ABOUT THE EXAM
Exam Data Card
- Exam length: 240 minutes maximum
- 125 questions
- Mostly multiple choice with a single answer
- Few to no multiple choice questions with multiple answers
- Few or no exhibits/simulations
- Mark and review: Yes
- Go back and change answers: Yes
- Real exam cost: About $600 at Vue.com; at EC Council Exam Center $500.
- This is the official Blueprint that elaborates on the mix of questions: CEH-blueprint
- Module 1: Introduction to Ethical Hacking
- Module 2: Footprinting and Reconnaissance
- Module 4: Enumeration
- Module 5: Vulnerability Analysis
- Module 6: System Hacking
- Module 7: Malware Threats
- Module 8: Sniffing
- Module 9: Social Engineering
- Module 10: Denial of Service
- Module 11: Session Hijacking
- Module 12: Evading IDS, Firewalls, and Honeypots
- Module 13: Hacking Web Servers
- Module 14: Hacking Web Applications
- Module 15: SQL Injection
- Module 16: Hacking Wireless Networks
- Module 17: Hacking Mobile Platforms
- Module 18: IoT Hacking
- Module 19: Cloud Computing
- Module 20: Cryptography
EXAM REVIEW – WHAT YOU NEED TO KNOW
The Exam Content
Overview: The content of the exam is outdated and is not balanced for the content covered in the syllabus.
For the most part, this test is a measure of your vocabulary, definition knowledge, and historical comprehension of the hacking realm in years gone by. It’s not usual to be asked about the Ping of Death, which sources to 1998, or to get tested on the antiquated Smurf attacks. To be sure, you will not have to read today’s headlines to prepare for the tests inquiries.
Some topics are lightly covered in the exam:
- Social engineering
- Hacking mobile devices
- Hacking the Cloud
- Mobile Hacking
Other areas have extraordinary focus:
That being said, there is a lot of material to cover. In the official book, there are over 2400 pages filled with fine print. You need to know to know your stuff!
Note on exhibits and simulations: The exam went through a dramatic change in 2015. There are few exhibits in the exam. (Which, believe me, you can be grateful for.) There are no simulations.
The quality of the questions is low, but manageable. Words are frequently misspelled. Do not let these errors distract you. Don’t rule out an answer because of a possible misspelling… It could still be the correct answer.
Example: I once came across a question that had to do with obfuscating IP addresses. It was referred to as obstructing IP addresses. The best advice is to forgive their lapses and let it go.
Perhaps the most frustrating aspect of the exam is its lack of precision. It’s not unusual for a question to have no correct answer among those provided. It’s also just as likely that you may have questions that ask you to select one correct answer, when two or more are provided. This is where digging into the details of the book and the EC Council thinking style comes in handy.