My road to becoming a Certified Ethical Hacker

Certified Ethical Hacker (CEH) v11, a certificate with a name that gives people the impression you’re indeed an official ethical hacker. In this write-up, I’ll provide some information about my preparations, my experience with taking the exam, and concluding thoughts about this certificate.

Study preparations

I started studying one month in advance of the exam. On average, I studied 3 hours per day. However, there were some days when I studied more and some when I studied less due to life happening. Let’s look at the timeline.

Week 1-2

The first two weeks consisted of studying the book CEH Certified Ethical Hacker All-in-One Exam Guide, Fourth Edition. I bought this book in late 2020 when CEH v10 was the latest version. However, this study guide misses some information that is needed for v11. I would advise you to look for a study guide that includes the topics that are added in CEH v11.

I studied the parts that were missing from the study guide by searching for them online.

Week 3-4

For me, the best way of studying is doing a lot of practice exams to get a good grip on the study content and a general understanding of the way exam questions work. Doing practice exams forces you to use active recall, an efficient learning strategy. The study material I used was CEH v10 and v11 practice exams from Boson.

I bought the CEH v10 practice exam from Boson. It contained 600 exam questions, divided into 4 exams. I did all 600 questions in my third week of studying. When I answered incorrectly, the correct answer was shown with the explanation. This was a great way of understanding why I answered incorrectly and studying the material.

While studying, a nice surprise hit me. One week before my exam, I received a free upgrade to Boson practice exams for CEH v11. This practice exam bundle contained 375 exam questions, divided into 3 exams.

The difference between v10 and v11 in terms of exam questions was apparent. While v10 questions were worded like: “Which of the following best-described X?”, v11 questions were worded like: “Brend, a user, receives an email that appears to be from his bank.. [insert rest of phishing story here].. What type of attack did Brend experience?”. The v11 questions provided the context of a situation and asked what definition is related to the provided situation.

What was excellent, was the CEH v11 practice questions from Boson were very similar to the questions asked in the CEH v11 exam. Therefore, I would strongly recommend using the Boson practice questions as preparation for your CEH exam.

Taking the exam

I took the CEH exam on location. As I’m a morning person, I scheduled my exam for Monday at 9:30 in the morning. This allowed me to study all weekend to be fully prepared for the exam. Some general tips that work well for me:

  1. Get enough sleep the night before the exam
  2. Relax before going into the exam, you’ll need all the cognitive energy you can muster for focusing 275 minutes on an exam. I relax by listening to music and walking around
  3. On the day of the exam, drink water and don’t take too much caffeine
  4. Prepare your bag with everything you need the day before your exam; if allowed take food with you during the exam.

I arrived at the location at 9:00, so I had some time to settle down. In total, I had 275 minutes for the multiple-choice exam. However, when taking the practicing exams, I completed them in roughly 100 minutes. This meant I had enough time to do the whole exam twice, and take my time for questions I wasn’t sure about.

My strategy was to read the question and think of an answer without looking at the multiple-choice answers. When it wasn’t clear what the answer was, I looked at the multiple-choice answers and used elimination to come to the most likely correct answer. When I was still not sure about my answer, I would flag the question. Flagging questions give you the opportunity at the end of the exam to review all flagged questions before finalizing your exam.

After 2 hours, and reviewing all my flagged questions, I finished the exam. Clicking on ‘Submit exam’ after reading something like ‘You cannot go back after this step, your exam will be finalized’ was suspenseful, to say the least. But there it was, the result screen that stated I passed the exam! In all my excitement I walked out of the exam room, just to be looked at in confusion by the exam takers asking why I was standing there. “Well, the screen stated I passed the test” “Oh, well, we don’t see it in our system”. I guess there’s also a ‘Submit the exam now for real and forever’ button on the result screen I missed. Despite missing the button, I’m now a Certified Ethical Hacker.

Conclusion

While CEH is a theoretical certificate about ethical hacking and does not reflect whether you’re able to conduct a quality security test, it can certainly be valuable as a cybersecurity professional. Governments and other big organizations tend to ask for a CEH certificate when you’re applying there for a cybersecurity project or job. Sometimes it is even a knock-out criterion for applying. When you’re already familiar with conducting security tests, most of the theory is something you already know. Therefore, preparing for this certificate is doable and can provide benefits in your future cybersecurity career. However, if you’re new to cybersecurity, keep in mind this certificate doesn’t provide you with the practical hacking skills you’re maybe looking for.

References

CEH Certified Ethical Hacker All-in-One Exam Guide, Fourth Edition
Wikipedia - Active Recall
Boson CEH practice exam v11