What Happens If I Fail the CEH Exam? Complete Retake Guide 2026

Failing the Certified Ethical Hacker (CEH) exam means a 14-day wait and approximately $100 retake fee—one of the most affordable retake costs in cybersecurity certification. EC-Council's retake pricing is separate from the original exam cost ($1,199 exam-only). The CEH exam covers 20 ethical hacking modules with 125 questions in 4 hours, using a variable passing score (60-85%) that adjusts based on exam form difficulty. This variable threshold means you won't know your exact target until you receive your results.

The CEH is primarily a knowledge-based exam testing your understanding of hacking methodologies, attack techniques, and defensive countermeasures. Unlike OSCP or PenTest+ which emphasize practical exploitation skills, CEH focuses on recognizing attack patterns, understanding tool capabilities, and knowing the appropriate countermeasures. This distinction is important for your retake preparation—deep conceptual understanding matters more than hands-on exploitation skills.

EC-Council also offers CEH Practical, a separate 6-hour hands-on exam that tests actual penetration testing skills in a live environment. While the knowledge-based CEH exam (CEH Ansi) is what most candidates take and what this guide covers, understanding both pathways helps you plan your cybersecurity certification strategy. Passing both earns the CEH Master credential.

Retake Wait
14 Days
Retake Fee
~$100
Passing Score
60-85%
Questions
125 in 4hr

CEH Retake Policy Explained

EC-Council requires a 14-day waiting period between attempts with unlimited retakes allowed. The retake fee of approximately $100 is separate from the original exam voucher price. If you purchased the official EC-Council training package (iClass or iLearn), your bundle likely includes one free retake attempt—check your purchase agreement before paying for a new voucher.

CEH uses a scaled scoring system where the passing threshold varies between 60% and 85% depending on the difficulty of your specific exam form. This means if you scored 70% and the threshold for your form was 72%, you were extremely close. Unfortunately, EC-Council doesn't provide domain-level breakdowns like CompTIA or AWS, making it harder to identify specific weak areas from your score report alone.

For self-study candidates who didn't use EC-Council's official training, you must have met the eligibility requirements: either 2 years of information security experience or completion of an EC-Council authorized training program. If you originally qualified through experience, that eligibility remains valid for retakes.

An important financial consideration: the CEH exam voucher ($1,199 for exam-only, up to $2,999 with training) is one of the most expensive in cybersecurity. However, the ~$100 retake fee means that after the initial investment, subsequent attempts are remarkably affordable. This contrasts sharply with certifications like CISSP ($749 per attempt) or OSCP ($249+ per retake) where every attempt carries significant cost.

The 20 CEH Modules — Detailed Breakdown

The CEH exam covers an extensive range of topics across 20 modules. Understanding which modules carry the most weight helps you prioritize your retake study:

Module Group Modules Covered Key Topics
ReconnaissanceFootprinting, Scanning, EnumerationOSINT, Nmap, port scanning, DNS, SNMP enumeration
System AttacksSystem Hacking, Malware, SniffingPassword cracking, privilege escalation, trojans, packet capture
Web & ApplicationWeb Server, Web App, SQL InjectionXSS, CSRF, injection attacks, OWASP Top 10
Network AttacksDoS, Session Hijacking, WirelessDDoS amplification, TCP hijacking, WPA3, evil twin
Emerging TechIoT, Cloud, Mobile, CryptographyCloud attacks, mobile threats, IoT vulnerabilities, encryption
Social EngineeringSocial Engineering, Evading IDS/FirewallsPhishing techniques, pretexting, IDS evasion, honeypots

Top 6 Reasons Candidates Fail CEH

  1. Underestimating the breadth of 20 modules. CEH covers an enormous range of topics. Candidates who deep-dive into a few favorite modules while skipping others (especially IoT, cloud, and mobile) leave easy points on the table. Every module contributes questions, so a comprehensive approach is essential.
  2. Not memorizing tools and their purposes. CEH tests your knowledge of specific tools: which tool does what, what output looks like, and when each is appropriate. Know Nmap flags (-sS, -sV, -O, -A), Metasploit modules, Wireshark filters, Burp Suite features, and SQLmap usage. Tool recognition questions are among the most common on the exam.
  3. Confusing attack types and countermeasures. Many CEH questions present scenarios and ask you to identify the attack type OR the appropriate countermeasure. You need to match attacks to defenses accurately across all 20 modules. Create a study matrix mapping each attack to its detection method and countermeasure.
  4. Ignoring the ethical/legal framework. Several questions test your understanding of ethical hacking methodology, laws (CFAA, GDPR, SOX), rules of engagement, and when specific actions are legal vs illegal. These "easy" questions are free points that many candidates lose by skipping this topic.
  5. Poor time management over 4 hours. With 125 questions in 4 hours, you have roughly 1.9 minutes per question. The exam length leads to mental fatigue—pace yourself and take brief mental breaks every 30-40 questions to maintain focus.
  6. Studying outdated material. EC-Council updates the CEH exam regularly. Candidates using old study guides may miss newer topics like cloud-native attacks, API security vulnerabilities, Smart Practice attack tools, and modern wireless security standards (WPA3).

Building a Tool Knowledge Matrix

One of the most effective retake strategies is creating a comprehensive tool matrix. CEH questions frequently present a scenario and ask "which tool would you use?" Here are the critical tool categories:

Phase Key Tools Know This
ReconnaissanceMaltego, theHarvester, Shodan, Recon-ngOSINT gathering, email harvesting, exposed services
ScanningNmap, Hping3, Nessus, OpenVASPort scanning flags, vulnerability scanning, stealth scans
ExploitationMetasploit, SQLmap, Burp Suite, BeEFFramework usage, SQL injection, XSS exploitation
Post-ExploitationMimikatz, Empire, BloodHound, Cobalt StrikeCredential dumping, lateral movement, persistence
Password CrackingJohn the Ripper, Hashcat, Hydra, Cain & AbelDictionary vs brute force, rainbow tables, hash types
WirelessAircrack-ng, Kismet, Wifite, FluxionWPA/WPA2 cracking, deauth attacks, evil twin
SniffingWireshark, tcpdump, Ettercap, dSniffPacket capture, ARP poisoning, MITM attacks

14-Day CEH Recovery Study Plan

Days Focus Activities
1-2Self-assessmentNote which modules felt weakest during exam, build your tool knowledge matrix spreadsheet
3-5Weak module deep-diveStudy your 5 weakest modules intensively. Focus on tools, attack types, and countermeasures
6-8Web & cloud attacksMaster OWASP Top 10, cloud attack vectors, API security, container vulnerabilities
9-10Emerging tech & legalStudy IoT/mobile security, cryptographic algorithms, legal framework (CFAA, GDPR)
11-13Full practice examsTake 3+ full-length timed practice exams. Review every wrong answer thoroughly
14Light review + retakeReview tool matrix, rest your mind, retake with confidence

CEH vs Other Security Cert Retake Policies

Certification Wait Retake Cost Retakes
CEH14 days~$100Unlimited
CompTIA PenTest+14 days$404Unlimited
OSCPVaries$249+Unlimited
CISSP30-90 days$7494/year
CompTIA Security+14 days$404Unlimited

CEH has the most affordable retake cost among major cybersecurity certifications. The ~$100 retake fee compares very favorably to PenTest+ ($404), OSCP ($249+), and CISSP ($749). This low retake cost, combined with the 14-day wait and unlimited attempts, makes CEH one of the most retake-friendly certifications in the industry.

CEH Career Value: Is It Worth Retaking?

Absolutely. CEH remains one of the most recognized cybersecurity certifications globally, and here's why it's worth the retake effort:

Frequently Asked Questions

How long to wait to retake CEH?

14 days after each failed attempt. Unlimited retakes allowed at approximately $100 each.

What does a CEH retake cost?

~$100 retake fee (separate from original $1,199 exam voucher). Some training packages include a free retake—check your purchase agreement.

What is the CEH passing score?

60-85% depending on exam form difficulty. EC-Council uses scaled scoring, so the threshold varies per form. Two candidates can have different passing thresholds.

How many questions are on the CEH exam?

125 questions in 4 hours covering 20 ethical hacking modules. This gives you roughly 1.9 minutes per question.

Is CEH worth it after failing?

Yes. CEH meets DoD 8570/8140 requirements, is globally recognized, and the $100 retake fee makes it very affordable to retry. The certification opens doors to government and private sector security roles.

Is CEH or PenTest+ better?

CEH is knowledge-based and meets DoD requirements. PenTest+ is more hands-on and practical. Government roles often require CEH specifically; private sector may prefer PenTest+ or OSCP for demonstrating practical skills.

Does CEH expire?

Yes. CEH requires 120 ECE (EC-Council Continuing Education) credits over 3 years and an annual membership fee of $80 to maintain certification. This totals $240 in maintenance fees per 3-year cycle.

Prepare for Your CEH Retake

Practice with adaptive CEH questions across all 20 ethical hacking domains.

Start Free CEH Practice Test →

Related CEH Resources

Does CEH Expire? Without Experience? How Many Questions? CEH vs PenTest+ Fail PenTest+? Fail CISSP?