CEH Exam: Complete Guide to the Certified Ethical Hacker Certification Test

What Is the CEH Exam?

The CEH exam — Certified Ethical Hacker — is EC-Council's flagship cybersecurity certification test. It validates your knowledge of hacking techniques, attack methodologies, and defensive countermeasures. The idea is simple: to defend systems, you need to think like an attacker. The CEH exam proves you can.

It's one of the most recognized cybersecurity credentials in the industry. Government agencies, defense contractors, and Fortune 500 security teams list CEH in job postings. It's not entry-level — it's designed for professionals with hands-on security experience who want a vendor-neutral credential that covers the full attack lifecycle.

If you're deciding whether to pursue the CEH or wondering how to prepare — this guide covers everything: format, domains, costs, eligibility, and study strategy.

CEH Exam Format

The CEH exam comes in two versions, and which one you take depends on your preparation path:

• CEH (ANSI) — 312-50v13: The knowledge-based multiple-choice exam. 125 questions, 4 hours.
• CEH Practical: A 6-hour hands-on performance-based exam in an iLabs environment. Separate from the ANSI exam and must be taken after.

Most candidates start with the ANSI exam (312-50v13). The CEH Practical is optional — but completing both earns you the CEH Master designation. For a first-time CEH candidate, focus on the 312-50v13.

CEH Exam Eligibility Requirements

EC-Council requires one of two pathways to sit for the CEH exam:

1. Training pathway: Complete official EC-Council CEH training (in-person, online, or through an accredited partner). After training, you're eligible to schedule the exam immediately.
2. Experience pathway: If you're not taking official training, you need to submit an eligibility application with proof of at least 2 years of work experience in information security and pay a $100 non-refundable application fee. EC-Council reviews and approves applications before allowing you to register.

The experience pathway works — many experienced security professionals go this route. Just don't expect same-day approval; the review process takes time, so apply well before your intended exam date.

CEH Exam Cost

Costs vary significantly depending on your pathway:

• Exam voucher (without training): ~$950 USD through EC-Council
• Official EC-Council training + exam bundle: $2,000-4,000+ depending on delivery format (self-paced, live online, boot camp)
• Third-party training + exam voucher: Many providers like SANS, New Horizons, and Learning Tree offer CEH courses that include an exam voucher — often $1,500-3,000 total

You can also find authorized training through the National Initiative for Cybersecurity Education (NICE) program, which may offer discounts for U.S. government employees and veterans.

CEH Exam Passing Score

The CEH uses a variable passing score system — it changes with each exam administration based on difficulty. Generally, you need approximately 70% (around 87-88/125 questions correct) to pass, but the cutoff can range from 60% to 85% depending on the specific exam version.

This fluctuating threshold surprises some candidates. EC-Council doesn't publish the exact passing score for each administration. The takeaway: don't aim for "just enough to pass." Target 80%+ on practice exams to build a comfortable buffer.

How to Study for the CEH Exam

The CEH covers a broad range of topics — 20 official modules in EC-Council's curriculum. That breadth requires a strategic study approach, not just grinding through a single resource.

Get the Official EC-Council Materials

The official EC-Council courseware is the gold standard for exam alignment. It's expensive if you're buying it separately, but EC-Council's iLabs environment provides hands-on practice that's directly aligned with CEH Practical and reinforces conceptual knowledge for the ANSI exam.

If official materials are out of budget, the CEH Certified Ethical Hacker All-in-One Exam Guide by Matt Walker (McGraw-Hill) is the most widely used third-party book and is well-regarded for covering exam-relevant content without the high price tag.

Hands-On Practice Is Non-Negotiable

You can't pass CEH by reading alone. Set up a lab environment using VMs (Kali Linux, Metasploitable, DVWA) and practice the techniques the exam tests. Running a port scan with Nmap, exploiting a vulnerability in a controlled environment, and analyzing a packet capture with Wireshark — these experiences make exam questions click in ways that books alone won't.

Platforms like TryHackMe and Hack The Box both have CEH-aligned learning paths that provide guided hands-on practice without requiring you to set up your own infrastructure from scratch.

Focus on Tool Knowledge

CEH questions frequently test which tool is appropriate for a given task. Metasploit, Nmap, Wireshark, Nikto, Burp Suite, Aircrack-ng, John the Ripper, Hashcat — know what each does, when you'd use it, and what output to expect. The exam doesn't just test conceptual knowledge; it tests tool-level familiarity.

Domain-Specific Study Priority

Not all domains are equal. The highest question-count domains — system hacking, scanning/enumeration, web server/app hacking, and reconnaissance — should get the most study time. Don't neglect the smaller domains, but front-load your preparation on the high-impact areas.

CEH vs. Other Security Certifications

CEH often gets compared to CompTIA Security+, OSCP, and CISSP. Here's the quick version:

• CEH vs. Security+: Security+ is entry-level and broadly covers security fundamentals. CEH goes deeper into offensive techniques and is better positioned for penetration testing and red team roles.
• CEH vs. OSCP: OSCP (Offensive Security Certified Professional) is harder, more hands-on, and more respected in the penetration testing community. CEH is better for compliance-driven environments (government, DoD, HIPAA-regulated industries) that specifically list it. Both have value — just different audiences.
• CEH vs. CISSP: CISSP is broader, manager/architect level, and covers governance and risk management extensively. CEH is more tactical. Many experienced security professionals hold both.

If your goal is pure penetration testing credibility, OSCP is often the preferred credential. If you're targeting DoD roles, government contracts, or compliance-heavy environments — CEH's DoD Directive 8570 approval makes it practically mandatory. For a full overview of the CEH credential, see the CEH certification overview and CEH career and salary guide.

CEH Exam Renewal

The CEH requires renewal every 3 years. You can renew by:

• Retaking the exam (current version)
• Earning 120 ECE (EC-Council Continuing Education) credits over the 3-year period

ECE credits come from attending security conferences (DEF CON, Black Hat, etc.), completing EC-Council courses, writing security research, holding complementary certifications, and other qualifying activities. Active security professionals typically accumulate credits without much extra effort.

If you let the credential lapse, you'll need to retake the exam from scratch. Don't let it expire — maintaining it is significantly easier than re-earning it.

For practice questions covering the key CEH knowledge areas, check the CEH complete study guide and work through the CEH practice tests to assess your readiness before booking your exam date.