Friday, 6 March 2015

Frequently Asked Questions about EC-Council’s CEH certification


By Sarah Morgan


With the recent spate of high profile hacks targeting the biggest and wealthiest, you might not be surprised to learn that EC-Council’s Certified Ethical Hacker cert is experiencing a boost in popularity.

As malicious hacking and cybertheft become increasingly prevalent in our lives, the CEH will continue to gain in importance. A lack of information security knowledge and investment is often to blame for data and system breaches – it’s clear that organisations need professionals with advanced security skills.

In response to this growing need, more and more professionals are looking to the CEH as a way of gaining new security skills and securing a rewarding career as an Ethical Hacker.

There’s a lot to learn about this popular cert - let’s take a look at the most frequently asked questions about EC-Council’s CEH certification.


Q. What actually is an Ethical Hacker?

A. Ethical hackers attempt to penetrate a computer system or network with the aim of finding security vulnerabilities that could otherwise remain undetected. However, unlike malicious hackers, ethical hackers are given permission to undertake these controlled attacks.

Without these harmless penetration tests, security holes could remain unseen, leaving the organisation in a position that a malicious hacker could exploit.

pat138241 / FreeDigitalPhotos.net


Become an Ethical Hacker and you’ll learn to use the same techniques and tools as a cybercriminal. However, instead of exploiting these vulnerabilities, as an Ethical Hacker you’ll document security holes and provide actionable advice on how they can be fixed.


Q. How much does an ethical hacker earn?

Ethical hackers earn an average advertised salary of £55,000 according to data from ITJobsWatch.


Q. Why should I get the CEH cert?

A. The CEH is a brilliant introduction into the world of Ethical Hacking. You’ll finish your certification with an in demand set of skills covering Intrusion Detection, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.

Plus, if you need to break into the field of ethical hacking or penetration testing, the CEH will put you ahead of other uncertified job applicants (assuming you similar experience).

It’s a benchmark certification for ethical hackers - “CEH is the original standard,” says Albert Whale, president and chief security officer at IT Security, Inc.


Q. Is the CEH necessary to get a job in Ethical Hacking?

A. The CEH is the most well-known certification in Ethical Hacking, but it’s not an absolute requirement. At their most basic, certifications are simply a supplement to real-world experience - without this you will only get so far.

This certification will help you break into the Ethical Hacking profession, but you’re not guaranteed a career. You’ll get great skills and a renowned certification, but you’ll still need experience to back it all up.


Q. What prerequisites do I need to take an EC-Council course?

A. This cert sits in the sweet spot between entry level qualifications like CompTIA’s Security+ and advanced certs like the CISSP.

Before attending a CEH training course you should ideally possess at least two years IT experience, a good knowledge of TCP/IP, Windows Server and a basic familiarity with Linux and/or Unix.


Q. Will I be taught by a real hacker?

A. At EC-Council’s accredited training centres you’ll be trained by experienced security professionals. You won’t be taught by a 17-year-old reformed hacker – EC-Council adheres to a strict code of ethics and employs experienced instructors with a clean reputation.


Q. Isn’t it irresponsible to teach people how to hack?

A. The more we know about how the ‘bad guys’ operate, the more secure our systems, data and networks will be. Whilst the knowledge you’ll gain on a CEH course has the potential to be misused, many would argue this far outweighs the benefits of teaching thousands of IT professionals how to better protect their businesses.

To help highlight responsibility, EC-Council requires all of their students to sign an agreement, agreeing to respect the knowledge and not misuse it. You’ll also be required to agree to abide by all legal laws of the land in the use of your new knowledge and skills.


Q. How is the exam structured?

A. To achieve your CEH v8 certification you’ll need to pass exam 315-50 at a Prometric or Pearson VUE test centre. This exam is a 125 question, multiple choice paper covering the 19 CEH domains. To gain your CEH cert, you’ll need to score at least 70%.

Take a look at EC-Council’s site for more information on your CEH exam.


Q. What is the current version of the CEH certification?

A. Released in 2013, CEH v8 is the current version of the certification and introduced new modules in Social engineering and IPv6. CEH v7 retired on October 31st 2013 – you will no longer be able to take this exam.


Q. Do I have to recertify my CEH?

A. As of January 1st 2009, all EC-Council certifications will be valid for three years. However, to maintain your certification you will be required to achieve 120 credits (per certification) during the three years after you certify.

These credits can be gained in the following ways:

  • Attending conferences
  • Writing research papers
  • Reading material on realated subjects
  • Attending webinars

Qualifying activities must have been completed during the three year window after you achieve your certification.

More information on EC-Council’s recertification policy can be found here.


Q. What is EC-Council Aspen?

A. Aspen is a gateway to portals, products and services provided by EC-Council for its registered members.

As a member you’ll be able to place orders on products and courseware, view your certification(s) continuing education scheme and maintain your certs with EC-Council.

Access Aspen here.

Related Articles:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.