Monday, 22 February 2016

5 tips to help you prepare for CEH exam success

 By Sarah Morgan

IT security breaches have regularly made news headlines over the past 12 to 18 months. These hacks can be extremely costly. TalkTalk’s security breach at the end of 2015 for example, is estimated to have cost them £35m, as well as the potential damage to their reputation. Businesses are now making their IT security a top priority to ensure they are protected from hackers. This means the demand for IT security professionals has soared and Ethical Hackers are among the most highly sought after.

The role of Ethical Hacker is one of the most exciting in IT currently with an average salary of £72,500 (according to Ethical Hackers are at the forefront of IT security and the top of their field. They work directly to stop malicious hackers, using many of the same techniques. But crucially, once they’ve spotted a gap in security, they close it to protect the business.

The biggest and most trusted certification for Ethical Hackers is EC-Council’s Certified Ethical hacker certification. As the title suggests, it proves you have the skills of an Ethical Hacker. In order to pass the CEH exam, you’ll need to prove skills in areas like malware threats, session hijacking, SQL infection and cryptography. This shows you can identify gaps in a business’s security and ensure they cannot be exploited.

To help you get your CEH certification and prove you have all the ethical hacking skills required, we’ve compiled 5 of the most useful tips to help you prepare for the tough CEH exam.

1. Get familiar with the exam

It’s important to get familiar with the exam before attempting it. EC-Council’s CEH website can help you do this. It has CEH FAQs, a breakdown of the exam format and duration, plus an extensive background of the CEH certification and regulations. I’d also recommend using the website for reference during your studies, or if you have any queries about the exam. If you still want more information, take a look at our previous post on CEH v9 FAQs.

Due to the sensitivity of the knowledge the CEH is teaching you, probably the most crucial part of the website to take note of is the eligibility criteria. There is a concise summary in the CEH FAQs, but you can find a full explanation of the criteria here. Be aware that if you don’t already meet the training requirements, you’ll have to complete an application form to ensure you’re eligible to sit the CEH exam.

Image courtesy of EC-Council

And as a very basic tip, but a point definitely worth mentioning, make sure you know which version of CEH you’re studying for. EC-Council recently updated the CEH curriculum to version 9. The Version 8 curriculum and exam are however, still around. 

Make sure you know which exam you’re sitting and don't mix up the curriculum you need to study. I’d recommend sitting Version 9 if you can. This has the most up to date content, featuring new attack vectors, a greater focus on cloud computing, mobile and Windows 10 as well as new tools and the latest techniques to use.

2. Use a study guide

EC-Council offer a series of study guides for their CEH exam. These are on five different topics within ethical hacking, which includes “Attack Phases”, “Linux, Macintosh & Mobile Systems”, “Secure Network Infrastructures”, “Threats & Defense Mechanisms” and “Web Applications & Data Servers”. As they’re official from EC-Council, you know you can trust the information. Each book covers its topic thoroughly, giving you plenty of knowledge to tackle it in the exam. 

The aim of splitting EC-Council’s study guides into five is to allow you to take a more in-depth look at each section. From this, you can build your understanding of how a hacker works in each area and how to build countermeasures specific to each area. Take a look at these books here

A concise alternative is the CEHv9: Certified Ethical Hacker Version 9 Study Guide. It follows the digestible, but very informative style that readers found useful in the version 8 study guide, for the new curriculum. Written by IT security expert Sean-Philip Oriyano, it goes into depth on each exam topic, with clear division of each topic making it easy to follow.

Some of its useful components, are the review questions and exam essentials at the end of each chapter. The questions solidify your reading by making you think it through properly, and the exam essentials point out what you’ll need to know for CEH exam success.

You can find it here on AmazonISBN - 978-1119252245

3. Take an official CEH course

Sitting an official CEH course will put you in the best possible position for the exam, following a method proven to help people gain as much knowledge and skills as possible. If you choose an official classroom based CEH course, you’ll benefit from a qualified expert instructor. You’ll have access to the instructor’s expert knowledge when you have questions. Whilst you're also with other students who’ll be in the same situation, asking similar questions and boosting your motivation.

Official courses  give you access to official curriculum,practice materials and an instructor authorised by EC-Council to deliver the training. This means you’ll be studying exactly what EC-Council intends you to, giving you the highest quality teaching and the best possible chance to pass. An official course is also the best way for you to get hands-on and reinforce crucial exam knowledge. You’ll get real-world ethical hacking experience applicable to the role. 

Ethical Hacking requires you to follow a code of conduct, making it impossible to do this in a safe environment in your own time.

4. Test yourself with practice questions

The best way to assess your readiness for the CEH exam is to try a practice test. You’ll get immediate feedback and it’ll help you make the connection between your studies and the end goal of gaining knowledge and skills and passing the exam, relating your knowledge to specially designed questions.

Skillset offer CEH practice tests in 52 different skill areas. From Cryptanalytic Attacks to Computer Viruses to Session Hijacking, this incredible detail means you can study CEH comprehensively. Also, each topic has a series of more advanced levels allowing you to test the depth of your knowledge for each topic area.

There is also a practice test on the EC-Council website. As it comes straight from the creators of the CEH exam you know the questions will be useful and could be a basis from which to build your revision, and assess your readiness for the CEH exam. I wouldn’t use this resource too early in your studies, but as a check to see whether your knowledge is well-rounded enough for the exam.

MeasureUp have an ethical hacker practice lab that allows you to work on your skills in areas like footprintting and reconnaissance, scanning networks, sniffers and device enumeration. Lasting 20 hours, the lab contains plenty of material that will help prepare you for the real-world as well as the exam. You can access this here

5. Get involved in a forum

Using a forum is a great way to connect with many like-minded people who are currently studying for the same certification or who have sat it in the past. You’ll learn from their queries and experiences helping you get ideas for your own studies. However, bear in mind that not everyone is an expert.

TechExams has one of the largest CEH forums, with people that have passed and those who have found barriers and difficulties whilst studying. Here, you’ll be able to find help and information regarding what skill areas you should concentrate on to gain the most from the certification. Not only will this help you pass the exam, it’ll help you focus on the most useful topic areas to help you on the job in the future.

The key to passing any exam is investing time and hard work into your preparation. For your Certified Ethical Hacker exam, and certification as a whole, investing your time and efforts into these five tips will give you the best possible chance of achieving your EC-Council Certified Ethical Hacker certification. Proving your skills as a very capable ethical hacker. 

Best of luck in your studies.

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.