CEHv10 and CEHv9: Comparing The Versions

CEH, Certified Ethical Hacker, by EC-Council is a highly sought after IT security certification. EC-Council recently released a new version of the exam, CEHv10. We’ve taken the guesswork out of deciphering what has changed between the latest version and the older version so take a few moments to read over what we’ve found.

CEHv10 versus CEHv9

What’s New in CEHv10?

New Modules 

New content has been added to the course. CEHv10 introduces two new modules called “Vulnerability Analysis” and  “IoT Hacking.” “Vulnerability Analysis” is an essential addition covering the process of identifying the severity of risks and threats in regards to security of a system. “IoT Hacking,” covers aspects of hardware hacking using several techniques and technologies.

Additions to CEHv10

 CEHv10 now features an optional exam that students can take to test their skills in ethical hacking. This new feature is called “CEH Practical.” The optional exam focuses around real-world security challenges and it’s good for students to use to apply their new skills. The length of this exam is 6 hours and mimics a real corporate situation. There will be 20 practical challenges and a 70% passing score is required. This optional exam will assess your ability to perform:

• Cryptography attacks
• Packet sniffing
• SQL injection attacks
• Identify and use computer worms and viruses
• Perform vulnerability analysis on a corporation’s network and communication infrastructure

Changes To The CEH Exam Modules

All of the current modules have undergone significant change.

Module 1’s “Information Security Controls” has introduced a new subtopic called “What is Risk?” which has been added to the course content. This is significant as there are essential concepts for developing your ethical hacking expertise. Billions of dollars are lost annually by companies who are not aware of the risks and vulnerabilities that the company possessed. The key to solving these problems for companies is understanding risk management and how these situations may occur in the cyber crime scene where stealing of money and large amounts of data are imminent if one is not aware. Module 1 also added the concept of Security Incident and Event Management (SIEM) which will cover things like SIEM architecture and more. In addition, Module 1 will move on to teach participants about user behavior analytics. User behavior analytics allow companies to be capable of so much more by driving decisions from data. This data will show many things like consumer buying behavior and more. Other new, notable topics you will learn about in Module 1 include: Network Security Controls, Identity and Access Management (IAM), Data Leakage, Data Backup, and Data Recovery. Just like Module 1, the other modules have undergone significant changes as well.

In addition to content changes, the order of the content delivered has been rearranged in the new CEH. Module 16 “Vading IDS, Firewalls, and Honeypots” in CEHv9 has now been moved to Module 12 in CEHv10.

CEHv10 Exam

It is paramount that you study the materials assigned throughout this course. Using CEHv9 materials to study for the CEHv10 will prepare you a little as some of the course content will overlap between the two versions because there are only a few changes.

The format of the CEH exam will remain the same. The duration of the exam is 4 hours. There will be 125 questions and all of them will be multiple choice.

What Happens To The Old CEHv9 Exam?

The exams will be automatically updated. To be completely prepared for the exam, candidates will need to incorporate the materials of the new version into their preparation. Use all study tools and materials that are available from the CEHv9 and make sure to be knowledgeable on the new topics implemented in the CEHv10 course

For those that are currently CEH certified or are planning on earning the certification, it is important to note that the certification is valid for 3 years starting the date of issuance.