Certified Ethical Hacker (CEH)

Certified Ethical Hacker (CEH) exam

The CEH exam is a four-hour, 125 question multiple-choice test. The purpose of this exam is to test your theoretical knowledge of ethical hacking based on the nine CEH domains.

There is a misconception about CEH passing scores, as we explain in our CEH exam article: “EC-Council warns that a common misconception is that you must answer 70 percent of the questions correctly to pass. However, the actual percentage varies and is based on the difficulty of the questions delivered and the input provided by the subject-matter experts who set the cut score to reflect pass/fail status.”

What’s the CEH Practical exam?

The CEH Practical is a completely separate exam and certification from the CEH. It is not required to earn your CEH. It is an additional option that EC-Council describes as a “next step” to consider pursuing after earning your CEH. The CEH Practical exam is six-hours and covers 20 different real-life scenarios in an environment that mimics a corporate network.

The CEH exam is considered entry-level, but it requires a solid understanding of hacking principles in order to pass. That is why EC-Council requires taking an accredited partner training course or having two years of related experience. If you have the required experience or complete the necessary training, you should have the knowledge required to pass the exam.

The CEH exam is a four-hour test with 125 multiple-choice questions. This means that if you have the required knowledge, you should have plenty of time to answer each question.

Pass rates vary depending on an individual’s experience, study habits and test-taking strategies. Those who take an Infosec Ethical Hacking Dual Certification Boot Camp, which covers both the CEH and PenTest+ material, average a 93% pass rate.

For advice on passing the CEH exam, check out our article on CEH exam tips.

You can take the CEH exam either in-person or remotely. The testing center will proctor the exam if you take the exam in person (ETC/Pearson Vue). If you take the exam remotely (ECC/Proctor U), you will have a remote proctor who will use your webcam to verify compliance with EC-Council testing policies.

In addition to Pearson Vue, you can take the exam at EC-Council (ECC) test centers.

The CEH exam voucher may be bundled into the price of various CEH training courses, so be sure to check what’s included if you purchase training through an accredited partner.

EC-Council sells CEH exam vouchers for two different prices depending on if you are taking the exam through Pearson Vue ($1,199) or an EC-Council test center ($950).

The version numbers for CEH can be confusing as EC-Council has both a current exam version (v4) and a current training version (v11) for the CEH prep they sell.

No matter where and how you train for the CEH, the exam will follow CEH Exam Blueprint v4, which was introduced in 2021. You can train for the exam through self-study (along with 2 years of experience), through an accredited partner or through EC-Council.

A CEH certification is valid for three years from the day you are certified. CEH renewals are based on the EC-Council Continuing Education (ECE) program.

To earn a three-year renewal, you must earn 120 ECE credits within that period. Retaking the CEH exam is one way to earn the required 120 credits, but other options are listed on the ECE Policy page. CEH holders will pay an $80 maintenance fee each year, and register credits earned the previous year by February 1.

A CEH has the knowledge and skills to be an ethical hacker or to defend an organization against cybercriminals. Common job titles that a CEH may hold include:

• Ethical hacker
• Junior penetration tester
• Assurance validator
• Security analyst
• SOC analyst

More senior roles related that can benefit from a CEH include:

• Cybersecurity engineer
• Cybersecurity auditor
• Information security manager
• Security consultant

For more information on different cybersecurity roles, check out Infosec’s role page.

The CEH is one of the best-known and most sought-after entry-level cybersecurity certifications. If you need to meet DoD 8570 requirements or want to build your offensive security skills to expand your job opportunities, earning the CEH may be a great choice for you.

Holding the CEH credential can help you demonstrate the required knowledge and skills to interview for a cybersecurity job. From there, the know-how and abilities that enabled you to pass the exam will help you land the role.

Ethical hackers in the U.S. can expect a base salary of around $93,000, although salary can vary quite a bit based on location, experience and company. Below is salary data from various sources as of March 2022:

• Payscale: $93,000 base
• Glassdoor $92,547 base (with total compensation of $113,947)
• Salary.com: $102,764 (with total compensation of $109,166)

While the EC-Council does not publish exact figures, this has been a popular certification since 2003. The CEH Hall of Fame, launched in 2021, recognized 100 of the top CEH holders, all of whom have scored at least a 90% on the exam.

It’s one of the most popular entry-level cybersecurity certifications available.

A CEH certification is a common requirement in job listings. To find ethical hacker jobs on general boards like Indeed, Monster, Glassdoor, LinkedIn and CareerBuilder, search for the keyword “CEH”.

Security-focused job boards such as ClearedJobs and infosec-jobs.com are also good sources of roles for CEH holders. Other good sources of security job postings are cybersecurity groups (ISSA, ISACA, BSides, OWASP, Women in Cybersecurity and others) and cybersecurity websites.

Before your interview, check out our free ebook of cybersecurity interview tips, “How to stand out, get hired and advance your career.”

Certified Ethical Hackers use a variety of different tools in their job. Some of the most common ones featured on the CEH exam include:

• Aircrack
• Burp Suite
• Cain
• John the Ripper
• Kismet
• Metasploit
• Nessus
• Netcat
• Netcraft
• Nikto
• nmap/Zenmap
• THC-Hydra
• Wireshark