Certified Ethical Hacker (CEH)

What is the CEH certification?

The Certified Ethical Hacker, or CEH certification, was created by the EC-Council in 2003. It is one of the most requested certifications on cybersecurity job postings, and it meets several DoD Directive 8570 requirements for those who work for or contract with the Department of Defense. The CEH tests your knowledge of ethical hacking, including core concepts, methodologies, tools and countermeasures. To learn more about ethical hacking careers and certifications like the CEH, watch our free webcast, Learn how to hack and conduct a penetration test.

What are the CEH domains?

The current version of the CEH exam covers nine knowledge areas, or domains.

Learn more about the CEH domains.

 

 How do I get the CEH?

CEH certification requirements are fairly simple as it is an entry-level cert. CEH eligibility requires meeting one of two conditions:

To earn your CEH, you need to fill out the CEH exam eligibility form and pay a non-refundable $100 application fee. After your application is approved, you have three months to purchase an exam voucher, which is good for one year from the date of purchase. Finally, you need to schedule and pass your CEH exam.

What does a CEH do?

Ethical hackers help organizations identify weaknesses in their security by trying to break into their systems — but it’s not all about hacking, warns Infosec Principal Security Researcher Keatron Evans.

“It’s the same process that a malicious threat actor would go through if they’re trying to break into your organization,” says Keatron. “They would do reconnaissance and research about you, and then based on what they find they would start trying to break in.”

Watch the live demo from Keatron to see a penetration test in action.

 

The CEH exam

In 2021, EC-Council updated the exam to follow the new CEH v4 exam blueprint, which significantly changed the CEH exam. The goal of the exam is to test whether you have the knowledge required to perform an ethical hack or penetration test. Read an overview of the CEH exam to learn more.

  • What is the CEH exam outline and structure?
    • Certified Ethical Hacker (CEH) exam

      The CEH exam is a four-hour, 125 question multiple-choice test. The purpose of this exam is to test your theoretical knowledge of ethical hacking based on the nine CEH domains.

      There is a misconception about CEH passing scores, as we explain in our CEH exam article: “EC-Council warns that a common misconception is that you must answer 70 percent of the questions correctly to pass. However, the actual percentage varies and is based on the difficulty of the questions delivered and the input provided by the subject-matter experts who set the cut score to reflect pass/fail status.”

      What’s the CEH Practical exam?

      The CEH Practical is a completely separate exam and certification from the CEH. It is not required to earn your CEH. It is an additional option that EC-Council describes as a “next step” to consider pursuing after earning your CEH. The CEH Practical exam is six-hours and covers 20 different real-life scenarios in an environment that mimics a corporate network.

  • How hard is the CEH exam?
    • The CEH exam is considered entry-level, but it requires a solid understanding of hacking principles in order to pass. That is why EC-Council requires taking an accredited partner training course or having two years of related experience. If you have the required experience or complete the necessary training, you should have the knowledge required to pass the exam.

      The CEH exam is a four-hour test with 125 multiple-choice questions. This means that if you have the required knowledge, you should have plenty of time to answer each question.

      Pass rates vary depending on an individual’s experience, study habits and test-taking strategies. Those who take an Infosec Ethical Hacking Dual Certification Boot Camp, which covers both the CEH and PenTest+ material, average a 93% pass rate.

      For advice on passing the CEH exam, check out our article on CEH exam tips.

  • Where do I take the CEH exam?
    • You can take the CEH exam either in-person or remotely. The testing center will proctor the exam if you take the exam in person (ETC/Pearson Vue). If you take the exam remotely (ECC/Proctor U), you will have a remote proctor who will use your webcam to verify compliance with EC-Council testing policies.

      In addition to Pearson Vue, you can take the exam at EC-Council (ECC) test centers.

  • How much does the CEH exam cost?
    • The CEH exam voucher may be bundled into the price of various CEH training courses, so be sure to check what’s included if you purchase training through an accredited partner.

      EC-Council sells CEH exam vouchers for two different prices depending on if you are taking the exam through Pearson Vue ($1,199) or an EC-Council test center ($950).

  • What is the current CEH version?
    • The version numbers for CEH can be confusing as EC-Council has both a current exam version (v4) and a current training version (v11) for the CEH prep they sell.

      No matter where and how you train for the CEH, the exam will follow CEH Exam Blueprint v4, which was introduced in 2021. You can train for the exam through self-study (along with 2 years of experience), through an accredited partner or through EC-Council.

  • How do I earn CPEs and renew my CEH?
    • A CEH certification is valid for three years from the day you are certified. CEH renewals are based on the EC-Council Continuing Education (ECE) program.

      To earn a three-year renewal, you must earn 120 ECE credits within that period. Retaking the CEH exam is one way to earn the required 120 credits, but other options are listed on the ECE Policy page. CEH holders will pay an $80 maintenance fee each year, and register credits earned the previous year by February 1.

Free and self-study CEH materials

A variety of resources are available to help you prepare for your CEH exam, but a good starting point is the CEH exam blueprint. This exam outline is the definitive resource on what will be included in the CEH exam. Based on this outline, you can develop a training plan and seek out training resources.

 

CEH study guides and CEH books

A number of study guides and books are available to help you prepare for the CEH exam. You can find them at your local library or book store, or at online stores like Amazon and elsewhere. Two of the most popular are:

  • CEH v11 Certified Ethical Hacker Study Guide by Ric Messier
  • CEH Certified Ethical Hacker All-in-One Exam Guide, Fifth Edition by Matt Walker

You can also find a number of free video walkthroughs of key concepts and tools, such as this video featuring Infosec Skills author Mike Meyers demoing password cracking.

CEH practice questions and exams

Practice questions and exams are a great way to gauge your progress when studying for the CEH and identify topics that might require additional focus. Some sources of CEH practice questions include:

  • Official EC-Council 50 question practice assessment
  • CEH v11: Certified Ethical Hacker Version 11 Practice Tests by Rick Messier
  • Pocket Prep Desktop or Mobile App
  • Boson CEH practice exam

In addition to these options, many CEH training courses and content include practice questions. For example, Infosec Skills CEH training includes a customizable practice exam with more than 1,000 questions.

 

Other free CEH training resources

Books and practice exams are great resources to help you prepare, but don’t be afraid to join online communities as well. Some other places to look for free CEH training materials include:

  • Forums: TechExams, Reddit and similar forums commonly include posts by people preparing for the CEH exam or who have already taken it.
  • Podcasts: The CEH exam is designed to help advance your career in cybersecurity. Learn more about career and training journeys with podcasts like Cyber Work.
  • Other social media: The CEH is a popular exam, and many people have created free training videos on YouTube, TikTok, Twitch and other platforms.

CEH jobs and careers

The CEH is one of the most requested certifications in security job postings in the U.S. and is one of the certifications included in the DoD Directive 8570. Learn more about the job outlook for CEHs.

  • What does a CEH do?
    • A CEH has the knowledge and skills to be an ethical hacker or to defend an organization against cybercriminals. Common job titles that a CEH may hold include:

      • Ethical hacker
      • Junior penetration tester
      • Assurance validator
      • Security analyst
      • SOC analyst

      More senior roles related that can benefit from a CEH include:

      • Cybersecurity engineer
      • Cybersecurity auditor
      • Information security manager
      • Security consultant

      For more information on different cybersecurity roles, check out Infosec’s role page.

  • Is the CEH worth it?
    • The CEH is one of the best-known and most sought-after entry-level cybersecurity certifications. If you need to meet DoD 8570 requirements or want to build your offensive security skills to expand your job opportunities, earning the CEH may be a great choice for you.

      Holding the CEH credential can help you demonstrate the required knowledge and skills to interview for a cybersecurity job. From there, the know-how and abilities that enabled you to pass the exam will help you land the role.

  • What is the CEH salary?
    • Ethical hackers in the U.S. can expect a base salary of around $93,000, although salary can vary quite a bit based on location, experience and company. Below is salary data from various sources as of March 2022:

      • Payscale: $93,000 base
      • Glassdoor $92,547 base (with total compensation of $113,947)
      • Salary.com: $102,764 (with total compensation of $109,166)
  • How many people have a CEH?
    • While the EC-Council does not publish exact figures, this has been a popular certification since 2003. The CEH Hall of Fame, launched in 2021, recognized 100 of the top CEH holders, all of whom have scored at least a 90% on the exam.

      It’s one of the most popular entry-level cybersecurity certifications available.

  • Where can I find ethical hacker jobs?
  • What are on-the-job CEH tools?
    • Certified Ethical Hackers use a variety of different tools in their job. Some of the most common ones featured on the CEH exam include:

      • Aircrack
      • Burp Suite
      • Cain
      • John the Ripper
      • Kismet
      • Metasploit
      • Nessus
      • Netcat
      • Netcraft
      • Nikto
      • nmap/Zenmap
      • THC-Hydra
      • Wireshark

CEH comparisons and alternatives

The CEH is designed to prepare you to be an ethical hacker or pentester, but it is not the only option available. The PenTest+ certification from CompTIA has a nearly 80% overlap, and the Offensive Security Certified Professional (OSCP) certification takes a more hands-on approach than the CEH’s knowledge-focused test.

Which one is better for your career? Is the CEH the best certification for you? That all depends on you and your career goals. Check out these articles to learn more: