The Certified Ethical Hacker (CEH) Practical exam is a hands-on penetration test, unlike its multiple-choice counterpart, the CEH ANSI. In this article, youβll learn the difference between the two, and weβll help you decide which is right for you.
The CEH Practical exam, designed by the EC Council, was created to test your knowledge of various ethical hacking domains and techniques. This rigorous hands-on exam uses virtual machines and applications to test your ability to find solutions to simulated hacking challenges.
Obtaining it is enough to score you a first interview. But before taking this six-hour exam, letβs first learn more about it and better understand how recognized and respected it is in the market.
If youβre ready, letβs start.
Understanding the CEH Practical Exam
The Certified Ethical Hacker Practical lasts six hours (including a 15-minute break) and tests you on your ability to solve 20 real-life obstacles. Youβll need a minimum score of 70% to pass this exam, equivalent to accurately finding solutions for 14 of the 20 challenges.
According to the EC-Council, this isnβt a simulated exam. Instead, it mimics a real corporate network through live virtual machines, networks, and applications designed to test your skills.
While this may scare some aspiring test takers, this exam is βopen book,β meaning you can look up resources on the Internet and refer to your notes.
Skills CEH may test you on include:
- Understanding attack vectors
- OS, network, and system enumeration
- System hacking, steganography, steganalysis, and the ability to cover oneβs tracks
- Packet sniffing
- How to identify and use viruses, worms, and malware
- SQL injection attacks
- Cryptography attacks
- Vulnerability analysis to identify holes in security
- Network scanning
- OWASP
CEH Practical costs $550. If passed, the certification is valid for three years. However, you must acquire 120 EC-Council Continuing Education (ECE) credits to maintain its validity.
These credits can be acquired by attending IT seminars, reading IT security books, publishing papers, attending courses, and through a number of other means.
Should you fail the first exam, you can purchase a retake test voucher at a discounted price.
Comparing CEH Practical and CEH ANSI
When researching CEH or Certified Ethical Hacker, you may be surprised to find two results: CEH Practical and CEH ANSI. Both are designed by the EC-Council and test your ethical pentesting abilities. If you pass both, you obtain your CEH Master credential.
Letβs break down the key differences.
As you can see, CEH Practical is much more accessible than its multiple-choice counterpart, CEH ANSI. Itβs both cheaper and doesnβt require prerequisites.
It should be noted that the prerequisites needed to take CEH ANSI vs Practical are substantial. Youβll need at least two years of professional experience in information security, and if you donβt have that, youβll have to enroll in an intensive training course.
There are three courses to choose from:
The courses mentioned above include a course voucher. You may also enroll in EC-Councilβs eCourseware course for $850, a self-paced program that doesnβt include an exam voucher.
Benefits and Drawbacks of the CEH Practical Exam
Certified Ethical Hacker (CEH) Practical has benefits and drawbacks. To better understand each pro and con, weβll compare it to two other comparable ethical hacking certifications: CEH ANSI and OSCP.
CEH Practical Benefits
- The most glaring benefit is the one to your pocket. CEH Practical costs $550, whereas CEH ANSI may cost you thousands if youβre required to take a training course. OSCP will run you at least $1649 USD, which includes the exam voucher and training course.
- Another benefit of CEH Practical is that it doesnβt require any prerequisites. CEH ANSI requires two years of experience in digital security or asks test takers to enroll in an intensive course. Official courses are available for the Practical exam, but you can opt for cheaper options to learn the material.
- Itβs also an easier exam than OSCP. This 24-hour exam is infamous for its difficulty despite marketing itself as an entry-level pentesting certification. Rather than individual challenges, the OSCP requires exploiting both standalone machines and an Active Directory network with full privilege escalation and a thorough report.
- CEH is also in higher demand than OSCP. When searching for jobs, youβll find that more employers ask applicants to have CEH than OSCP, but weβll discuss this further in the coming sections. To be clear, employers donβt appear to differentiate between CEH Practical and CEH ANSI.
- Lastly, CEH Practical is an approved baseline certification for DoD 8570. CEH ANSI is, too, but OSCP isnβt.
Drawbacks
- The CEH Practical exam is harder than ANSI, as itβs hands-on. Remember that the latter is purely multiple-choice.
- Another drawback is that while having CEH Practical on your resume will help you get your foot in the door, those in the know value OSCP more. That means that when it comes to the interview, those with real-life red and blue team skills will be much more impressed by OSCP than CEH Practical.
In other words, the CEH will attract the attention of the non-technical hiring manager, but the cyber security manager whoβll ultimately hire you will be much more impressed by OSCP.
CEH Practical Market Recognition
As a standalone exam, Certified Ethical Hacker Practical isnβt well known. That said, hiring teamsβespecially those that arenβt techiesβdonβt seem to care if you have CEH Practical or ANSI. All they care about is that you have CEH on your resume.
If you query CEH on Indeed, youβll find over 1,000 jobs requiring this certification.
When looking at the preferred certifications portion of the job post, youβll often see CEH without the Practical or ANSI exam being specified.
Most employers donβt care which one you have, so long as you have one. In all likelihood, they donβt even know thereβs more than one CEH designation.
When we queried OSCP, over 500 jobs popped up.
This shows that HR teams prefer applicants to have CEH. However, later in the interview process, employers prefer applicants with an OSCP certification. In other words, CEH gets your foot in the door, while OSCP gets you the job.
CEH Practical Exam Questions and Preparation
Certified Ethical Hacker (CEH) Practical requires you to complete 20 ethical hacking challenges. These challenges are designed to test you on various red team skills.
Some of the penetration testing skills youβll want to know before taking the test include:
- User enumeration
- Steganography, steganalysis attacks, and how to cover your digital tracks
- Identifying viruses, computer worms, and malware
- Packet sniffing, ideally Wireshark or Tcpdump
- SQL injection attacks
- Cryptography attacks
- Vulnerability analysis
- Nmap
- Hydra
- Metasploit
- Burpsuite
- Nikto or Nessus
- Dirbuster/gobuster
- Aircrack-ng
- Wpscan
- Hashcat
- Steghide
- IDA
- Vercrypt
Of course, this isnβt an exhaustive list. Also, not all of these tools will be needed to complete the 20 challenges, and you can learn them in many ways.
One is to take a course provided by the EC-Council. CEH ANSI official training courses cover the tools youβll use on the practical exam. The issue is that these courses range from $850 to $3,499.
EC-Council also offers Labs CEH, a $199 lab-access course with virtual machines for hands-on practice.
Of course, you can use any resources you wish to prepare for this exam.
The StationX Master's Program grants access to over 30,000 courses and labs covering everything from basic networking to advanced ethical hacking. If youβre considering pursuing the CEH Practical, some of the courses below would be of interest to you.
CEH Practical Training
Conclusion
Now that you know what Certified Ethical Hacker Practical is all about and what youβll be tested on, is the exam worth it?
It depends.
If youβre determined to become a penetration tester, the OSCP is your best option. It focuses entirely on offensive security and is more valued by pentesting managers, who ultimately decide whether to hire you.
You see so many CEH requirements on job posts because theyβre applied to blue and red team positions, though that is primarily for the ANSI certification.
If you want to become a CEH, which one should you take, the Practical or ANSI?
While CEH Practical might be more challenging, itβs far more affordable than ANSI. Studying for a hands-on exam such as CEH Practical will better equip you with the pentesting skills youβll need while on the job than a multiple-choice exam such as CEH ANSI.
If your ultimate goal is to learn penetration testing skills, you may want to do the extra work of obtaining CEH Practical. If you donβt care which CEH you get because youβll ultimately obtain OSCP, and money isnβt an obstacle, you may consider taking CEH ANSI as itβs the easiest of the two exams.
To start studying for your next certification, we recommend joining StationXβs Accelerator Program. Joining grants you access to over 1,000 labs and courses, mentors, study groups, and a supportive community.
Frequently Asked Questions
Guarantee Your Cyber Security Career with the StationX Masterβs Program!
Get real work experience and a job guarantee in the StationX Masterβs Program. Dive into tailored training, mentorship, and community support that accelerates your career.
- Job Guarantee & Real Work Experience: Launch your cybersecurity career with guaranteed placement and hands-on experience within our Masterβs Program.
- 30,000+ Courses and Labs: Hands-on, comprehensive training covering all the skills you need to excel in any role in the field.
- Pass Certification Exams: Resources and exam simulations that help you succeed with confidence.
- Mentorship and Career Coaching: Personalized advice, resume help, and interview coaching to boost your career.
- Community Access: Engage with a thriving community of peers and professionals for ongoing support.
- Advanced Training for Real-World Skills: Courses and simulations designed for real job scenarios.
- Exclusive Events and Networking: Join events and exclusive networking opportunities to expand your connections.
TAKE THE NEXT STEP IN YOUR CAREER TODAY!
