1.  It's certainly not bad -- at a minimum, it will give you an idea of the modules that are covered on the test and the depth to which they are tested.

2.  Honestly, I think you'd get more out of independent research on topics that you're not familiar with.   Use the book that you have to identify areas that you're not entirely comfortable and then find good references on those areas.

3.  The exam is (similar to many others) a random selection of 150 questions from an increasingly large pool of available questions.   This means you may get an easier draw or you may get a brutal draw.   Further compounding things is that the answers are handled the same way:  randomly drawn from a pool of available answers.   This was originally done to randomize the order of the answers on your question (so you couldn't just memorize "B" for the answer).   Over time, as the pool of available answers on any given question grew, you started to run into the situation where the "correct" answer may not be randomly selected -- i.e. you may not be able to get the question right.

The CEH is a good test in that it tests for technical knowledge that is required to get started hacking/pen-testing.   It does a good job of eliminating false-positives (you generally won't pass it unless you have at least some knowledge of the materials)....not so good at eliminating false negatives.   Like anything else, it simply means that you have the requisite knowledge to get started -- not that you're a hacker.  Like a college degree, it's a tool to open doors and create opportunities that may not otherwise be available to you.

4.  After you have the C|EH, you can test for the ECSA -- it's a cakewalk in comparison.

Seems like as good a place as any to throw out another ChicagoCon 2008f teaser...

Michael Gregg has been added to the slate of speakers during the Ethical Hacking Conference portion of our fall event.

w00t!!

Don

PS - Thanks Mike.

While studying I would recommend that you pay attention to the common service ports, malicious code ports, and pay close attention to the specific tools like netcat, nmap, Wireshark, and Snort (rules and logs).

I feel that while there are straight forward questions like what does XXX do or what port does xxx run on.  I feel that there are just as many questions about xxx is happening on port xxx, what does this mean?  Or possibly, how would you use xxx to do xxx.  More real world examples, rather than straight facts (like a CompTIA test).

And the Graves book is good for the basics, you will have a lot more work to do on your own to fill in some of the details.  The Exam Prep by Gregg is much more in depth.

In regards to security certifications after CEH, it depends on what you want to do and where you are going to end up working.  For a solid basic security cert I would recommend Security Plus.  It is well recognized and easy to study for.  If you really wanted to get into penetration testing you could to ECSA then get the background check and be an LPT.  Or you could get into specializing in IDS, Firewalls, CCNA: Security (you are half way there)... SANS has the broadest range of certifications I have seen.

Keep studying and coming here with your questions.  This was the best forum for me when I was studying and passed CEH on 3/20.

I hope this helps.