The Certified Ethical Hacker or CEH credential comes from EC-Council, aka the International Council of E-Commerce Consultants. This organization sponsors a variety of IT security related certifications, amidst which portfolio the CEH provides a strong foundation in white hat or ethical hacking.
The certification requires you to look at security from a hacker's perspective but from a preventative or protective perspective (good guys wear the white hats, after all) rather than from a malicious or criminal perspective (and yes, the bad guys still wear black hats).
What is CEH?
CEH is an intermediate-level credential that teaches IT professionals how to approach system and network security from the standpoint of understanding the means and methods that hackers use to perform reconnaissance on such systems, and then to attack them outright. It not only teaches how to recognize and perform such attacks but also how to defend and protect against them. Candidates must pass a $950 exam to earn the CEH, and a five-day official curriculum course is available to help candidates prepare for those interested in classroom or online training.
The current CEH exam, ID 312-50, features 125 multiple choice questions that you have 4 hours to answer. The exam may be taken through EC-Council (in-person or web-based) or at a Pearson VUE testing center.
CEH on a budget
You can skip CEH training, but you'll need to prove at least two years of information security experience and pay a $100 self-study application fee. Course takers get this fee waived as part of their training costs, which range from $2,895 for the five-day ILT classroom version, to $1,899 for the iLearn Self-Paced version, to $850 for a courseware self-study bundle (but this option requires paying the $100 fee). That means the lowest cost budget for the CEH is probably just under $1,250, broken down as follows:
- Exam cost: $950
- Self-study application fee: $100
- CEH study guide (third party): $50
- Transcender Exam Prep (practice tests): $139
- TOTAL: $1,239
Do you get what you pay for?
Based on testimonials and word of mouth from former students, official CEH training does indeed prepare you for the CEH certification exam. Of course, that all depends on how well you can grasp and retain the material and all its nitty-gritty details.
You can find a lot of free CEH certification prep materials on the internet, but there's no guarantee that what purports to prepare you for the current CEH exam (which is CEH v9) is either relevant, current or even technically correct. If you do resort to free cert prep drills and other materials, treat them as supplementary -- don't rely on any them by themselves to get you ready for the CEH exam. They can be helpful and perhaps even valuable, but they are no substitute for a good commercial study guide, Exam Cram, or practice tests from a reputable vendor.
Exceptions that prove the rule
There are numerous items you can download or read from the EC-Council website that cost nothing but that still present valid, trustworthy, informative and valuable information. Here's an expanded list of what's on offer:
- CEH Candidate Handbook: A PDF document that lays out the coverage, content and key topics for the CEH exam
- CEH Exam Blueprint: Details for all topics involved in the CEH exam, divided into sections, with exam weighting and number of questions indicated for each section
- CEH Program Brochure: Another look at CEH exam domains and topics, as well as a course outline
- CEH Assessment: A free self-assessment to help candidates assess exam readiness, and to identify areas in need of further study, practice and improvement (can be taken multiple times)
The EC-Council also provides whitepapers that can fill in some CEH knowledge gaps and broaden your understanding of security in general. Currently available whitepapers are 5 Phases Every Hacker Must Follow and 10 Deadly Sins of Cyber Security.
Best free CEH v9 prep/practice materials
PocketPrep CEH v9 Exam Prep mobile app (Android and iOS versions available) provides current exam prep info and drills. Users can choose which exam content areas they want to work on as well as the number of questions (from a pool of 600).
GoCertify CEH Practice Quizzes 1-9 is a series of nine, free 10-question practice tests that provide useful and interesting insight into potential exam questions, and they're based on author/developer analysis of exam objectives.
Avoid dubious sources
A quick Google Search reveals millions of results for free prep materials for CEH, so it's safe to say there's no shortage of options. Alas, many of them apply to earlier versions of the CEH exam (primarily v8) or come from dubious sources.
I strongly urge candidates to stay away from anything with a "dump" in its name or description somewhere (brain dump, exam dump, question dump, …). Many of these materials purport to represent purported "actual" content from the CEH exam more or less verbatim, to the best of the recollection of those who provide such material. Accessing brain dumps is expressly forbidden per the CEH code of ethics (and for every certification exam I know of).
Sure, you can use them, but if you get caught you can never earn the certification you're attempting, and you will probably also forfeit the right to any other certifications from the same sponsor. My advice is it's not worth it; don't do it.