I came across this site only today while I was doing some reading for the CEH. I read the prev thread about CEH.
First congrats Lv4
I am too is trying to do the CEH within next few weeks. I have an idea of the V3 exam ( I went for the training last year !!!) but the V4 is new to me.
Do you have any advice ? Any areas where they are are many questions ? :-)
I don't know the difference between the v3 and v4 exams, but I guess I do know the v4 stuff fairly well.
They hammered me on nmap commands, know the /full/ commands and not the short cut commands. For example they expect to see nmap -v -v for very verbose, but I have always used -vv for the same thing.
Also I got a lot of packet sniffs that I had to decipher, and a couple of ettercap commands. Oh and I also had a couple of code snippets that I had to figure out where a buffer overflow was happening at... but that was only two questions out of the 125 given... and one of them was very obvious. They were both written in C/C++ but I wouldn't be too concerned about that.
Mostly though it was general security questions, like stuff on SSL, SQL injections and "word questions", i.e. Mary is a network administrator for XYZ corp and during a regular packet sniff she sees a lot of SYN packets to her firewalls, what does this indicate... like I said general stuff.
Your milage may vary though, because to my understanding they have a fairly large pool of questions. I know none of the other 20 people that took the exam with me got any code/buffer overflow questions, nor did they get any ettercap stuff. Maybe ICC just loved me and wanted to see how good I really am :)
thanks for the reply. Will brushup on these areas further.