Ahoyhoy,

Been reading the boards here for some time, figured it was time to chime in.

I took the C|EH exam on the 20th of Dec and passed with a 74%.  Not thrilled about the score, but I was studying off of older material (and I didn't study very hard), and many of the questions I thought were very poorly worded.  There was one I went over three times, even tried drawing out the question on the dry-erase card they gave me in the exam room to try to visualize the question, just couldn't do it.

The practice exam I used (Exam Prep) really seemed like it was nowhere near what the actual exam was like.  In fact, about 10 questions in to it I remember thinking "this is nothing like the practice test!"  Again, this could have had to do with the fact that I was going off older material (probably v4, book was published March 2006).  For the most part though, I sat for the exam with my "off the street" knowledge, and just really flipped through the book and practice exam.

All that being said, I thought the exam was pretty easy.  I was a little spooked because I've read numerous posts here stating how difficult the exam is/was.  With proper experience in the industry, one shouldn't have much problem passing the exam.  I feel that my failures were mostly related to silly memorization things like "What are the two cybercrime laws that.... blah blah?"  Things like that.  Reference items you don't use on a daily basis.  Tools wise, theory wise, etc, I thought it was all pretty rudimentary. 

Anyway, as a little background.  I've been a computer fiend since about `86 or so.  A Commodore 64 was the first computer I owned, and have been hooked and tweaking ever since.  I entered the IT world about 11 years ago, and the past five have been spent strictly in the Security arena, mostly on the technical side.  Which is okay, I really don't want to take the CISSP. 

Anyway, hello!

Hey Rance,

Welcome to EH-Net, and thanks for finally coming into the fray after watching the boards for a while. Glad to have your input.

I do agree with your overall thought that experience is king and always will be.

Don

Hey Don!  Thank you as well for the welcome.  From what I gather, you're the keeper of this place.  Thanks for creating a nice site for ethical discussions of hacking and the like.

From what I can deduce, the ChicagoCon appears to be put on by EH-Net.  I'm actually really interested in that if there's going to be an `08 version.  I'm just next door in Iowa, so that's be a quick and easy one to get to, and I really like the event list that was posted for `07.  Do you have any news on an `08 C-Con?

rance,

I'm preparing for the CEH with EC Council material. You say the test was easy mostly because you have been working in the area.  Well, I have not been working in the security area.  I want the cert so I can get into security.  My background, I have had a few computer technician jobs and was a network admin for a little while.  I have A+, Sec+ and CCNA.  I currently manage training for IT people and do portal stuff (web).  Anyway, can you give me some advice on what to concentrate on besides my books? 

Thanks

Commgirl

It sounds like you have a fairly well rounded background.  I'd say make sure you have a solid understanding of TCP/IP, Ports, Protocols, etc.  You'll also want to be very familiar with the tools that are covered in the book.  I was surprised  by the number of Snort questions there were.  There's a lot of general knowledge stuff in the exam, which was probably covered by your Sec+ exam.  As BillV said, set up your own test environment and fiddle around.  As you're fiddling, use a packet sniffer (Ethereal/Wireshark) to watch what's going on, that'll give you a better understanding of what's all happening.

Good luck!

Oh, and welcome to EH-Net!

CommGirl,

BillV gave me the same advice and it worked out for me. I took the EC Course and found when I sat for the exam the first time, that there were things not stressed in the course but were on the exam. Good luck.

Mike

Hi Paul,

Welcome to EH-Net.

I can't speak for the newest version that's about to be rolled out, as I'm not familiar with the new modules, objectives, etc. I also am not aware of your background. For all I know, you could be an IT Security professional with 15+ years of experience, in which case a CEH may not be of much benefit. On the flip side, you may just be looking to get into security.

Either way, the CEH course is a good overview of the hacker methodology and the vast array of tools that are available. Just as the description on the EC-Council website states, you will become familiar with using many different tools and programs that are out there to help you scan, attack, and defend a network.

As for whether employers are looking for people with CEH, have a look for yourself.

Hope that helps, and feel free to ask if you have further questions.

BillV