Failing the Certified Ethical Hacker (CEH) exam means a 14-day wait and approximately $100 retake fee—one of the most affordable retake costs in cybersecurity certification. EC-Council's retake pricing is separate from the original exam cost ($1,199 exam-only). The CEH exam covers 20 ethical hacking modules with 125 questions in 4 hours, using a variable passing score (60-85%) that adjusts based on exam form difficulty. This variable threshold means you won't know your exact target until you receive your results.
The CEH is primarily a knowledge-based exam testing your understanding of hacking methodologies, attack techniques, and defensive countermeasures. Unlike OSCP or PenTest+ which emphasize practical exploitation skills, CEH focuses on recognizing attack patterns, understanding tool capabilities, and knowing the appropriate countermeasures. This distinction is important for your retake preparation—deep conceptual understanding matters more than hands-on exploitation skills.
EC-Council also offers CEH Practical, a separate 6-hour hands-on exam that tests actual penetration testing skills in a live environment. While the knowledge-based CEH exam (CEH Ansi) is what most candidates take and what this guide covers, understanding both pathways helps you plan your cybersecurity certification strategy. Passing both earns the CEH Master credential.
EC-Council requires a 14-day waiting period between attempts with unlimited retakes allowed. The retake fee of approximately $100 is separate from the original exam voucher price. If you purchased the official EC-Council training package (iClass or iLearn), your bundle likely includes one free retake attempt—check your purchase agreement before paying for a new voucher.
CEH uses a scaled scoring system where the passing threshold varies between 60% and 85% depending on the difficulty of your specific exam form. This means if you scored 70% and the threshold for your form was 72%, you were extremely close. Unfortunately, EC-Council doesn't provide domain-level breakdowns like CompTIA or AWS, making it harder to identify specific weak areas from your score report alone.
For self-study candidates who didn't use EC-Council's official training, you must have met the eligibility requirements: either 2 years of information security experience or completion of an EC-Council authorized training program. If you originally qualified through experience, that eligibility remains valid for retakes.
An important financial consideration: the CEH exam voucher ($1,199 for exam-only, up to $2,999 with training) is one of the most expensive in cybersecurity. However, the ~$100 retake fee means that after the initial investment, subsequent attempts are remarkably affordable. This contrasts sharply with certifications like CISSP ($749 per attempt) or OSCP ($249+ per retake) where every attempt carries significant cost.
The CEH exam covers an extensive range of topics across 20 modules. Understanding which modules carry the most weight helps you prioritize your retake study:
| Module Group | Modules Covered | Key Topics |
|---|---|---|
| Reconnaissance | Footprinting, Scanning, Enumeration | OSINT, Nmap, port scanning, DNS, SNMP enumeration |
| System Attacks | System Hacking, Malware, Sniffing | Password cracking, privilege escalation, trojans, packet capture |
| Web & Application | Web Server, Web App, SQL Injection | XSS, CSRF, injection attacks, OWASP Top 10 |
| Network Attacks | DoS, Session Hijacking, Wireless | DDoS amplification, TCP hijacking, WPA3, evil twin |
| Emerging Tech | IoT, Cloud, Mobile, Cryptography | Cloud attacks, mobile threats, IoT vulnerabilities, encryption |
| Social Engineering | Social Engineering, Evading IDS/Firewalls | Phishing techniques, pretexting, IDS evasion, honeypots |
One of the most effective retake strategies is creating a comprehensive tool matrix. CEH questions frequently present a scenario and ask "which tool would you use?" Here are the critical tool categories:
| Phase | Key Tools | Know This |
|---|---|---|
| Reconnaissance | Maltego, theHarvester, Shodan, Recon-ng | OSINT gathering, email harvesting, exposed services |
| Scanning | Nmap, Hping3, Nessus, OpenVAS | Port scanning flags, vulnerability scanning, stealth scans |
| Exploitation | Metasploit, SQLmap, Burp Suite, BeEF | Framework usage, SQL injection, XSS exploitation |
| Post-Exploitation | Mimikatz, Empire, BloodHound, Cobalt Strike | Credential dumping, lateral movement, persistence |
| Password Cracking | John the Ripper, Hashcat, Hydra, Cain & Abel | Dictionary vs brute force, rainbow tables, hash types |
| Wireless | Aircrack-ng, Kismet, Wifite, Fluxion | WPA/WPA2 cracking, deauth attacks, evil twin |
| Sniffing | Wireshark, tcpdump, Ettercap, dSniff | Packet capture, ARP poisoning, MITM attacks |
| Days | Focus | Activities |
|---|---|---|
| 1-2 | Self-assessment | Note which modules felt weakest during exam, build your tool knowledge matrix spreadsheet |
| 3-5 | Weak module deep-dive | Study your 5 weakest modules intensively. Focus on tools, attack types, and countermeasures |
| 6-8 | Web & cloud attacks | Master OWASP Top 10, cloud attack vectors, API security, container vulnerabilities |
| 9-10 | Emerging tech & legal | Study IoT/mobile security, cryptographic algorithms, legal framework (CFAA, GDPR) |
| 11-13 | Full practice exams | Take 3+ full-length timed practice exams. Review every wrong answer thoroughly |
| 14 | Light review + retake | Review tool matrix, rest your mind, retake with confidence |
| Certification | Wait | Retake Cost | Retakes |
|---|---|---|---|
| CEH | 14 days | ~$100 | Unlimited |
| CompTIA PenTest+ | 14 days | $404 | Unlimited |
| OSCP | Varies | $249+ | Unlimited |
| CISSP | 30-90 days | $749 | 4/year |
| CompTIA Security+ | 14 days | $404 | Unlimited |
CEH has the most affordable retake cost among major cybersecurity certifications. The ~$100 retake fee compares very favorably to PenTest+ ($404), OSCP ($249+), and CISSP ($749). This low retake cost, combined with the 14-day wait and unlimited attempts, makes CEH one of the most retake-friendly certifications in the industry.
Absolutely. CEH remains one of the most recognized cybersecurity certifications globally, and here's why it's worth the retake effort:
14 days after each failed attempt. Unlimited retakes allowed at approximately $100 each.
~$100 retake fee (separate from original $1,199 exam voucher). Some training packages include a free retake—check your purchase agreement.
60-85% depending on exam form difficulty. EC-Council uses scaled scoring, so the threshold varies per form. Two candidates can have different passing thresholds.
125 questions in 4 hours covering 20 ethical hacking modules. This gives you roughly 1.9 minutes per question.
Yes. CEH meets DoD 8570/8140 requirements, is globally recognized, and the $100 retake fee makes it very affordable to retry. The certification opens doors to government and private sector security roles.
CEH is knowledge-based and meets DoD requirements. PenTest+ is more hands-on and practical. Government roles often require CEH specifically; private sector may prefer PenTest+ or OSCP for demonstrating practical skills.
Yes. CEH requires 120 ECE (EC-Council Continuing Education) credits over 3 years and an annual membership fee of $80 to maintain certification. This totals $240 in maintenance fees per 3-year cycle.
Practice with adaptive CEH questions across all 20 ethical hacking domains.
Start Free CEH Practice Test →