To obtain the Certified Ethical Hacker (CEH) certification, you must score 60–85%, depending on which form of the exam you receive. The certification exam contains 125 multiple-choice questions on various security-related topics, including common hacking tools, networking and computer concepts, penetrating methodologies, and ethics. You can find all of the objectives on the CEH exam blueprint (revised November 1, 2018).
To pass and obtain the CEH, you need to have a comprehensive strategy both before and on exam day.
Plan your Attack
Every attack is different and should be tailored to your learning style, but here are some recommendations:
- Schedule your Certified Ethical Hacker (312-50) exam immediately. You can schedule the exam through through Pearson/VUE or directly from EC-Council’s online exam platform. Think of the appointment date as the endpoint of your study plan and work backwards. But don’t worry if you need to extend your study; you can reschedule for a small fee. Just make sure you reschedule at least a week before the appointment, or you may forfeit your payment.
- Design your study plan around the exam objectives. You can organize your study time however you like, but remember, you need to relate it back to domain mastery. Don’t be concerned about the official course module order. You’ll probably need to skip around in the beginning until you’re ready for a more holistic review.
- Drill and research. Run through the QBank as much as you can, reading the explanations in detail and looking up the references for more information. In the beginning, follow the rabbit holes until you know everything about the topic and could answer any number of additional questions about it. It’s very likely you’ll get a few questions on the live exam that cover the same ground.
- Play with the tools. You can launch labs, look up user guides, and read security blogs. But don’t just follow the steps to do something blindly. See what happens if you use a different command-line switch, or explore if you can use the tool differently. Again, the more thoroughly you use a tool, the more likely you’re going to remember it.
- Review before exam day. At least two weeks out from your appointment, reign in the curiosity. Use flashcards and create your own memory aids. Take advantage of the Kaplan discussion board, or find an online or local study group. Peer pressure is a powerful motivator!
- Give yourself plenty of time. If you’re travelling to a testing center, give yourself at least a couple of hours buffer. If you get there too early, then you can spend any extra time reviewing. If you’re using remote proctoring at home, then make sure your computer meets all prerequisites days before. Eliminate any reasons for panic in the precious moments before the exam.
Reverse Engineer the Exam
You’re studying to be a hacker, so think of the exam as the system to hack. There’s no reason to read each question straight through. Read the last sentence, or better, the last option, first. Hone in on the vulnerable keywords and exploit them. Take on the right mindset—you’ll be surprised how little time is wasted with anxiety.
Watch the time, but remember, you can mark questions and go back to them. Get the easy ones out of the way first and look for best-guess clues on the hard ones. There’s no penalty for getting an answer wrong, but if you leave one blank, you’ll definitely regret it.
On the exam, there may be terms you didn’t study. But leverage your strengths and pull out the keywords and concepts you did. Many times, the concept is more important than the exact term or context. Other times, the context is critical, and the terms are just honeypots.
Know which is the case and learn how to quickly predict how much time you really need to spend on the question.
Remember, this exam is the culmination of your experience and study so far. The exam is not nearly as difficult as the time and energy you’ve already put forth. Be methodical and focused, like a good penetration tester, and you should have no problem passing the exam and becoming a genuine Certified Ethical Hacker!
Posted by: Josh Hester