CEH Certification Requirements: Eligibility & Exam Guide

CEH Certification Requirements Overview

The CEH — Certified Ethical Hacker — is an intermediate-level cybersecurity credential issued by EC-Council. It's one of the most recognized certifications in the security industry for professionals who work in penetration testing, vulnerability assessment, and offensive security roles.

Before you can sit for the CEH exam, you need to meet EC-Council's eligibility requirements. Unlike some certifications that only ask for an application fee, the CEH has both educational and experience requirements that screen out candidates who aren't ready for the exam's technical depth. Here's what you need to know before you apply.

CEH Eligibility Requirements

EC-Council offers two pathways to CEH exam eligibility:

Pathway 1: Official EC-Council Training

If you complete the official CEH training through an EC-Council Authorized Training Center (ATC) or through EC-Council iLearn (their online platform), you're eligible to take the exam without any prior work experience requirement. The training itself is your proof of preparation.

Official CEH training typically runs 5 days in an instructor-led format and costs between $1,500–$3,000 depending on the provider. The cost is significant, but it's the fastest path to exam eligibility if you don't already have 2+ years in the field.

Pathway 2: Work Experience + Application

If you're self-studying or using non-EC-Council training materials, you need to submit an application demonstrating:

2 years of information security work experience
$100 non-refundable eligibility application fee
Verification from your employer confirming your role and responsibilities

EC-Council reviews these applications manually. Approval isn't guaranteed — they verify that your experience is genuinely relevant to the CEH domains (penetration testing, network security, vulnerability assessment, etc.). Generic IT support experience doesn't automatically qualify.

If your application is approved, you'll receive an eligibility code that allows you to register for the exam through ECC Exam (EC-Council's testing portal) or through Pearson VUE.

Try Free CEH Practice Test

CEH Exam Format

The CEH exam (312-50) is a 4-hour, 125-question multiple choice exam delivered through ECC Exam or Pearson VUE. The questions test your knowledge of ethical hacking concepts, tools, techniques, and methodologies across 20 domains.

Passing threshold: 70% or above. That translates to roughly 88 correct answers out of 125. The score isn't curved — EC-Council uses a fixed cutoff, not a relative standard.

CEH Exam Domains

The CEH v13 (current version) covers 20 knowledge domains. The most heavily tested areas include:

Footprinting and Reconnaissance

Gathering intelligence about a target before an attack — OSINT, DNS enumeration, WHOIS lookups, Google hacking, social engineering. This is the first phase of any penetration test and gets significant coverage on the exam.

Scanning Networks

Port scanning with Nmap, OS fingerprinting, banner grabbing, vulnerability scanning with tools like Nessus. You need to know both the methodology and the specific tools used in real-world engagements.

Enumeration

Extracting detailed information from a system after initial contact — NetBIOS enumeration, LDAP enumeration, SNMP enumeration, DNS zone transfers.

Vulnerability Analysis

Understanding the vulnerability assessment lifecycle, common vulnerability scoring systems (CVSS), and how to use automated scanning tools to identify exploitable weaknesses.

System Hacking

Password cracking (dictionary attacks, rainbow tables, hash cracking), privilege escalation, maintaining access, clearing tracks. This domain tests knowledge of attack techniques that ethical hackers need to understand to defend against.

Malware Threats

Types of malware — viruses, worms, Trojans, ransomware, rootkits — and how they operate. Analysis techniques and countermeasures.

Social Engineering

Phishing, spear phishing, vishing, pretexting — human-based attack vectors that bypass technical controls. Increasingly relevant as social engineering drives the majority of real-world breaches.

Session Hijacking

Man-in-the-middle attacks, cookie theft, TCP session hijacking, countermeasures. This domain gets heavier coverage than many candidates expect.

Cryptography

Encryption algorithms (AES, RSA, DES), PKI, digital signatures, SSL/TLS, common cryptographic attacks. The exam doesn't go deeply into cryptographic mathematics, but you need solid conceptual understanding.

Web Application Hacking and SQL Injection

OWASP Top 10, SQL injection, XSS, CSRF, command injection — web application vulnerabilities are a significant portion of the exam given their prevalence in real-world attack scenarios.

CEH vs. Other Security Certifications

The CEH gets compared to CompTIA PenTest+ and the OSCP (Offensive Security Certified Professional) frequently. Here's the honest picture:

CEH vs. CompTIA PenTest+: The CEH is more widely recognized globally and has more exam questions. PenTest+ is vendor-neutral and arguably tests more practical skills. Neither is definitively better — employer preference drives which matters more for a specific job.
CEH vs. OSCP: The OSCP is a hands-on, practical exam requiring you to actually compromise machines — it's considered significantly harder and more directly applicable to real penetration testing work. Many security professionals pursue CEH first and OSCP later.
Where CEH wins: Government contracts, compliance-heavy environments (especially with DoD 8570 requirements), and job postings that specifically list CEH as a requirement or preference. It's a globally recognized credential with strong brand recognition.

How to Prepare for the CEH Exam

The CEH is a knowledge-heavy exam with significant breadth. Here's what works:

Study the official CEH courseware: EC-Council's study materials are built to the exam objectives. If you're self-studying (Pathway 2), the official courseware plus the Certified Ethical Hacker All-In-One Exam Guide (Matt Walker) are the standard resources.
Practice with the right tools: Nmap, Metasploit, Wireshark, Burp Suite — the exam expects you to know what these tools do, when to use them, and what their output looks like. Hands-on lab practice makes the tool questions much easier.
Work through practice questions by domain: The 20 domains are uneven in their question weight. Focus more time on the heavier domains — system hacking, web application attacks, network scanning, and cryptography.
Use timed practice exams: 125 questions in 4 hours is about 115 seconds per question — comfortable if you know the material, stressful if you're second-guessing. Timed practice builds the right pace.

What are the requirements to take the CEH exam?

You need either: (1) completion of an EC-Council authorized CEH training program, or (2) 2 years of documented information security work experience plus a $100 eligibility application fee reviewed and approved by EC-Council. The work experience pathway requires employer verification and manual review — generic IT experience doesn't automatically qualify.

How many questions is the CEH exam?

The CEH exam (312-50) has 125 multiple choice questions and a 4-hour time limit. The passing threshold is 70% — approximately 88 correct answers. EC-Council uses a fixed passing standard, not a curved score.

Is the CEH worth it for a cybersecurity career?

It depends on your goals. CEH carries strong brand recognition and is explicitly required or preferred in many government and enterprise security job postings, especially those governed by DoD 8570 compliance. For hands-on penetration testers, the OSCP is generally seen as more technically rigorous. CEH is a solid entry point into security roles — OSCP is better for advancing in offensive security specifically.

How long should I study for the CEH exam?

Candidates with solid networking and security foundations typically need 2–3 months of focused preparation. Those newer to cybersecurity may need 4–6 months. The official CEH training covers all 20 domains in 5 days — intensive, not leisurely. Self-study requires more time to cover the same breadth.

Can I take the CEH without a training course?

Yes, through the work experience pathway. You must have 2 years of information security work experience, submit a $100 non-refundable application, and have your experience verified by EC-Council. If approved, you receive an exam eligibility code. If you don't meet the experience requirement, you need official EC-Council training.

What is the CEH v13?

CEH v13 is the current version of the Certified Ethical Hacker certification as of 2024. EC-Council regularly updates the CEH exam to reflect current threat landscape, tools, and methodologies. V13 introduced expanded coverage of AI-driven attacks and defenses, cloud security, and IoT security alongside the traditional ethical hacking domains.

Does the CEH expire?

Yes. The CEH credential requires renewal every 3 years. To renew, you must earn 120 EC-Council Continuing Education (ECE) credits over the 3-year period and pay an annual maintenance fee of $80. If you don't renew, your certification lapses and you'd need to re-take the exam to restore it.

Starting Your CEH Preparation

The CEH certification is a meaningful investment — in time, money, and effort. Before you sit the exam, you should be comfortable across all 20 domains, especially the ones that carry the most questions. That means exposure to real security tools and techniques, not just reading about them.

Our CEH practice tests cover the core domains tested on the 312-50 exam: footprinting, scanning networks, system hacking, session hijacking, cryptography, and more. Use them to identify where you're strong and where you need more work — then direct your remaining study time accordingly.

Don't underestimate the breadth of the CEH. Twenty domains over 125 questions means you can't afford to ignore any section. The candidates who pass are the ones who've covered everything at least once, drilled their weak areas repeatedly, and gone into the exam having done enough practice tests that the question style feels familiar, not foreign.