How to Study and Pass CEH Exam in 2023
I recently attempted and successfully passed the CEH exam, and now I’m eager to share my insights from the experience. I’ll be sharing some effective strategies for exam preparation, as well as tips and tricks to help you retain last-minute details for your upcoming exams.
Long Term Preparation
Now, If you have approximately 3-6 months to prepare, my recommendation is to begin by thoroughly reading through the book at least once. As you go along, make concise notes on topics that you find challenging. I recommend using cherry tree or a similar note taking application.
Pay attention to areas such as Attacks, the Common tools used, Technical Terminology, Port numbers, Common vulnerabilities, Malware names, Encryption/Hash methods and their Key/Block Size. 80-90% of the exam is just identifying them. In the exam, you might encounter big paragraphs detailing a specific attack or method. You have to either identify the attack/method or identify the tools utilized in the scenario. There could be straightforward question too, on port numbers and attacks.
As you approach the final week of your preparation, review all the notes you’ve taken. Practice some Test papers ( This proved to be really helpful for me to concentrate 2–3 Hours straight). Make sure you can identify the key points I have mentioned earlier using relevant keywords. Focus on encryption and hash methods, port numbers on the last day of your examination.
Short Term Preparation
While it can be challenging, having a solid foundation in cybersecurity terminology and techniques can be helpful. I read this Online Notes and it was wonderful. It could be used for short term preparation. Once again, revise the above mentioned points.
Modules 1 to 5 : You can expect around 30 to 35 questions. A significant portion, roughly 25 to 28 questions revolves around the Reconnaissance phase. Ethical Hacking Overview (Which could be any topic from 1–5) has around 5 to 8 questions. Most of questions are tools and techniques based. They could be very very tricky though. Learn the Laws and standards in Module 1.
Module 6 : You could expect around 20 questions from System Hacking. This also consists of tools and techniques based questions. Learn the attack methodology clearly.
Module 7 : Generally around 5 to 7 questions can be expected. It’s important to familiarize yourself with the names of various bugs and Malware.
Modules 8 to 12 : Relatively smaller lessons, you can expect 15 to 18 Questions from here. Techniques are very important.
Modules 13 to 15 : Focus on web-based topics, a significant chunk of questions, roughly 18 comes from Web Server and Web Application Hacking. You can expect 2 to 3 questions regarding SQL Injection ( foundational understanding of SQL Injection is enough).
Module 16 : You could expect 6–8 questions from Wireless Hacking. This section covers the wireless attacks, wireless encryption standards and their associated algorithms.
Module 17–18 : Approximately 9 to 10 questions in the exam. I encountered about 3 questions related to IoT, 2 questions about OT, and roughly 5 questions regarding Mobile Hacking.
Module 19 : You should expect around 7-8 questions in Cloud Hacking. Relatively straightforward conceptual questions and basic Attacks.
Module 20 : Cryptography contributes around 7 to 8 questions to the exam. Among these, approximately 5 questions might revolve around encryption methods, hashes, their corresponding keys, block sizes, and their applications. 2 to 3 questions from attack methodologies.
Take the time to thoroughly prepare these topics, with a special emphasis on the critical areas highlighted. Time managment in exam is also important. Do not rely on Exam Dumps. I hope this information proves valuable to you. If you have any queries or concerns, feel free to leave a comment.
Thank you, and don’t forget to explore my other blog posts as well! Best of luck in your exam preparation.