I enrolled in the EC-Council iClass Self-Paced CEH v10 Course on 25th June, 2018 and passed the CEH (Certified Ethical Hacker) exam today. I would recommend the official courses from EC-Council as the CEH v10 course ware (2294 pages) is informative and well-organized. The iLabs lab modules are fantastic; it saves you huge time to set up your own labs. (I also attended the official iWeek online live class for ECSA v10. It’s helpful and effective as well.)
The CEH v10 exam itself is straightforward, but it does take a lot of time for me to get insights to or review the technical details, say, the TCP 3-way handshaking and flags. There are a lot of commands, tools and related arguments to memorize and exercise.
Besides the official course ware, I used the following as supplements:
Concerning ethics and laws, the author’s practical suggestion is to follow your team guidance that should have a process to handle the legal issues, such as pirated software, porn, and illegal activity.
It seems that EC-Council prefers an answer that you follow the law even if you would be trapped in a law case. This seems to be against the author’s practical point of view if I don’t get it wrong.
After studying for 42 hours in 12 days (from 2018/09/14 to 2018/09/25), I cleared the ISC2 CISSP-ISSEP exam this afternoon and it’s really lucky for me, probably, to be the first exam taker who passed this exam in Taiwan.
The following is what I used to prepare for this exam:
Candidates have 4 hours to complete the 150-question exam; It takes me 3 hours to nail it, 2 hours for answering questions and 1 hour for review.
The risk management discipline is still evolving and it takes time to get yourself acquainted with the terminologies used in CRISC. There are even some conflicts or inconsistencies between risk management methodologies.
Just follow the official CRISC review manual and questions from ISACA. It would be the most efficient way to pass this exam.
I really love the exams from ISACA. They are management-centric, or more specifically, they are for CIOs, CISOs, or Information Security Managers. Exam candidates should have solid foundation about Governance, Strategic Management, Risk Management, and know some technical stuff at conceptual level.
Frankly, CISM is not so challenging for business people, while technical guys would have to spend some time in studying the business stuff. This exam is all about concepts and principles. Don’t just memorize without understanding how the business world works. Some questions are tricky and you have to distinguish the minute differences between the answer options.
Some final words:
Business always wins
Align with the organizational objectives and strategy
Don’t forget risks
Know the current situation before taking any actions