How hard is the CEH exam?

The CEH exam is challenging but passable for well-prepared candidates. It consists of 125 multiple-choice questions to be answered in four hours. The questions test conceptual knowledge of tools, attack techniques, and security concepts rather than hands-on technical execution. The primary difficulty is the breadth of material — the exam covers 20 domains including network security, web application hacking, cryptography, and more. Most successful candidates report studying 60-80 hours total over 8-12 weeks. The biggest trap is memorizing tool outputs and command syntax without understanding the underlying concepts — the exam tests understanding, not memorization.

Do I need a college degree to take the CEH exam?

EC-Council has two paths to eligibility. The training path requires completing an official EC-Council CEH course (instructor-led or self-paced), after which you automatically become eligible to take the exam. The experience path requires two years of information security work experience verified by your employer. A college degree is not required for either path. The training path is the most accessible option for beginners — once you complete an official or accredited CEH course, you can register for the exam regardless of your educational background.

What is the CEH pass rate?

EC-Council does not publish official pass rate statistics, but industry surveys and forum discussions suggest the first-attempt pass rate is approximately 60-70% for candidates who complete official training. Candidates who self-study without structured preparation tend to have lower pass rates. The key differentiator is familiarity with EC-Council's specific terminology and tool ecosystem — some tools are referenced in the exam using EC-Council naming conventions that differ from how the security community typically refers to them. Study from official materials alongside practice exams to calibrate your terminology.

Is CEH worth it compared to OSCP?

CEH and OSCP test fundamentally different things. CEH is a knowledge-based multiple-choice exam that validates conceptual understanding of hacking techniques and tools. OSCP is a 24-hour hands-on practical exam where you must actually compromise machines to pass. OSCP is more technically rigorous and more respected in the offensive security community. CEH is more widely recognized by HR departments and compliance frameworks, particularly in government and enterprise contexts. For early career professionals, CEH is a good entry point. For serious penetration testers, OSCP is the more meaningful credential. Many professionals pursue both.

How much does the CEH exam cost?

The CEH exam voucher costs $950 through EC-Council directly. Official training courses add $500-2,000 depending on whether you choose self-paced online, instructor-led virtual, or in-person training. Total cost for official training plus exam typically runs $1,500-3,000. There are discounts available for EC-Council members, students, and military personnel. Third-party training providers like Udemy and Cybrary offer CEH prep courses for $15-100 that many candidates use alongside or instead of official training, though note that EC-Council requires official training or verified experience for exam eligibility.

How I Got My First CEH Certification Without Any IT Experience

Eighteen months ago, I was a marketing analyst who had zero professional IT experience. I understood basic computer usage, knew a little HTML from tinkering with websites years ago, and had developed an obsession with cybersecurity through YouTube rabbit holes that started with a documentary about Kevin Mitnick.

Today I hold a CEH (Certified Ethical Hacker) certification and recently started a junior security analyst role. The path was not easy, and I made expensive mistakes along the way that I am going to help you avoid.

This is not an aspirational story about talent or special advantages. I passed the CEH after 12 weeks of structured study, no prior IT job experience, and by following a methodical plan that I am going to lay out for you in this guide.

The most important thing I learned: the CEH is absolutely passable for a motivated beginner, but only if you understand what the exam actually tests and study accordingly. I see many people fail not because they are not smart enough, but because they studied the wrong things or in the wrong order.

What the CEH Certification Actually Tests

Before diving into study strategy, understand what you are preparing for. The CEH (EC-Council Certified Ethical Hacker) is a 125-question multiple-choice exam with a four-hour time limit. The current version is CEH v13, which EC-Council updated in 2024.

The exam is conceptual and knowledge-based, not hands-on. You will not be exploiting machines during the exam (that is OSCP territory). You will be answering questions about how attacks work, which tools perform specific functions, what commands produce what outputs, and how defenders should respond.

This means your study strategy should prioritize breadth of conceptual understanding over depth of hands-on skill in any one area. You need to know what Nikto does, what a SQL injection looks like, and what the phases of ethical hacking are — at a conceptual level that a multiple-choice question can probe.

CEH Exam Domain Breakdown

The exam covers 20 knowledge domains. Knowing the weighting helps you prioritize study time:

Domain	Approximate Weight	Difficulty for Beginners
Introduction to Ethical Hacking	6%	Low
Footprinting and Reconnaissance	6%	Low
Scanning Networks	6%	Medium
Enumeration	6%	Medium
Vulnerability Analysis	5%	Medium
System Hacking	5%	High
Malware Threats	5%	Medium
Sniffing	5%	Medium
Social Engineering	4%	Low
Denial-of-Service	4%	Medium
Session Hijacking	4%	High
Evading IDS, Firewalls, Honeypots	4%	High
Hacking Web Servers	5%	Medium
Hacking Web Applications	5%	High
SQL Injection	5%	High
Hacking Wireless Networks	4%	Medium
Hacking Mobile Platforms	4%	Medium
IoT and OT Hacking	5%	Medium
Cloud Computing	5%	Medium
Cryptography	6%	Medium

My study recommendation: allocate proportional time to domain weight, but add extra time to domains you find difficult. I spent extra time on System Hacking, Web Applications, and SQL Injection — the hands-on domains that I found harder to understand conceptually without practical experience.

The 12-Week CEH Study Plan

This is the exact study schedule I followed. It assumes approximately 1-1.5 hours of daily study (roughly 7-10 hours per week, 80-100 hours total).

12-Week CEH Study Schedule

Week	Topics	Activities	Resources
Week 1	Ethical hacking intro, footprinting	Read CEH v13 Study Guide Ch 1-2, watch intro videos	Matt Walker CEH Study Guide, YouTube
Week 2	Scanning, enumeration	Lab: Nmap on Metasploitable, practice enumeration techniques	TryHackMe Nmap room, Study Guide Ch 3-4
Week 3	Vulnerability analysis, system hacking	Metasploit basics on Metasploitable VM, CVE research	Study Guide Ch 5-6, Professor Heath Adams
Week 4	Malware, sniffing	Wireshark capture analysis, malware type identification	Wireshark labs, Study Guide Ch 7-8
Week 5	Social engineering, DoS	Study attack types, scenario-based practice questions	Study Guide Ch 9-10
Week 6	Session hijacking, IDS/Firewall evasion	Review concepts, watch walkthrough videos	Study Guide Ch 11-12, HackerSploit
Week 7	Web server hacking, web app attacks	DVWA labs (SQL injection, XSS), Burp Suite intro	OWASP Top 10, Study Guide Ch 13-14
Week 8	SQL injection deep dive, wireless	SQLMap practice on DVWA, WPA/WPA2 concepts	Study Guide Ch 15-16
Week 9	Mobile, IoT/OT hacking	Concept review, scenario questions	Study Guide Ch 17-18
Week 10	Cloud security, cryptography	AWS/Azure security concepts, encryption types, PKI	Study Guide Ch 19-20
Week 11	Full review pass	Re-read weaker domains, flashcard review	Anki decks, EC-Council official material
Week 12	Practice exams	3 full practice exams (125 questions each), review wrong answers	Boson CEH Practice Exams, ExamCompass

The Most Important Week: Week 12

I cannot overstate how critical practice exams are in the final week. After 11 weeks of studying, I thought I was ready. My first practice exam score was 68% — below the typical passing threshold of 70%. The gap was almost entirely terminology: EC-Council uses specific terminology for tools and techniques that does not always match how the broader security community refers to the same things.

Three full practice exams in the final week, with careful review of every wrong answer and why it was wrong, brought my practice scores to 82-88%. I passed the actual exam with a 76% — lower than practice but comfortably passing.

The Study Resources That Actually Helped

After spending significant money on resources, here is my honest ranking:

Essential:

Matt Walker's CEH v13 All-in-One Study Guide — the most comprehensive single resource, well-organized by domain, and worth every dollar. If you buy one book, buy this one.
Boson CEH Practice Exams — expensive ($99) but the most accurate simulation of the actual exam. The explanations for wrong answers are excellent. I credit this tool with half my preparation success.
TryHackMe — free tier has enough content to build hands-on understanding of the concepts tested on the exam. Complete the "Jr Penetration Tester" path.

Helpful but not essential:

Professor Heath Adams (The Cyber Mentor) on YouTube — excellent free video content covering many CEH topics
HackerSploit on YouTube — good walkthroughs of tools referenced in the exam
Udemy CEH prep courses (look for those with recent reviews from CEH v12/v13 candidates)

I would skip:

The official EC-Council courseware (overpriced, verbose, and not well-calibrated to the exam)
Generic "CEH dumps" sites — memorizing answers without understanding concepts is both ethically problematic and ineffective since EC-Council rotates questions

Building Your Lab Environment for Hands-On Practice

Even though the CEH is a multiple-choice exam, hands-on practice dramatically improves your understanding of how attacks and tools work. This makes the conceptual knowledge stick in ways that reading alone cannot.

Minimum lab setup:

VirtualBox (free) on your host machine
Kali Linux VM (free, download from kali.org)
Metasploitable 2 VM (deliberately vulnerable, free from SourceForge)
DVWA on a local web server or via Docker

With this setup, you can legally practice:

Nmap scanning and enumeration against Metasploitable
Metasploit exploitation of Metasploitable vulnerabilities
SQL injection and XSS attacks against DVWA
Wireshark capture of your own lab traffic

Spend at least one session per week in the lab. Understanding what a Nmap output actually looks like, or experiencing a successful SQL injection, makes the exam questions about these techniques much more intuitive.

If you want to go deeper on hands-on testing methodology, check out our penetration testing beginners guide which covers the full pentest process in detail.

Exam Day Strategy

I took my exam at a Pearson VUE testing center, which I recommend over online proctoring for your first high-stakes exam — fewer technical variables.

The question approach I used:

For every question, I eliminated answers I was confident were wrong first. CEH questions often include one or two clearly incorrect options, reducing a four-choice question to a two-choice decision. This significantly improves your odds on questions where you are uncertain.

Flag and move: If a question stumped me completely, I flagged it and moved on immediately. Do not let one hard question consume ten minutes that you need elsewhere. I had about 20 flagged questions and reviewed them all in the last 45 minutes.

Trust your first instinct: On multiple reviews of flagged questions, I changed answers on about 10 questions. My win rate on changed answers was roughly 50% — not better than my initial instinct. Unless you have a clear logical reason to change an answer, your first impression is often correct.

Time management: 125 questions, 4 hours = approximately 1.9 minutes per question. You have time. Do not rush. I finished my initial pass with 90 minutes remaining.

What Comes After CEH

The CEH opened doors that were previously closed to me professionally. The certification signals to HR teams and hiring managers that you have validated foundational security knowledge, even without a long professional track record.

My personal next steps after CEH:

OSCP (Offensive Security Certified Professional) — the most respected hands-on penetration testing certification. Significantly harder than CEH but the gold standard for offensive security roles.
CompTIA CySA+ — if you prefer the defensive side, this is a strong next certification covering threat analysis and incident response.
Bug bounty programs — applied practice on real systems with real money as the reward. HackerOne and Bugcrowd are the main platforms.

For foundational security context as you continue learning, revisit our cybersecurity beginners guide and explore our cybersecurity threats 2025 overview.

The broader cybersecurity community has excellent resources for continued learning. EC-Council's official blog posts regular updates on certification changes and exam preparation tips.