Logo
Overview
What I Learned After Passing the CEH Master Certification

What I Learned After Passing the CEH Master Certification

f1rst f1rst
September 15, 2025
7 min read
CEH CEH Master Certificate

What are CEH and CEH Practical — official format

ExamFormat / StructureDurationContents / What is testedPassing criteria / other logistics
CEH (Theory / Knowledge Exam)Multiple-choice questions (MCQs), scenario-based questions.4 hoursBroad coverage: threat vectors, attack detection/prevention, scanning, enumeration, system/network security, web app hacking, cryptography, social engineering, etc.Total questions ≈ 125 MCQs. Passing score is not fixed but typically in some range like 60-85% depending on the version / difficulty.
CEH PracticalHands-on / lab exam. You are given virtual machines / networks, real service/app targets in a cyber range environment. Solve real-life style challenges.6 hoursYou face multiple challenges (≈ 20) — tasks like network scanning, OS detection, exploitation, web app attacks, packet capture (PCAP) analysis, etc.Passing requires completing a certain number of challenges correctly (for example ~14/20 = 70%) depending on the version. Remote proctoring is used. It is open book in many aspects (you can refer to external resources) but tightly monitored.

My Experience & Review

Below is how it was for me, with both exams (the CEH theory + the CEH Practical) taken online at home with remote proctoring.

What I liked / strengths

  1. Very broad scope The theory exam covers almost everything in the domain of cybersecurity / ethical hacking: reconnaissance, scanning, enumeration, vulnerabilities, web‐apps, malware, cryptography, social engineering, etc. If you’re someone who wants a general overview of the field, this is great. It gives you a map of what cybersecurity is, all the “kill chain” phases, many attack vectors.

  2. Good as a foundation Because the coverage is so wide, it’s excellent as a base: if you really study and understand, it gives you enough to go deeper into any specific area. It sets you up well if you want to later focus on web app hacking, or malware, or penetration testing, or for CTFs, etc.

  3. Proctoring & exam integrity I found the proctoring strict and fair. The rules are clear, and the proctors are helpful. For instance, you must be in a private room, camera showing the room (360° rotation when asked), you need to use a physical ID (not just a digital ID / app). All this ensures integrity, which increases the credibility of the certification.

  4. Real life style in Practical The Practical exam gives a real-lab environment (virtual machines, networked systems), with realistic tasks: exploiting known vulnerabilities, analyzing PCAPs, etc. This makes it more meaningful than just theory. Also, some of the tasks force you to search for PoCs or tools (which one often does in real work).

What I found could be better / drawbacks

  1. Depth is limited Because the exam spans so many topics, none are covered with very deep technical rigor. Many attack techniques are just touched: basic ones. The theory exam mostly asks about what is this vulnerability, what is the correct countermeasure, what is this tool used for, etc. For someone wanting to do original exploit development, kernel hacking, or “think outside the box” (like CTF style) it is not enough on its own.

  2. Dependence on existing PoCs / automated tools In the Practical exam, many challenges can be solved using existing PoCs, common tools, or basic techniques. There is less scope for creativity or inventing new attack vectors. It’s more about applying known techniques reliably, not inventing novel ones.

  3. Format / process inconsistencies

    • The proctoring systems between the two exams (the theory vs the practical) are different; the tools used, the remote access or remote proctor software vary. It can be a bit confusing, maybe unnecessary overhead.
    • In my case, one required installing some application to allow screen sharing / remote control, while the other used a different third-party tool (similar to Zoom), etc.
    • Also, the policies (e.g. what kinds of IDs are acceptable) are strict; but sometimes rules are slightly unclear till you’re inside.

  4. Not beginner-level for total newcomers If you are just a first-year university student or someone with no cybersecurity background, some tasks may be challenging even if everything is covered in the course. The labs, even though “not super deep,” assume you understand basics: networks, how to use tools, etc. But the course and exam do provide enough lab practice that you can get there if you commit.

My Performance & Particulars

  • For the theory exam: 125 MCQs, 4 hours. I finished pretty early (in under 2 hours) and got 118/125, thanks to having a strong background (good grades in InfoSec, CTF experience, more than 2 years working). The kinds of questions were scenario-based: “in this scenario what would you do” or “what is this situation.” If you pay attention in the lectures / labs, you’ll encounter many of the question types.
  • For the Practical: 6 hours, with 20 challenges. I earned 18/20 in the first 3 hours (but lost points because of a minor mistake: entering wrong IP address in one task, and submitting multiple times so that challenge got locked / blocked for brute-force). So: watch out for these small operational mistakes (typos, wrong target, etc). Also, note that brute force or repeated failures may block you in some challenges.

Some Important Rules / Conditions (from my experience & official sources)

  • You must use a physical identity document. Digital IDs / apps (or e-ID in Vietnam) often are not accepted.
  • You must be alone in a room, the proctor may ask you to show the room via webcam (360° view) to ensure no unauthorized help or reference materials (beyond what is allowed).
  • The camera and mic must remain on, screen sharing / remote view / proctor software may be used.
  • Break rules vary: some versions allow short breaks; in practical exam I had a 6-hour window with maybe a 15 min break.
  • The theory exam is not open-book: no external resources during the theory part. Practical is more flexible (you can look up stuff, use tools, but with constraints).

My Overall Take & Who It’s Good For

  • If you already have some grounding in cybersecurity (university courses, hands-on labs, participation in CTFs, a couple years working), CEH Master is relatively manageable and very useful. It reinforces knowledge and forces you to cover weak spots.
  • If you are new (freshman, no prior exposure), it’s still viable but you’ll need to put in more effort: do extra labs, get used to tools, practice in lab environments, maybe do shorter challenges / CTFs to build speed.
  • It is not the highest technical ceiling: if your aim is red teaming at kernel or exploit dev / vulnerability research, you’ll need to go beyond CEH. But as a baseline / stepping stone, it is solid.

Suggestions / Advice

  • Do all the labs in the CEH course fully, don’t skip the “easy ones” thinking they don’t matter. Many exam tasks will mirror them.
  • Practice operational discipline: double check your IPs / host names / targets, avoid submitting wrong items, beware brute force blocked tasks.
  • Get comfortable with standard tools (nmap, Burp, basic exploitation, web app attacks, PCAP analysis). Also get used to googling PoCs or references under time pressure.
  • Simulate proctoring environment: practice in a quiet room, with webcam, pretend someone is observing, so you’re not flustered on exam day.
  • Make sure your ID/ documentation is acceptable; check ahead. Also check your computer / network / camera etc work well; proctor may ask for room scans etc.

Conclusion

All in all, CEH Master (the combination of CEH Theory + CEH Practical) is a strong certificate if you want to build a broad, reliable foundation in cybersecurity. It gives you awareness across many domains, plus a taste of real-hands-on labs. It’s not super deep, but it doesn’t pretend to be.

If I were to rate it:

  • Usefulness: high for generalist or intermediate level.
  • ⚠️ Difficulty: easy (for someone with experience), harder if brand new.
  • 💡 Best next step: after CEH Master, specialize (e.g. CPTS, OSCP or CDSA).

View my Certificate at Linkedin profile