For me there seemed to be alot of questions that focused on the different types of NMAP scans and which options you use for those. Also, several questions about ping types and codes. Another area to be familiar with the is what ports services run on and which ones are used for backdoor trojans. You should also be familiar with various dos attacks and the older viruses/worms they mention in the courseware.

 When I took the exam several years ago I was told how the exam worked. There is a pool of around 500 questions. When you take the test , 125 questions are pulled out at random from the pool. This will insure you dont see the exact same questions if you take the exam more than once.
  When I took it, it had a number of questions about reading snort and ethereal logs. Make sure you understand how to read them. Other than that, knowing your nmap switches and trojan ports is good.  Do you know how to convert hex?  Remember that the CEH is all about tools, something some people criticize. Be that as it may, make sure you know what the tools in the courseware are used for, even if you haven't used them. What do you use Xprobe2 or hping for? Things like that.

Hey jax,

Welcome to EH-Net, and thanks for the heads up. We have a few threads on the difference between v4 and v5 of the CEH exam, so your practical experience with the new exam will be greatly appreciated in this forum.

What other topics were covered that were not expected? Can you give us some of the information on what you did to study? Boot camp, with what group, self study, what books and study materials? When are you taking the exam again? The sooner the better. 

Thanks again and good luck,
Don

when i took it there was alot of reading code and nmap stuff, the books i got was from the training camp they give ya some big Binders that has all the stuff you need. I did pass mine, but like i said it was a bootcamp setting.