The EC-Council Certified Ethical Hacker (CEH) v12 knowledge exam contains 125 multiple-choice questions with a 240-minute (4-hour) time limit. The passing score is approximately 70%, though the exact cutoff varies by exam form because EC-Council uses a scaled scoring model. With nearly 2 minutes per question, time pressure is minimal compared to CompTIA or Cisco exams — the challenge lies in the breadth of ethical hacking topics covered across 20 domains.
CEH is one of the most recognized offensive security certifications globally, validated by the U.S. Department of Defense and required for many government cybersecurity positions. Understanding the exam format, question distribution, and preparation strategies is essential for passing on your first attempt and avoiding the $950+ retake cost.
The CEH v12 knowledge exam is entirely multiple-choice — there are no performance-based questions (PBQs), simulations, drag-and-drop, or hands-on labs in the knowledge exam. Every question presents four answer options with exactly one correct answer. This format is notably different from CompTIA exams (which include PBQs) and the OSCP (which is entirely hands-on).
Questions primarily test your knowledge of:
CEH v12 covers 20 modules, each representing a phase or topic in the ethical hacking methodology. While EC-Council does not publish exact question weightings per module, the exam blueprint indicates roughly equal distribution with emphasis on the most critical areas:
| Module | Topic | Est. Questions |
|---|---|---|
| 1 | Introduction to Ethical Hacking | ~5 |
| 2 | Footprinting and Reconnaissance | ~7 |
| 3 | Scanning Networks | ~7 |
| 4 | Enumeration | ~7 |
| 5 | Vulnerability Analysis | ~6 |
| 6 | System Hacking | ~8 |
| 7 | Malware Threats | ~6 |
| 8 | Sniffing | ~5 |
| 9 | Social Engineering | ~5 |
| 10 | Denial-of-Service | ~5 |
| 11 | Session Hijacking | ~5 |
| 12 | Evading IDS, Firewalls, and Honeypots | ~6 |
| 13 | Hacking Web Servers | ~6 |
| 14 | Hacking Web Applications | ~7 |
| 15 | SQL Injection | ~6 |
| 16 | Hacking Wireless Networks | ~6 |
| 17 | Hacking Mobile Platforms | ~5 |
| 18 | IoT and OT Hacking | ~5 |
| 19 | Cloud Computing | ~6 |
| 20 | Cryptography | ~8 |
With 240 minutes for 125 questions, you have approximately 1 minute and 55 seconds per question. This is generous compared to most IT certification exams. However, effective time management still matters because some questions require careful reading of scenario-based prompts.
CEH questions frequently follow these patterns:
The cost of taking the CEH exam varies based on your training path:
| Option | Cost | Includes |
|---|---|---|
| EC-Council Official Training + Exam | $1,199 - $3,499 | Instructor-led or self-paced training, exam voucher, labs |
| Exam Voucher Only (with approved application) | $950 | Exam voucher only — requires 2 years of infosec experience |
| Application Fee (self-study path) | $100 | Non-refundable application review fee |
| Retake Voucher | $499 - $950 | Varies by program and waiting period |
Self-study eligibility: If you choose not to take EC-Council's official training, you must submit an application proving at least 2 years of information security work experience. EC-Council reviews the application and charges a non-refundable $100 fee. If approved, you can purchase the exam voucher separately for approximately $950.
| Certification | Questions | Time | Format | Cost | Focus |
|---|---|---|---|---|---|
| CEH v12 | 125 | 240 min | Multiple-choice | $950+ | Broad ethical hacking |
| CompTIA PenTest+ | Up to 85 | 165 min | MC + PBQs | $404 | Penetration testing methodology |
| OSCP | N/A | 23h 45m | Hands-on lab | $1,749+ | Practical exploitation |
| GPEN (SANS) | 82-115 | 180 min | Multiple-choice | $2,499+ | Advanced penetration testing |
| eJPT | 35 tasks | 48 hours | Hands-on lab | $249 | Entry-level pentesting |
CEH is the most widely recognized ethical hacking certification for compliance and HR requirements. OSCP is preferred for technical credibility among red team professionals. PenTest+ offers the best value for money at $404 with a vendor-neutral approach. Your choice depends on whether you need the certification for job requirements (CEH), practical skill validation (OSCP), or career entry (PenTest+ or eJPT).
Most candidates with existing security knowledge (Security+ level or equivalent) need 6-10 weeks of dedicated study. Complete beginners should allow 3-4 months to build foundational networking and security knowledge first.
The following tools appear most frequently on the CEH exam:
CEH certification is valid for 3 years. To maintain it, you must:
ECE credits can be earned through training courses, conferences, webinars, published research, and teaching. Higher-level EC-Council certifications (like ECSA or LPT) automatically renew CEH.
The CEH v12 knowledge exam contains 125 multiple-choice questions to be completed in 240 minutes (4 hours).
Approximately 70%, though the exact cutoff varies by exam form. EC-Council uses a scaled scoring model.
Yes. CEH v12 offers an optional CEH Practical exam — a 6-hour hands-on lab — for candidates pursuing the CEH Master designation. The knowledge exam is multiple-choice only.
CEH covers more offensive tools and techniques, but Security+ has a higher passing threshold (83% vs ~70%). CEH is broader in ethical hacking topics but less deep on any single domain.
The CEH exam voucher alone costs approximately $950-$1,199 depending on whether you purchase training bundles. EC-Council requires authorized training or a verified application for self-study candidates.
Yes, but you must submit an application proving at least 2 years of information security experience and pay a non-refundable $100 application fee. Approved applicants can then purchase the exam voucher separately.
Most candidates with Security+ or equivalent experience need 6-10 weeks of dedicated study. Complete beginners should allow 3-4 months to cover networking fundamentals and security concepts before CEH-specific material.
Yes. CEH certification is valid for 3 years. You must earn 120 ECE credits within the 3-year cycle and pay an annual maintenance fee of $80/year to maintain certification.
Test your ethical hacking knowledge with unlimited adaptive practice questions covering all 20 CEH domains.
Start Free Practice Test →