Those who wish to become ethical hackers should take the Certified Ethical Hacker (CEH) exam available from EC-Council. An ethical hacker tries to penetrate the security measures of the company he or she works for to find and correct flaws. This skilled information technology certification requires a five-day training course prior to taking the test. Keep reading for a detailed CEH exam Overview.

The CEH Class
Not anyone off the street can take the CEH required course. The only student permitted to attend must work for real companies and hold a position within security or be a site administrator. The accredited training centers will check to verify the employment and identity of all people who apply to take the course.

The five-day course teaches students how to scan and hack various network systems to test for vulnerabilities. They will learn how to identify these attacks and neutralize them, preparing them for working as an ethical hacker. The course thoroughly prepares students for the CEH 312-50 exam, which is ANSI accredited. The class covers 20 different modules and allows students to take the CEH exam at the very end, or students can choose to wait and continue through a testing facility at a later date.

Image of a person's hand typing on a computer that shows lines of code. Close up. Tinted green.

Module 01: Introduction to Ethical Hacking
Module 02: Footprinting and Reconnaissance
Module 03: Scanning Networks
Module 04: Enumeration
Module 05: Vulnerability Analysis
Module 06: System Hacking
Module 07: Malware Threats
Module 08: Sniffing
Module 09: Social Engineering
Module 10: Denial-of-Service
Module 11: Session Hijacking
Module 12: Evading IDS, Firewalls, and Honeypots
Module 13: Hacking Web Servers
Module 14: Hacking Web Applications
Module 15: SQL Injection
Module 16: Hacking Wireless Networks
Module 17: Hacking Mobile Platforms
Module 18: IoT Hacking
Module 19: Cloud Computing
Module 20: Cryptography

Preparing for the CEH Exam
Candidates should be prepared to study material from all modules from the training course as the exam covers all sections.

1. Background (27 questions/21.79%)
2. Analysis/Assessment (16 questions/12.73%)
3. Security (30 questions/23.73%)
4. Tools/Systems/Programs (36 questions/28.91%)
5. Procedures/Methodology (11 questions/8.77%)
6. Regulation/Policy (2 questions/1.90%)
7. Ethics (3 questions/2.17%)

Candidates should spend more time studying the larger sections as they contain the most points in the exam. To get an idea of what areas of the course to study, candidates can take the 50-question practice test on the EC-Council website.

Taking the Exam
In order to take the exam, candidates must send in an Exam Eligibility Application Form. Applicants must have taken the course or have at least two years of information security experience. Once EC-Council receives the form, they will check the employment verification and educational verification if applicable. Once approved, the candidate must purchase an exam voucher directly with EC-Council.

When a candidate goes to take the exam, he or she will need a voucher, along with the eligibility code. Exam staff will verify this information before the test can start. The exam itself is 125 multiple-choice questions. Candidates should expect the exam to last for four hours. EC-Council Exams are provided in multiple forms (different question banks) and the difficulty rating of each question is determined. The individual rating then contributes to an overall “Cut Score” for each exam form. To ensure each form has equal assessment standards, cut scores are set on a “per exam form” basis. Depending on which exam form is challenged, cut scores can range from 60% to 85%.

Upon completion of the exam, the candidate will be notified if he or she passed. Upon passing, a CEH welcome kit will arrive by mail within four to eight weeks. The certification is good for up to three years, and renewal requires 120 continuing education credits. Passing the exam certifies that the candidate can secure his or her company’s network from intrusions.