--My study reflection of CEH
I interviewed my father's friend, an cybersecurity manager, to have a glipse of the cybersecurity career. I got to know about CEH as he suggested me to participate in certification programs. He suggested me to take certification exams such as CEH to increase competitiveness in the cybersecurity field.
I register a course in the UCOM education center, but I did not expect that it had not yet received any high school students like me. The customer services were surprised, and even telephone-interviewed me to ensure whether I have the ability to take the course.
Since I don't know much about CEH before I participated in the EC-Council course, I really underestimated the level of difficulty in the test and decided to take the exam right after the course. However, I passed anyways. I think my experience in website hacking helped me a lot.
I started to discover my difficulty: the course is extremely fast paced. Although on this day I still could recall what I learned, I struggled to digest every information taught in class.
The course's pace accelerates, and I could not really keep up with the tempo. I started to take notes after the day.
The course kept accelerating. I discovered that I could not catch up by taking notes after class. I could not even spend time enumerating all things I learned. It is just too much things to point out.
This is the day which I felt a little easier. On this day, the lecturer talks about website hacking and SQL injection. I am already familiar with website hacking due to my experience in TryHackMe and HackTheBox. Most of the things I did not pay extra effort to remember them. I also started to practice exam questions to get familiar with the exam.
I was impressed of how I could "speed run" the two textbooks which add up to a dictionary thick, but I was also stressed of the test. I spend the rest of my time practicing exam questions.
I felt surprised of the content in the test. Although the questions are largely similar to practice questions I have seen, the exam tests for many knowledge that is not in the textbook. I also felt weak remembering the names of various IDSs, detection tools, and laws. But I tried my best to ensure I scored every question that I am familiar with, such as website hacking and enumeration. At this point, I don't really expect I could pass the exam, but it turns out the opposite!
Test immediately after the course is definitely a bad idea, especially having no prior knowledge about ethical hacking. The questions are generally testing knowledge rather than intelligence. Compare to understanding the methodology of attacks and defenses in detail, it is more important to have knowledge that covers broadly.
My suggestions are:
To take test right after the course- Organize notes
- Do labs in the textbook (the lab manual)
- Do practice questions
- View others' notes on Github