CEH 2016 Test Review

What is CEH?
Administered by EC-Council, CEH stands for Certified Ethical Hacker, is a professional certification about information security of computer systems with penetration testing skills.

Is this necessary?
Compared to CISSP(Certified Information Systems Security Professional), CEH is more focused on ethical hacking techniques more practical and technical. CEH is asking how to do ethical hacking(techniques) specifically sniffing, scanning or DDoS and CISSP is asking how to secure company’s asset with BCP(Business Continuity Plan)/DRP(Disaster Recovery Plan). I assume CEH is for 2 or 3 years security engineers and CISSP is for 5 or 6 years senior level (CISO) or security manager.

I recommend this cert if you worked in this field more than 1 or 2 years and want to learn more about ethical hacking. Still no certs will get you a job, but your experience and knowledge will.

How did I study
I took a 35 hours CEH class, 9:30am to 5:30pm. I had short experience as a penetration tester. Also, I have a degree on Information Security& Assurance, which helped me to understand some terminology and concept of cyber security.  I notice some of contents are pretty similar with CISSP(since I studied/ passed it last winter ), so if anyone just passed CISSP , it would be helpful to study CEH next. Personally, CISSP seems have more broad contents including copyright ,patent ,operating/physical security etc.

1. 16th May ~ 20th May , CEH 35 hrs class (1 week)
Unfortunately, I had to pay full cost (extra cost) because I didn’t have 2 years experience at that time.

2. 21th May ~ 22th July (2 months) 
For study materials, I only used “Ethical Hacking and countermeasures v9” which is an EC-Council official book. I read the book three times and remember important concept liks nmap, wireshark command, scanning techniques , Asymmetric & Symmetric cipher features etc. I summarized each chapters and studied.

After then, I used “Skillset (Pro membership)”, solved 5800 questions and made 102 readiness. Skillset is really helpful to prepare the test. One month before the exam date, I took “simulated exam” on Skillset ,everyday around 10am, so i can simulate upcoming exam. Reviewing what you missed or didn’t know from the questions is really important. I got 56 score at first simulated exam, but later I went up to 84.

CEH Exam Information 

  • Length of exam : 4hrs
  • Question format : Multiple choice (125 questions)
  • Passing grade :70% 

(for more details : EC-Council)

Exam date : July 22th, 2016, 10AM
I finished test in 2 hrs and 20 min and I clicked “end exam” and there’s “passed” sign on the final page, but no score details. After 2 or 3 days from test date, there’s new email from EC-council about the certificate. and I can find the details about score over there.


CISSP 2015 Test Review

What is CISSP?
Administered by (ISC)2, CISSP,stands for Certified Information Systems Security Professional, is an advanced-level certification about IT security with different categories like Security and Risk Management, Asset Security, Security Engineering, Communications and Network Security.. etc. 8 domains

Is this necessary?
If you are already in information security, you may heard of this cert once or twice before(since it’s a pretty well-known certification), but be aware lots of IT certs can get you an “interview opportunity” or “love call” from HR/headhunters but not an actual job. You still need an experience and knowledge to prove your skill.
like this certification requires ‘a minimum of 5 years of full time work experience in 8 domains of CISSP’. If you don’t have enough experience you will be a CISSP associate till you have 5 years experience.

How did I study
I took a 60 hours CISSP class, 7:30pm to 10:30pm after work. I had short experience as a penetration tester and CC(common criteria) assistant for IPS and F/W products. Also, I have a degree on Information Security& Assurance, which helped me to understand some terminology and concept of cyber security.

1. 5th Aug ~ 14th Oct , CISSP 60 hrs class 
It was pretty tired to study after work but I tried to review what I learned that day.

2. 15th Oct ~ November (about one month)
Reading a book three times.
[First] google or read other books to understand some difficult terms or confusing subjects in the book. make a short summary for each domain.
[Second] Memorize important term and concept like OSI 7 layers, features about security models, Access control(MAC/DAC) features, Network attack types..etc
[Third] You can see there’s intersection contents between two or three other domains,(getting a big picture)

3. November ~ December (about one month)
There’s one or two question about newest security technology or hacking skills in CISSP test, so checking out latest security news is helpful to get these question. As a last step, I studied with CISSP practice questions.

CISSP Exam Information 

  • Length of exam : 6hrs
  • Question format : Multiple choice (250 questions)
  • Passing grade :70% (700 out of 1000 points)
  • Test center : Pearson Vue Testing Center

(for more details : isc2 website)

Exam date : December 2nd, 2015, 9AM
I brought my ID and credit card and also simple snack like banana and chocolate just in case i got hungry during 6 hours exam. Since it was 6 hours(360 min) exam, i divided into 3 term like, [120min/ 120min/ 120min]. I took 10 min break after reviewing 250 question as a first time, and reviewed it twice. I finished the exam before 30 min, and waited to get a result.

It was quite interesting to get a result for the exam as soon as i finish the exam.. but excited that I passed.