Is CEH Difficult?

In this post I outline some basics that are required for being able to pass the Certified Ethical Hacker certification by EC Council.

The main point is this: YES – it is 100% achievable.

TL;DR #1
CEH is multiple choice, so you need to master multiple-choice answering as well.

TL;DR #2
The feedback is (so far) that to pass CEH you’re best to use as much courseware as possible as provided by EC Council.

Mega Update: I Passed CEH!

Well, in fact, I passed it back in 2018 but I only got round to updating this post in February 2023!

If I can do it, trust me, you can too!

I am not the most technical person but I’m good with coding (PHP/WordPress) and I’ve been technical my whole life, but I am not a “professional” programmer or anything like that.

I passed the CEH course, but only just – I scraped by.

The Certified Ethical Hacker (CEH) exam has 125 multiple-choice questions, with a 4-hour time limit.

What’s The CEH Pass Mark?

To pass the CEH exam you need to score a minimum of at least a 70% on the exam or get 88 or more of the questions correctly before you are awarded this InfoSec certification.

I passed with only 92 so yes, I did scrape-by! However, a pass is a pass!

What Did I Do To Pass CEH?

• Self-taught (watched a ton of videos online)
• I got a copy of the official CEH exam is 312-50 courseware
• I did a lot of practice CEH exams

I studied by myself (self-study) and paid the CEH exam license and booked the online exam that was invigilated by basically someone having access to my desktop (which was a bit weird if I’m honest).

Anyways – my person experience of whether the CEH is hard or not, was that I didn’t actually find it that difficult, in fact I found the CompTIA Security+ course a little more tricky.

I self-studied and used a bunch of training videos that I found online.

It’s a bit of a funny question if you think about it, because, after all – how do you gauge whether a Cybersecurity Professional certification like the Certified Ethical Hacker “is difficult?”.

The simple answer of course is: it depends.

If you’ve studied the OSCP then you’ll find the CEH easy(ish).

If you’ve never studied or learned anything about InfoSec and Offensive security principles and technologies, hacker software or otherwise, then you’ll likely find passing the CEH exam difficult.

Why Did I Write This Post?

I used to get asked a lot “Is CEH Difficult”, or “Is CEH Easy”, when this website was one of the original Cybersecurity Certification training providers.

I’ve been covering Cybersecurity training for many years now, but one certification that has been there from day one is CEH. Love it or loathe it let’s just agree that HR and Recruiters tend to love this Cybersecurity Certification.

How Hard Is CEH In 2021?

As of the last time I updated this post (in early 2021) the latest CEH is at version v11. It does seem to have become a little more tricky in my opinion.

When I studied and passed the CEH exam it was entirely multiple choice and I suspect that they are experiencing a lot of competition with OSCP; a certification that is practical.

Perhaps employers respect the fact that OSCP is practical and with a time limit, i.e. the student has to pwn a bunch of boxes within a strict time-limit.

However, as stated, a lot of HR recruiters do look at CEH as a positive when filling headcount for Cybersecurity Companies.

Anyways, back to the post. What I thought to do was to ask people that have studied the CEH and ask them how hard they found the actual CEH course.

I asked Cybersecurity Professionals that have taken and passed CEH what their thoughts and experiences are, how they studied for – and passed – the certifications. I also asked them whether the CEH designation has helped their career.

Also, and more of an FYI, other certifications we’ve asked for advice from professionals that passed them include:

• CISSP (Certified Information Systems Security Professional)
• OSCP (Offensive Security Certified Professional)

If you’re interested we also have the same resource designed to help folk understand how to prepare and pass OSCP.

There was a period when CEH exam questions appeared on the Internet and other sources. These question banks were easy to obtain and some people swot up and pass the exam by this method and don’t even prepare with the course materials. However, from the CEH v9 onward, EC-Council has tightened the exam process. Interacting with my students, I heard comments that the questions have changed quite a bit.

Also in the exam, lots of questions are appearing which can be answered with a person who ought to have knowledge in Penetration Testing, vulnerability assignments, Network Security and Incident response. Altogether simply ‘reading a CEH book’ will not help it. Some of the questions relate to whether the students have played with corresponding hacking tools or not. Of course, there are also generic knowledge-based questions in InfoSec.

So my advice to students is that, read the courseware thoroughly, go through each slide, play with all the pentesting tools at least mentioned in the core tools section of CEH. Take the preparatory exam available on the EC-Council website to get a feeling of real exam which ultimately helps you to prepare for the challenges in real life as well as to clear the examination.

---

It’s very important that you get familiar with the exam first before attempting it. Many blogs and forums are there where you can get connect. Better to use a study guide for CEH exams. Start practice questions by which you will get immediate feedback about your preparation & you will come to know which topics you need to study hard.

---

Need networking, Operating system basics.

---

Study the official agenda with all topics.

---

Prepare around 2 months to read the book and try the practice exam. Be sure to pass on the practice exam for you to get a higher chance in passing.

---

Mainly go through the presentations provided by the EC Council. Also, practice with the tools provided. Do some research on the internet also this will help you to get some idea about the exams.