CEH Frequently Asked Questions

1. What makes the Ethical Hacking and Countermeasures course different from other courses in the market?

The Ethical Hacking and Countermeasures course prepares candidates for the CEH exam  offered by EC-Council. The course focuses on hacking techniques and technology from an offensive perspective. The course is regularly updated to reflect latest developments in the domain, including new hacking techniques, exploits, automated programs as well as defensive recommendations as outlined by experts in the field. The CEH body of knowledge represents detailed contributions from security experts, academicians, industry practitioners and the security community at large. 

2. What is "Hacking techniques and technology"?

Hacking techniques represent ways and means by which computer programs can be made to behave in ways they are not meant to. These techniques extend beyond the technology domain and can be applied to test security policies and procedures.

Hacking technology is used to refer to those tools and automated programs that can be used by perpetrators against an organization to incur critical damage. As technology advances, the skill required to execute a hack is much lesser as pre-compiled programs are available to effect havoc with simple point and click.

3. Aren't tools meant for script kiddies?

Does it matter if an elite hacker writes a buffer overflow or a script kiddy runs a tool if the target system gets compromised anyway? The point of emphasis here is that the enemy may be intellectually great or small, but he requires just one port of entry to wreck damage while the organization has the entire perimeter to guard with limited time and resources.

4. Do reformed hackers teach your course?

EC-Council places great emphasis on the quality of its instructors. A 17 year old will not be teaching security to professionals at our accredited training centers. Certainly, experience is the greatest teacher. However, EC-Council adheres to a code of ethics and encourages security professionals with significant years of teaching  exposure in the industry and security related experience to handle its security related courses.

5. Isn't this knowledge harmful? Why do you make it available so easily to the public?

EC-Council fulfills its social responsibility by ensuring that only persons with a minimum of two years of security related experience are eligible for the course. In addition all candidates are required to sign an agreement where they agree to respect the knowledge acquired and not misuse it in any way. The candidate also agrees to abide by all legal laws of the land in the use of thus acquired knowledge. Besides the CEH exam is a tough one to pass as students must have in-depth knowledge.

6. What can I take back to my organization if I certify as a CEH?

EC-Council believes in giving back to the security community as it has partaken of it. When you are a Certified Ethical Hacker, you are more than a security auditor or a vulnerability tester or a penetration tester alone. You are exposed to security checklists that will help you audit the organization's information assets, tools which will check for vulnerabilities that can be exploited and above all a methodology to assess the security posture of your organization by doing a penetration test against it. In short, the knowledge you will acquire has practical value to make your work place a more secure and efficient one.

7. It is all too technical. Do you reflect real-world business issues?

The value of CEH lies in its practical value. Over 26 domains, students are exposed to the business risks involved and the potential damage that can result due to negligence. Candidates are able to make an evaluated opinion regarding the acceptable risk an organization can face should it choose to address a security concern.

8. What is the employment value of CEH?

CEH is primarily targeted at security professionals who want to acquire a well rounded body of knowledge to have better opportunities in this field. Acquiring a CEH means the candidate has a minimum baseline knowledge of security threats, risks and countermeasures. Organizations can rest assured that they have a candidate who is more than a systems administrator, a security auditor, a hacking tool analyst  or a vulnerability tester. The candidate is assured of having both business and technical knowledge.

9. Where does CEH stand when compared to other educational offerings in the field of information security?

Consider this. A security defense course educates regarding proper configuration, firewalls, or rather preemptive security. CEH takes the alternative approach - defense in depth by attacking the systems. This is in sharp contrast to courses that teach defensive tactics alone. CEH imparts offensive tactics supplemented with defensive countermeasures. This ensures that the CEH professional can have a holistic security perspective of the organization.

10. I would like to provide professional service as a CEH professional. What can I expect to be paid per assignment?

The remuneration per assignment will vary with specifics of the client environment. However, on an average you can expect to be paid around $15,000 to $ 45,000 per assignment.

11. Can I purse self-study and attempt the exam instead of attending formal training?

The answer is yes. You must show 2 years of work experience in security related field. You must also submit CEH exam eligibility application and obtain authorization from EC-Council before you can attempt the exam. Please visit http://www.eccouncil.org/takeexam.htm for more details.

12. I am a CEH. What is my level?

Congratulations on becoming a CEH. You have joined elite group of professionals around the world. Your next level is to become a Licensed Penetration Tester (LPT).