AssociateEC-CouncilMultiple-choice (+ optional practical)~150 prep hrs$1,199 exam

CEH — Certified Ethical Hacker

CEH is the most widely recognised entry-level offensive cert by HR filters and government contracts. It is on the US DoD 8570.01-M / 8140 baseline for IAT Level II, IAT Level III, CSSP-Analyst and CSSP-Infrastructure-Support roles, which means many federal, defence and contractor postings explicitly require it. CEH is breadth-over-depth — the value is signalling familiarity across the attack lifecycle, not proving deep exploitation skill.

Operator difficulty2/5

Breadth-over-depth multiple-choice exam. The challenge is the volume of terminology and tool names across the full attack lifecycle, not deep exploitation.

Fast facts

Cost, hours and exam shape.

Vendor: EC-Council
Level: Associate
Exam style: Multiple-choice (+ optional practical)
Prep hours (median): ~150 hours
Exam cost (USD): $1,199
Difficulty: 2/5

Who it's for

Pursue this if…

Your target role is SOC analyst, vulnerability analyst, or a government/BFSI post that names CEH explicitly.
You need a credential that clears HR and procurement filters more than one that proves deep skill.
You want a structured map of the whole attack lifecycle before specialising.
You are pursuing DoD 8570/8140 IAT II/III or CSSP roles that list CEH on the baseline.

Exam format

What you actually sit.

CEH (Knowledge): 125 multiple-choice questions, 4 hours, cut-score adjusted per form (typically 65–85%). CEH (Practical): optional 6-hour, 20-challenge hands-on lab against the iLabs cyber range. 'CEH Master' designation requires passing both.

Prerequisites

Where you should be before you book.

→Two years of IT-security work experience, OR completion of EC-Council's official iLearn/iWeek course
→Working knowledge of TCP/IP, common ports and core OS internals
→Basic Linux command-line familiarity

Syllabus

What is on the exam.

01Footprinting, reconnaissance and OSINT

02Network scanning, enumeration and vulnerability analysis

03System hacking: password cracking, privilege escalation, persistence

04Malware threats: trojans, worms, fileless malware, APT lifecycle

05Sniffing, social engineering, denial of service

06Web server, web application and SQL injection attacks

07Wireless, mobile, IoT and OT hacking primers

08Cloud computing attacks (AWS / Azure / GCP basics)

09Cryptography concepts and attack categories

Prep roadmap

A study plan you can actually follow.

Confirm your eligibility path
Either document two years of security work experience or budget for EC-Council's official iLearn/iWeek course to unlock the exam.
Map the 20 modules
CEH is wide. Build flashcards for the tool-to-technique mappings (footprinting through cloud and crypto) — the exam tests recognition of names and categories.
Drill a large question bank
Work 1,500+ practice questions (Boson, official MCQ banks) until you can pattern-match question style. The cut score is form-adjusted, so over-prepare.
Add the iLabs practical (optional)
If you want 'CEH Master', book the 6-hour, 20-challenge practical against the iLabs range. Practise the tools hands-on, not just on paper.

Job roles unlocked

Where this cert opens doors.

Security Analyst (Tier 1/2 SOC)Junior Penetration TesterVulnerability AnalystGovernment / defence procurement-gated roles (DoD 8570 / 8140 IAT II, IAT III, CSSP)

How AxVeil's team uses this cert

From the operator side of the desk.

We treat CEH as an HR-filter cert, not a technical-skill cert. When a client's procurement or compliance team mandates CEH-credentialed staff (common in BFSI tenders and government work), AxVeil fields CEH-holding operators alongside OSCP-led delivery. For the actual pentest output, OSCP or OSEP is doing the work — CEH unlocks the door.

FAQ

Questions people ask before booking.

Is CEH respected by senior pentesters?+

Mixed. Working operators generally value OSCP, OSEP and GPEN over CEH because those certs require demonstrated exploitation. CEH is multiple-choice (the optional Practical adds a hands-on lab but is not always required). That said, dismissing CEH is naive — it is the only cert many government and BFSI tenders will accept, and it gets resumes through HR filters that ignore OffSec credentials entirely.

Should I do CEH or OSCP first?+

If your goal is a SOC / analyst / GRC role or government work, CEH first — it is the credential the job ad asks for. If your goal is to deliver paid penetration tests as your job, skip CEH and go straight to OSCP. Doing both is reasonable if you want maximum employability, but CEH does not measurably improve your OSCP prep.

How does the CEH Practical exam compare to OSCP?+

CEH Practical is 6 hours against 20 challenges on EC-Council's iLabs range — bite-sized, single-machine puzzles. OSCP is 24 hours against a chained AD environment plus standalone machines, with a mandatory report. CEH Practical proves you can use the tools; OSCP proves you can run an engagement.

What is the renewal cost?+

CEH requires 120 ECE (EC-Council Continuing Education) credits over a three-year cycle plus an annual membership fee (currently USD 80/year). Credits come from training, conferences, webinars or authoring content. Plan on USD 240 + your time over three years to maintain.

Will CEH get me a pentest job?+

It will get your resume past automated filters. The technical interview will then ask you to exploit something live. Without OSCP-level hands-on practice, CEH alone rarely closes a senior pentest role. Use it as a complement to a hands-on cert and a public portfolio (HackTheBox, write-ups, CVE work).

Where this maps in our practice

Relevant AxVeil services and field notes.

Services

Sibling certifications worth comparing.

eJPT — eLearnSecurity Junior Penetration Tester

2/5 · ~80h

Need a qualified team to deliver the engagement?

We can field operators with CEH (and the rest of the stack — OSCP, OSEP, CISSP, CISM) on engagements in 5 to 10 working days. Letter of Attestation includes the lead-tester credentials so your auditor can verify.

Contact AxVeil →Back to All Certifications