CertGrid
Security Study Guide

EC-Council CEH (Certified Ethical Hacker) Study Guide

The EC-Council Certified Ethical Hacker (CEH) validates that a candidate can think and act like an attacker while staying within legal, authorized boundaries. It spans the full offensive lifecycle - reconnaissance, scanning, enumeration, system and web attacks, wireless, mobile, IoT/OT, cloud, and cryptography - along with the defensive countermeasures for each. It suits security analysts, penetration testers, SOC staff, and IT professionals moving into offensive or defensive security roles.

Reviewed Jul 2026.

Domain 1: Information Security and Ethical Hacking Overview

Key concepts you must know · 40 practice questions

Domain 2: Reconnaissance Techniques

Key concepts you must know · 150 practice questions

Domain 3: System Hacking Phases and Attack Techniques

Key concepts you must know · 120 practice questions

Domain 4: Network and Perimeter Hacking

Key concepts you must know · 120 practice questions

Domain 5: Web Application Hacking

Key concepts you must know · 120 practice questions

Domain 6: Wireless Network Hacking

Key concepts you must know · 40 practice questions

Domain 7: Mobile, IoT, and OT Hacking

Key concepts you must know · 80 practice questions

Domain 8: Cloud Computing

Key concepts you must know · 40 practice questions

Domain 9: Cryptography

Key concepts you must know · 40 practice questions

EC-Council CEH (Certified Ethical Hacker) exam tips

Study guide FAQ

How is the CEH exam structured and what is the passing score?

The CEH (ANSI) knowledge exam has 125 multiple-choice questions with a 4-hour time limit. There is no single fixed passing percentage - the cut score varies by exam form and typically falls between 60 and 85 percent depending on question difficulty. EC-Council also offers the separate hands-on CEH Practical.

What is the difference between passive and active reconnaissance?

Passive reconnaissance gathers information from public, third-party sources (WHOIS, search engines, Shodan, archives) without ever touching the target's own systems, so it leaves no trace. Active reconnaissance interacts directly with target-owned infrastructure - such as scanning ports or querying the target's own name server - and can be logged and detected.

Do I need programming or command-line experience to pass CEH?

You do not need to be a developer, but you must be comfortable recognizing tool usage and command syntax. The exam expects you to interpret tcpdump BPF filters, Wireshark display filters, dig output, and common tool invocations, and to know what each tool does, so hands-on lab practice significantly improves your results.

How much cryptography does CEH require and at what depth?

CEH covers cryptography conceptually, not mathematically. You should know cipher types (symmetric vs asymmetric, block vs stream), specific algorithms and their status (AES, 3DES, RSA, ECC, RC4, MD5, SHA-1, SHA-256), modes like ECB and GCM, hashing with salt and HMAC, and PKI components (CA, X.509, chain of trust, OCSP), but you will not perform key computations.