I recently took the CEH v10 exam and passed. In this post, I summarize my experience in pursuing the path to becoming a Certified Ethical Hacker.
Hopefully, you’ll find this post useful in studying, preparing and passing the CEH exam.
I’ve been working in IT for almost 20 years. I started as a Java Developer in early 2000 and the last 15 years have been heavily involved in functional testing, test automation, and quality assurance.
I embarked on the CEH journey with almost no networking knowledge and almost no security knowledge.
If you asked me anything about any of the following, I wouldn’t have a clue!
- CIA triad and foundations of security
- OSI Model
- TCP/IP Model
- How computers in a network communicate
- Network and Port scanning / Enumeration
- What are the different networking protocols
- Important port numbers
- Network attacks, MAC Flooding, DHCP Starvation, ARP attacks
- IPSec, DNSSEC
- Spoofing, Sniffing, MitM attacks
- Various types of cryptography algorithms and associated attacks
- Wireless attacks
- And the 100’s various tools that can be used in hacking
- NMap, Wireshark, Metasploit
And these are just the tip of the iceberg. There are many more concepts and methodologies not listed above. You can see that to a new beginner in the security field, it looks quite overwhelming and daunting.
The Certified Ethical Hacker course is expensive. I took my CEH course in London and it cost a whopping £2000.00. It runs for 5 days, from 9 am to 5 pm. You get to create your own lab to carry out the exercises. The course is a mixture of both theory and hands-on practice, illustrating the different types of hacking techniques.
Important to note that the CEH course is geared towards the offensive side rather than defensive. Yes, it does talk about controls and countermeasures, but it will also teach you how to bypass those controls.
A note of advice: make yourself familiar with the basics of networking and security before taking the CEH course.
I took the course without knowing the basics and for the most part, I was completely clueless. Had I known the basics, it would have helped me a lot more to understand the concepts of what was being demonstrated in the course.
For me, it was more about learning new concepts and gaining a deeper understanding of technology in general.
As I progressed through my career in software testing, I felt it was a natural progression to move into security and penetration testing. After all, if you want to look at quality holistically, you should look at it from all angles and not just focus on functional testing.
Study Plan and Sources
As previously mentioned, for me the CEH course was just an eye-opener in regards to how much I didn’t know. In order to pass the exam, I knew I had to invest a lot of time and effort on self-study. I had to learn a lot of new concepts.
As I already work fulltime, any self-study had to be done after work hours, typically in the evenings and weekends.
I started my self-study program beginning of June 2019 and I started with the Linux Academy’s Certified Ethical Hacker (CEH) Perp Course. It’s about 37 hours of videos and covers all the topics of CEH v10 Syllabus.
It took me roughly 2 months to get through all the videos and the labs.
In August 2019, I bought Matt Walker’s All in One (AIO) CEH book and it was the best investment.
At about the same time, I also booked my exam, to be taken on 31st October 2019.
I read Matt Walker’s book cover to cover twice in a span of 2 months. I also did the exercises at the end of each chapter and experimented with some of the tools.
I refrained from doing any practice exams until I was 2 weeks away from the real exam date. The reason being, I didn’t want to only focus on exam questions. I wanted to understand the concepts first and then attempt the practice exams.
By mid-October, I had read all the materials from Matt Walker’s book, had seen a number of videos and absorbed information from various sources - See Reference section at the end of this post.
Basically, the last two weeks prior to the real exam, I did many practice tests and reread the areas which I struggled with.
The first practice exam I attempted was the one from Linux Academy. In terms of the difficulty, I would say it was on par with the real exam.
Next, I attempted the 300 questions, practice tests, which came as part of Matt Walker’s AIO book. I found the questions to be slightly easier than the real exam.
Alongside taking the exams, I also bought Matt Walker’s AIO companion book which is filled with questions for each chapter of the book. I found those questions to be slightly more difficult than the real exam.
And I kept the best for last, the Boson Exam Simulator for CEH v10, which has a total of 600 practice questions.
I attempted all four practice exams, each one is 125 questions. I found the exam questions to be almost the same level of difficulty as the real exam, although some argue that they are slightly more difficult.
The great thing about the Boson Exams is the comprehensive explanations provided for each question. Regardless of whether you get the question right or wrong, read those explanations. They are very informative and come in very handy during the real exam.
My average score from the Boson Exams was around 80% mark.
The day before the exam, I only concentrated on areas in which I didn’t score well on the practice exams.
The evening before the exam I put everything away and just relaxed for the big day.
The CEH v10 Exam
The exam is 125 multiple choice questions and you are given 4 hours to complete the test.
The first thing to note is that 4 hours is way more than enough time to complete 125 questions. You should not panic or worry about running out of time.
About 50% of the exam questions, you should be able to answer in less than 30 seconds.
When I did the practice exams, I could complete all 125 questions in less than 2 hours.
In the real exam, I also finished in 2 hours, but I spent about 20 more minutes reviewing the questions and answers.
The passing score for CEH v10 is anything from 60% to 85% depending on the level of difficulty of the questions.
I passed the exam with a score of 87.2%.
I would say the exam was quite difficult in the sense that there were questions that had very similar answers. For these types of questions, you need to know security holistically. Also in these questions, common sense prevails.
There were also a bunch of questions that were designed to trip you, so be very careful about what appears to be the correct answer. When you read the question carefully and read the answers carefully, you can usually spot the trick!
I found the overall exam to be focused more on overall security knowledge.
As for tools, there were questions on Nmap syntax, Wireshark, Snort, OpenSSL, Netstat, Hping.
Also a handful of questions on hacking methodologies. Also on scanning methodologies, types of port scan types, port numbers and return responses from open and closed ports.
I cannot say which area or what tool was the most prominent in the exam. The questions seemed to be from the full spectrum of the CEH v10 syllabus. The exam questions tested on every topic and in most cases to a great depth.
I was quite relieved when the exam finished as it was a mind-numbing exercise. You really have to concentrate very hard reading each question its answers in detail.
As mentioned earlier, I did find some questions purposely designed to be tricky, to get you to select an obvious answer. The tip is to read each question in detail, and you can usually spot the trick.
Having gone through the experience of studying and taking the CEH exam, I would say it was well worth the effort. It taught me a lot of foundations about security and networking.
One thing about taking an exam is that it forces you to study and learn the material well.
It required a lot of dedication and many late evenings of self-study but I am happy with the results.
If you are studying for the exam, make sure to go through all the contents of the CEH v10 syllabus before attempting the practice exams. Make sure you really understand the concepts. And finally do as many practice exams as you can before the real test.