Certified Ethical Hacker version 12
ABOUT THE EXAM
- Little has changed in the v12 to v13 update. The expected level of trivia knowledge is very high.
- No change to Modules list.
- Exam length: 240 minutes maximum
- 125 questions
- Passing minimum score 60% to 85%, depending on which exam form assigned. Easier questions requires 85%; harder versions allow as low as 65%.
- All multiple choice with a single answer
- Few to no multiple choice questions with 2 or more answers expected.
- No or few exhibits.
- Many questions about choosing the correct tool in a scenario.
- Many questions about identifying a particular type of attack.
- Mark and review: Yes
- Go back and change answers: Yes
- Real exam cost: About $600 at Vue.com; at EC Council Exam Center $500.
- This is the official Blueprint that elaborates on the mix of questions: CEH-blueprint
Domains covered:
- Module 1: Introduction to Ethical Hacking
- Module 2: Footprinting and Reconnaissance
- Module 3: Scanning
- Module 4: Enumeration
- Module 5: Vulnerability Analysis
- Module 6: System Hacking
- Module 7: Malware Threats
- Module 8: Sniffing
- Module 9: Social Engineering
- Module 10: Denial of Service
- Module 11: Session Hijacking
- Module 12: Evading IDS, Firewalls, and Honeypots
- Module 13: Hacking Web Servers
- Module 14: Hacking Web Applications
- Module 15: SQL Injection
- Module 16: Hacking Wireless Networks
- Module 17: Hacking Mobile Platforms
- Module 18: IoT Hacking
- Module 19: Cloud Computing
- Module 20: Cryptography
EXAM REVIEW – WHAT YOU NEED TO KNOW
The Exam Content
Overview: The content of the exam is outdated and is not balanced for the content covered in the syllabus.
For the most part, this test is a measure of your vocabulary, definition knowledge, and historical comprehension of the hacking realm in years gone by. It’s not usual to be asked about the Ping of Death, which sources to 1998, or to get tested on the antiquated Smurf attacks. To be sure, you will not have to read today’s headlines to prepare for the tests inquiries.
Some topics are lightly covered in the exam:
- Hacking mobile devices
- Hacking the Cloud
- Mobile Hacking
Other areas have extraordinary focus:
- Social engineering
- Scanning
- Malware
- Sniffers
- Evasion
That being said, there is a lot of material to cover. In the official book, there are over 1200 pages filled with fine print. You need to know to know your stuff!
Question Quality
The quality of the questions is low, but manageable. Words are often misspelled. Do not let these errors distract you. Don’t rule out an answer because of a possible misspelling… It could still be the correct answer. Wording is quite vague. You will find many questions with two correct answers and just one choice.
Example: I once came across a question that had to do with obfuscating IP addresses. It was referred to as obstructing IP addresses. The best advice is to forgive their lapses and let it go.
Perhaps the most frustrating aspect of the exam is its lack of precision. It’s not unusual for a question to have no correct answer among those provided. It’s also just as likely that you may have questions that ask you to select one correct answer, when two or more are provided. This is where digging into the details of the book and the EC Council thinking style comes in handy.