Certified Ethical Hacker Practice Tests

What to Expect

The Certified Ethical Hacker exam costs $950 to $1,199 depending on the training option. Yeah, it's pricey. EC-Council requires either their official training or proof of two years of infosec experience to even sit for the exam, and the training path is more common since it also prepares you. You'll face 125 questions in 240 minutes, giving you roughly 1 minute and 55 seconds per question. Percentage-based with a variable cut score between 60% and 85% depending on which exam form you get. The form is randomly assigned, and the cut score adjusts for difficulty. That's a wide range, which means some exam forms are significantly harder than others.

Prerequisites and Audience

Two years of information security work experience OR completion of an official EC-Council training course. Most people go the training route since it doubles as exam prep. If you go the experience route, you'll need to submit an application with verification. Penetration testers, vulnerability analysts, security consultants, and anyone moving into offensive security. CEH covers the hacker methodology from a defensive perspective — the idea is "think like a hacker to defend like a pro." It's the most widely recognized offensive security cert at the entry-to-mid level.

Staying Certified

Three-year cycle requiring 120 EC-Council Continuing Education credits and an $80 annual membership fee. The annual fee on top of the renewal credits is a bit annoying, but that's the EC-Council model.

The exam covers the full hacking methodology across 20 modules: footprinting, scanning, enumeration, system hacking, malware analysis, sniffing, social engineering, denial of service, session hijacking, web app hacking, wireless hacking, IoT hacking, cloud computing, and cryptography. Important caveat: this is a knowledge exam, not a practical one. You're answering questions about tools and techniques, not actually hacking anything.

Network and Perimeter Hacking

Network and Perimeter Hacking at 21% is a substantial portion of the exam. You can't afford to be weak here. Focus on understanding the core concepts and common scenario patterns.

Reconnaissance Techniques

Reconnaissance Techniques at 18% is a substantial portion of the exam. You can't afford to be weak here. Focus on understanding the core concepts and common scenario patterns.

Web Application Hacking

Web Application Hacking accounts for 16% of questions. While not the heaviest domain, it can make the difference between passing and failing. Don't neglect it.

System Hacking Phases and Attack Techniques

System Hacking Phases and Attack Techniques accounts for 12% of questions. While not the heaviest domain, it can make the difference between passing and failing. Don't neglect it.

Question Format

Multiple-choice only — 125 questions in 240 minutes. Questions typically present a scenario and ask which tool or technique you'd use. "You need to enumerate NetBIOS shares on a target network. Which tool would you use?" That kind of thing. It's all about knowing your tools.

Study Timeline

Two to three months if you already have security experience. The material spans 20 modules of hacking methodology, so it's broad even if no single topic goes extremely deep. If you're new to offensive security, budget closer to four months.

Top Resources

EC-Council's iLabs give you hands-on practice in a cloud lab environment. The official CEH courseware covers everything on the exam. Matt Walker's CEH All-in-One guide is a solid study companion. And even though the exam is theoretical, doing CTFs on TryHackMe or HackTheBox makes the concepts stick way better than flashcards.

Common Mistakes

Assuming CEH is a practical hacking exam like OSCP. It's not. You won't fire up Nmap or exploit a machine during the test. You need to know what Nmap flags do, what Metasploit modules exist, and what each tool in the methodology is used for — but it's all multiple-choice. Candidates who study only theory pass. Candidates who study only hands-on and can't answer "which tool" questions from memory struggle.

Hands-On Advice

Even though the exam is theoretical, hands-on practice makes everything easier to remember. Set up Kali Linux with a vulnerable VM like Metasploitable or DVWA. Walk through the full kill chain: reconnaissance with Nmap, vulnerability scanning with Nessus or OpenVAS, exploitation with Metasploit, and post-exploitation. Run Burp Suite against DVWA. Crack some passwords with John the Ripper. When you see these tools in exam questions, you'll know exactly what they do because you've used them.

Testing Options

Pearson VUE or ECC Exam Centers. Standard remote proctoring is available.

Time Management

With 240 minutes for 125 questions, you get about 1.9 minutes each. That's actually generous compared to most certs. Don't rush — use the extra time to read scenarios carefully and eliminate answers methodically. There's rarely a reason to run out of time on the CEH.

How Hard Is This Exam?

On a scale of 1 to 10, CEH is about a 5.5. It's not as hard as its reputation suggests, primarily because it's a knowledge-based multiple-choice exam, not a practical hacking test like OSCP. The difficulty comes from the sheer breadth — 20 modules covering everything from footprinting to cryptography to IoT hacking. You need to memorize a lot of tool names and know which tool does what. The variable cut score (60-85% depending on the exam form) adds some unpredictability. Topics that trip people up most are the specific Nmap flags and their purposes, distinguishing between similar attack types, and the cloud computing and IoT modules that feel bolted on. If you have any hands-on security experience, the concepts aren't hard — but the tool-specific memorization takes effort.

Pass Rate Data

EC-Council reports that about 60-70% of candidates pass on the first attempt. That's a reasonable rate given the variable cut score. Among candidates who used both official training and hands-on CTF practice, the pass rate is higher. If you're scoring above 80% on practice tests, you should be fine regardless of which exam form you get. The variable cut score means aiming for a comfortable margin is important — don't target exactly 70%.

Each Pruvos practice test mirrors the CEH format: 125 questions with a 240-minute timer, distributed across nine domains — Network and Perimeter Hacking (21%), Reconnaissance Techniques (18%), Web Application Hacking (16%), System Hacking Phases and Attack Techniques (12%), Mobile Platform, IoT, and OT Hacking (10%), Information Security and Ethical Hacking Overview (7%), Wireless Network Hacking (7%), Cloud Computing (5%), and Cryptography (4%). We have 6 full practice tests with 750 unique questions. The generous time per question (about 1.9 minutes) matches the real exam's pacing. Focus on Network and Perimeter Hacking first — it's the heaviest domain at 21% and covers the core tool knowledge that the exam emphasizes.

Practice tests are the single most effective study tool for the CEH exam. They reveal your weak domains before the real exam does, and getting questions wrong in practice is how you learn. Each practice test here mirrors the real exam format: 125 questions, timed at 240 minutes, with the same 9-domain distribution.

Don't just take practice tests and check your score. Review every wrong answer and understand why the correct option is better. For the CEH, pay special attention to Network and Perimeter Hacking (21%) and Reconnaissance Techniques (18%) questions since they carry the most weight.