Wireshark

Paid CEH training and exam prep

How long you need to study for the CEH exam depends on your existing knowledge and experience — and your method of training. Paid training is a great option for those looking to get certified quickly or those who want some expert assistance mastering the concepts covered on the exam.

component 9 column content 0 column image

Live CEH boot camps

Live online or in-person boot camps are often considered the premium CEH training experience. For example, Infosec is an EC-Council accredited partner and offers a dual certification ethical hacking boot camp that prepares you for both the CEH and PenTest+ certifications. Other boot camp providers include Training Camp, Certification Camps, SecureNinja and CBT XPress.

Advantages of enrolling in a boot camp include:

  • Live instruction: Boot camps provide the opportunity to interact with instructors and peers who might have useful industry or exam experience to share.
  • Complete certification package: When searching for a boot camp, be sure to compare what each provider includes and if there will be any additional costs for training materials, exam vouchers or other resources.
  • Higher pass rates: Boot camps prepare you to pass the exam on your first attempt, and providers like Infosec back their training with an Exam Pass Guarantee.
component 9 column content 1 column image

Self-paced CEH training

For those with more time — and self-discipline — a number of training providers offer paid CEH courses you can complete at your own pace. Infosec, Udemy, Cybrary, Pluralsight, Learning Tree offer self-paced CEH training courses.

The advantages of the self-study approach include:

  • Train at your own pace: Train when it’s convenient for you — whether that’s 30 minutes over your lunch or a few hours on the weekend. There’s no need to set aside 40-60 hours for a week of intense, live instruction.
  • Test on your schedule: With a self-study approach, you can take the exam when you feel ready rather than feeling compelled to do so right after a boot camp when the material is freshest in your mind.
  • Accredited training partner: Be sure to train with an EC-Council accredited partner so you can meet the requirements to sit the CEH exam.

CEH comparisons and alternatives

The CEH is designed to prepare you to be an ethical hacker or pentester, but it is not the only option available. The PenTest+ certification from CompTIA has a nearly 80% overlap, and the Offensive Security Certified Professional (OSCP) certification takes a more hands-on approach than the CEH’s knowledge-focused test.

Which one is better for your career? Is the CEH the best certification for you? That all depends on you and your career goals. Check out these articles to learn more: