Table of Contents
1. Objective of C|EH Candidate Handbook 01
2. About EC-Council 02
3. What is the C|EH Credential? 03
4. C|EH Testimonials 04
5. Steps to Earn the ANSI accredited C|EH credential 06
6. To Attempt the C|EH Exam 07
7. Retakes & Extensions 12
8. EC-Council Special Accommodation Policy 13
9. EC-Council Exam Development & Exam Item Challenge 18
10. EC-Council Certification Exam Policy 22
11. C|EH Credential Renewal 26
12. EC-Council Continuing Education (ECE) Policy 27
13. C|EH Career Path 32
14. Code of Ethics 33
15. Ethics Violation 35
16. Appeal Process 37
17. Change in Certification Scope 42
18. Logo Guidelines 43
19. FAQ 48
Appendix A 50
Appendix B 55
Objective of C|EH Candidate Handbook
The C|EH Candidate Handbook outlines the following:
a. Impartiality and objectivity is maintained in all matters regarding
certification.
b. Fair and equitable treatment of all persons in certification process.
c. Provide directions for making decisions regarding granting,
maintaining, renewing, expanding and reducing EC-Council
certification/s
d. Understand boundaries/limitations and restrictions of certifications.
About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based
organization that certifies individuals in various e-business and information security skills. It is the
owner and creator of the world famous Certified Ethical Hacker (CEH), Computer Hacking Forensics
Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA), License Penetration Tester
(LPT) certification, and as well as many others certification schemes, that are offered in over 194
countries globally.
EC-Council mission is “to validate information security professionals who are equipped with the
necessary skills and knowledge required in a specialized information security domain that will
help them avert a cyber war, should the need ever arise”. EC-Council is committed to withhold
the highest level of impartiality and objectivity in its practices, decision making and authority in
all matters related to certification.
As of June 30, 2019, EC-Council has certified over 237580 security professionals. Individuals who
have achieved EC-Council certifications include those from some of the finest organizations
around the world such as the US Army, the FBI, Microsoft, IBM and the United Nations.
Many of these certifications are recognized worldwide and have received endorsements from
various government agencies including the US Federal Government via the Montgomery GI Bill,
National Security Agency (NSA) and the Committee on National Security Systems (CNSS). Moreover,
the United States Department of Defense has included the CEH program into its Directive 8570,
making it as one of the mandatory standards to be achieved by Computer Network Defenders
Service Providers (CND-SP).
EC-Council has also been featured in internationally acclaimed publications and media including
Fox Business News, CNN, The Herald Tribune, The Wall Street Journal, The Gazette and The Economic
Times as well as in online publications such as the ABC News, USA Today, The Christian Science
Monitor, Boston and Gulf News.
For more information about EC-Council | Certification,
please visit https://cert.eccouncil.org/
What is the C|EHcredential?
Ethical Hacking is often referred to as the process of penetrating one’s own computer/s or
computers to which one has official permission to do so as to determine if vulnerabilities exist and
to undertake preventive, corrective, and protective countermeasures before an actual compromise
to the system takes place.
A Certified Ethical Hacker is a skilled professional who understands and knows how to look for
weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a
malicious hacker but in a lawful and legitimate manner to assess the security posture of a target
system(s). The CEH credential certifies individuals in the specific network security discipline of
Ethical Hacking from a vendor-neutral perspective.
The purpose of the CEH credential is to:
a. Establish and govern minimum standards for credentialing professional information
security specialists in ethical hacking measures.
b. Inform the public that credentialed individuals meet or exceed the minimum standards
c. Reinforce ethical hacking as a unique and self- regulating profession.
EC-Council launched the Certified Ethical Hacking and Countermeasures certification, C|EH,
in 2003 and today CEH is the de facto leader in certifying information security professionals
globally.
“ To catch a hacker, you need to think as one”.
C|EH Testimonials
I have been able to move my company
into a higher state of security. I have been
able to do threat analysis on programs and find
flaws. I have increased the Intrusion Detection
system by tuning it and bringing more powerful
sensors into the network. I have been able to root
out several potential hackers before they could
launch an attack. I have increased my knowledge
100 fold as to the threats on the internet and
from people using the internet. I have taken my
company to a new level of virus and spy ware
detection and prevention. I have even been given
a nickname of “MR. SECU- RITY” by some due to
my Security Awareness.
- Joh n L. Sprawls, Jr. , CEH
With the CEH certification, I have given
my clients an assured sense of security,
increased their security awareness, and have
brought on technologies and techniques, which
brings them to a whole new level of security
consciousness .
My CEH certification is an incredible asset to my
Firm’s IT/InfoSec department, as I am an employee
of one of the worlds largest financial institutions.
- Ryan J. C oleman, CEH
When searching for security certifications
you can find some of them about the
orical knowledge. So, if you are searching for a
certification that demonstrates your skills and
experience about testing and hardening networks
and its devices, Ethcial Hacking techniques and
tools, CEH is a must, and, by far, the most rigorous
and recognized. Since I got the CEH certification,
our customers are more confident about the results
they got from our security testing job. In Perú, the
most critical Ethical Hacking requirements are
asking for CEH consultants to be the Team Leader
or Senior Consultant.
Company: OpenSec
- Walte r Cue stas, CEH
I would wholeheartedly recommend the
CEH as one of the security certifications
that a security specialist should add to their
portfolio as it emphasizes skills and tools not seen
in other certifications and courses. The certification
is also a must have for those who are looking to
enforce, audit or get a much better understanding
of security practices and vulnerabilities.
- Sean- Philip Oriyano, CEH
One of the best certifications I have
because it emphasizes hands-on skills as
opposed to certifications that are more theory
based. If you want a certification that is respected
by hackers and IT professionals as well, go for EC-
Council’s Certified Ethical Hacker Certification.
Employer’s know that people who have a
CEH certification have the successful security
background that is needed to be successful in the
workplace.
Company : Computer Science Corporation
- Jesse Varsalone, C|EH
Having the CEH certification has helped
open the door to a new level of opportunity
by increasing the confidence of my clients in my
expertise, opening their eyes to the real threat, and
by Pen- testing our own products for vulnerabilities
and provide a higher quality of service.
Company: Novell Canada
- Terr y P Cutle r, CEH
…..my EC-Council Certification has helped
me gain recognition with my employer as
being a valued consultant for network security.
Organization: Her Majesty’s Royal Navy, UK
- David John Mound, CEH
“ “
“
“
“
“
“
Due to CEH is a certification which covers plenty of domains within the ICT Security field, I have
enjoyed the preparation of my EC-Council CEH Certification a lot, as I have developed such solid skills
that now, when I think of designing ICT projects, especially concerning IP Networks and Operative Systems,
my approach of implementing ICT Security countermeasures and evaluation of risks and vulnerabilities
has truly become much more solid applying security knowledge and engineering best practices. The CEH
Certification is an incredible asset to my company which has now a better understanding on security issues,
especially concerning vulnerability analysis, penetration testing services and Security Analysis.
- Jose Manuel Marc os Muela, C|EH
Being a CEH has given my company a higher level of trust among our clients. It enforces our image
and confirms we’re one step ahead the average security consultant firm. This certification makes
everyone realize you know what your talking about, for it goes way beyond simple notion of terminology
to the real life experience of the know-how and hands-on the up to date set of skills a pen- tester needs
nowadays. An excellent choice. The exam really proves you know your thing.
Company: Black Cube Technologies
- Rilk e Petrosky Ulloa T. , CEH
I am a security-freak, Having a CEH certification has helped increase the level of confidence of my
clients in my expertise as an IT consultant. EC-Council certification has helped in providing an in
depth into the security vulnerabilities and how a hacker exploits them. I am planning to further my career in
security, thanks to EC-Council.
- Bolaji Afolabi, CEH
“
“
“
Steps to Earn the ANSI accredited
C|EH credential
Candidates will be granted the Certified Ethical Hacker credential by passing a proctored CEH
exam. The exam will be for 4 hours with 125 multiple choice questions.
The ANSI accredited CEH exam is available at VUE and EC-Council Test Centers. Please contact
https://eccouncil.zendesk.com/anonymous_requests/new to provide you with the locations of the
nearest test centers that proctor the ANSI accredited CEH exam.
You will be tested in the following and domains of ethical hacking:
Background
Analysis/Assessment
Security
Tools/Systems/Programs
Procedures/Methodology
Regulation/Policy
Ethics
Domains
If you are interested in knowing the objectives of the ANSI accredited CEH exam, or the minimum
competencies required to pass the ANSI accredited CEH exam, please refer to Appendix A: ANSI
accredited CEH Exam Blueprint.
Upon successfully passing the exam you will receive your digital ANSI accredited CEH certificate
within 7 working days.
The C|EH credential is valid for 3 year periods but can be renewed each period by successfully
earning EC-Council Continued Education (ECE) credits. Certified members will have to achieve
a total of 120 credits (per certification) within a period of three years. For more details about ECE
please refer to the next section.
All EC-Council-related correspondence will be sent to the email address provided during exam
registration. If your email address changes notify EC-Council by contacting us at
https://eccouncil.zendesk.com/anonymous_requests/new, failing which you will not be able to
receive critical updates from EC-Council.
TO ATTEMPT THE C|EH EXAM
In order to be eligible to attempt the CEH certification examination, you may:
A. Completed Official Training
Candidates who have completed the official CEH instructor-led training (ILT), online live training,
academic learning or has been certified in a previous version of the credential.
Prior to attempting the exam, you are required to AGREE to:
a. EC-Council Non-Disclosure Agreement terms
b. EC-Council Candidate Application Agreement terms
c. EC-Council Candidate Certification Agreement terms
You should NOT attempt the exam unless you have read, understood and accepted the terms and
conditions in full. BY ATTEMPTING THE EXAM, YOU SIGNIFY THE ACCEPTANCE OF THE ABOVE MENTIONED
AGREEMENTS available on Appendix B. In the event that you do not accept the terms of the agreements,
you are not authorized by EC-Council to attempt any of its certification exams.
B. Attempt Exam without Official Training
In order to be considered for the EC-Council certification exam without attending official training, you
must:
a. Have at least two years of work experience in the Information Security domain.
b. Remit a non-refundable eligibility application fee of USD 100.00
c. Submit a completed Exam Eligibility Form.
d. Submit a completed Exam Eligibility Application Form.
e. Purchase an official exam voucher DIRECTLY from EC-Council through
https://store.eccouncil.org/
You need to fill the complete eligibility form and email it to cehapp@eccouncil.org for approval and remit
USD100 eligibility fee through our website at https://store.eccouncil.org. Once approved, the applicant will
be send instructions on purchasing a voucher from EC-Council directly. EC-Council will then send the
candidate the eligibility code and the voucher code which candidate can use to register and schedule the
test.
Eligibility Process:
a. Applicant will need to go to https://cert.eccouncil.org/Exam-Eligibility-Form.html to fill in an online
request for the Eligibility Application Form.
b. Applicant will receive an electronic Exam Eligibility Application Form and the applicant will need to
complete the information required on the form.
c. Submit the completed Exam Eligibility Application form. The application is valid only for 90 days from
the date when application is submitted. Should we not received any update from the applicant post
90 days, the application will be automatically rejected. Applicant will need to submit a new application
form.
d. Waiting time for processing of Eligibility Application is approximately 5 working days after receiving the
verification from verifier. Should the applicant not hear from us after 5 working days, the applicant can
contact cehapp@eccouncil.org
e. EC-Council will contact applicant’s Boss/ Supervisor/ Department head, who have agreed to act as
applicant’s verifier in the application form, for authentication purposes.
For verification of educational background EC-Council requires a letter in written in either physical
or electronic format confirming the certification(s) earned by the candidate.
a. If application is approved, applicant will be required to purchase a voucher from EC-Council DIRECTLY.
EC-Council will then send the candidate the eligibility code and the voucher code which candidate
can use to register and schedule the test at VUE and EC-Council Test Centers. Please note that VUE
Registration will not entertain any requests without the eligibility code.
b. The approved application stands valid for 3 months from the date of approval, the candidate needs to
test within 1 year from date of voucher release.
c. An application extension request will require the approval of the Director of Certification.
d. If application is not approved, the application fee of USD 100 will not be refunded.
EC-Council Exam Eligibility Application Form v3.4
CEH (Certified Ethical Hacker)
CHFI (Computer Hacking Forensic Investigator)
CND (Certified Network Defender)
CTIA v1 (Certified Threat Intelligence Analyst v1)
CASE-JAVA v1 (Certified Application Security Engineer - Java v1)
CASE-.Net v1 (Certified Application Security Engineer - .Net v1)
EDRP v3 (EC-Council Disaster Recovery Professional v3)
ECSA v10 (EC-Council Certified Security Analyst v10)
Eligibility Requirements
Either one of the following criteria is required by EC-Council so that a determination can be made regarding a candidates eligibility.
a) A candidate have completed”Official” training through an EC-Council Authorized Training Center (ATC).
Accepted “Official” training solutions: Instructor-Led (ILT) or Academic Learning.
b) A Candidate may be granted permission to attempt the exam without “Official” training if:
1. The Candidate has and can prove two years of Information Security related experience.*
2. The candidate remits a non-refundable Eligibility Application Fee of $100 (USD).
3. The candidate submits a completed Exam Eligibility Application.
Application Submission Steps
Step 1: Complete the application form.
Step 2: Attach a copy of your resume, and a scanned copy of an identification document, such as Employee i-Card of
your current or previous employment, which does not carry any Personally Identifiable Information. EC-Council
strongly discourage you from submitting your passport, driver's license, government ID or any other identification
document that carries Personally Identifiable Information.
Step 3: Scan the documents and e-mail them to cehapp@eccouncil.org
Step 4: Remit $100 payment for Non-refundable Eligibility Application Fee
Step 5: A representative from EC-Council's Certification Department will contact your Boss / Supervisor / Department
head to verify the information submitted on your application.
Step 6: If your application is approved, you will be required to purchase the exam voucher directly from EC-Council. You
will then receive your exam eligibility code along with the exam voucher.
Confidentiality Of Information: We treat personal information securely and confidentially. EC-Council adheres to strict US privacy
laws and will not disclose the submitted information to any third party with the exception of your Boss / Supervisor / Department
head. (As stated above, verification is required.)
Disclaimer: EC-Council reserves the right to deny certification to any candidate who attempts to sit for this exam without qualifying
as per the mentioned eligibility criteria. Should the audit team discover that a certification was granted to a candidate who sat for
the exam and did not qualify as per the eligibility criteria, EC-Council also reserves the right to revoke the candidate's certification.
Retention Of Documentation: EC-Council will not retain any supporting documents related to the application beyond a period of 2
years from date of receipt.
Special Accommodation: Should you have a special accommodation request, you can write to us at
certmanager@eccouncil.org, for more information on our special accommodation policy please refer to
https://cert.eccouncil.org/special-accommodation-policy.html
EC-Council Exam Eligibility Application Form v3.4
First Name:
Proof of Identity:
Address:
City/State/Province:
Daytime phone number/Cellular/other:
e-mail:
(Please write
clearly)
Company Name:
Company URL: http://
Job Title / Position:
Number of Years with This Employer:
Number of Months of Security related work experience with this employer:
Type of security related work:
Experience qualifications certified by supervisor / agency representative
Supervisor Name & e-mail: Position:
Country: Zip/Postal Code:
Last Name:
Applicant Information
Experience Qualifications
Statement of Compliance
The objective of EC-Council’s certifications is to introduce, educate and demonstrate hacking techniques and tools for legal security
testing purposes only. Those who are certified by EC-Council any of our various “Hacking” disciplines, acknowledge that such
certification is a mark of distinction that must be both earned and respected.
In lieu of this, all certification candidates pledge to fully support the Code of Ethics. Certified professionals who deliberately or
intentionally violate any provision of the Code will be subject to action by a review panel, which can result in the revocation of the
certification.
To this end, you will not exploit the thus acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to
illegally compromise any computer system. Additionally you agree to indemnify EC-Council and its partners with respect to the use
or misuse of these tools, regardless of intent. You agree to comply with all applicable local, state, national and international laws and
regulations in this regard.
I certify that I meet the experience and training requirements to apply to become certified in EC-Council’s various “Hacking”
certification discipline’s. The information contained in this application is true and correct to the best of my knowledge. I understand
that if I engage in any inappropriate, unethical, or illegal behavior or activity, my certification status can be terminated immediately.
By submitting this form to EC-Council, you agree to indemnify and hold EC-Council, its corporate affiliates, and their respective
officers, directors and shareholders harmless from and against any and all liabilities arising from your submission of Personally
Identifiable Information (such as passport, government ID, social security number etc) to EC-Council. Should EC-Council receive any
Personally Identifiable Information attached to this application, this application will be rejected.
Agree
Signature: Date:
Disagree
If you submit electronically please don't forget to attach the requested documents. Also, by clicking agree and typing your name in
the signature slot, you agree to comply with the statement of compliance. If you choose to print and fax in your application, please
sign with your original signature to secure your compliance.
*Cumulative experience is acceptable. (Security Experience does not need to be in current job, or in one job.
**If self-employed, please submit letter from at least one client describing your IT Security contribution to their business.
Print Form
EC-Council Exam Eligibility Application Form v3.4
Retakes & Extensions
EC-Council Exam Retake Policy
If a candidate does not successfully pass an EC-Council exam, he/she can purchase ECC Exam center
voucher to retake the exam at a discounted price.
a. If a candidate is not able to pass the exam on the first attempt, no cooling or waiting period is
required to attempt the exam for the second time ( 1st retake).
b. If a candidate is not able to pass the second attempt (1st retake), a waiting period of 14 days is
required prior to attempting the exam for the third time (2nd retake).
c. If a candidate is not able to pass the third attempt (2nd retake), a waiting period of 14 days is required
prior to attempting the exam for the fourth time (3rd retake).
d. If a candidate is not able to pass the fourth attempt (3rd retake), a waiting period of 14 days is required
prior to attempting the exam for the fifth time (4thd retake).
e. A candidate is not allowed to take a given exam more than five times in a 12 month (1 year) period
and a waiting period of 12 months will be imposed before being allowed to attempt the exam for
the sixth time (5th retake).
f. Candidates who pass the exam are not allowed to attempt the same version of the exam for the
second time.
EC-Council strongly advises candidate who fail the exam for the third time (2nd retake) to attend official
hands-on training that covers the certification objectives.
EC-Council reserves the right to revoke the certification status of candidates who attempt the exam without
abiding to EC-Council retake policy as stated above.
Extension Policy
EC-Council exam vouchers are valid for a maximum period of one year from the date of purchase. A candidate
may opt to extend his/her EC-Council exam vouchers for an additional 3 months for $35 if the voucher is valid
(not used and not expired). Vouchers can only be extended once
Voucher Policy
Once purchased, EC-Council vouchers (new, retake, or extended) are non-refundable, non- transferable,
and non-exchangeable. EC-Council reserves the right to revoke the certification status of candidates who
attempt the exam without abiding to any of the above EC-Council voucher policies.
EC-Council Special Accommodation Policy
A candidate with disabilities is defined as a person who has a physical, sensory, physiological, cognitive
and/or developmental impairment that makes it difficult or impossible to attempt EC-Council certification
exams using the standard testing equipment or within the standard exam duration.
In line with EC-Council’s commitment to comply with the Americans with Disabilities Act (ADA, 1991),
EC-Council will accommodate reasonable requests by candidates with disabilities who would like to
attempt any EC-Council certification exams. Such requests will fairly equate disabled candidates with other
candidates and enable them to denote their skills and knowledge in EC-Council’s exams.
The special accommodation request is evaluated based on the candidate’s particular accommodation
request, nature of disability, and reasonableness of the request. The request form requires a legally approved
expert, practitioner, or professional in the fields of physical or mental healthcare to confirm the need for
special accommodation. The request form has 2 sections:
Section 1 should be filled and signed by the candidate, and Section 2 is to be filled and signed by a legally
approved professional, expert or practitioner to support the candidate’s special accommodation request. .
The information requested by EC-Council will be held in strict confidence and will not be released without
the candidate’s permission.
Candidates are required to submit their special accommodation requests to EC-Council at least 30 days
prior to registering for an exam. EC-Council will respond with its decision within 14 days and provide the
contact details of testing center/s that have the infrastructure to accommodate the candidate’s special
needs.
For any details or clarification, please email to certmanager@eccouncil.org
13CEH Candidate Handbook v4.0
EC-Council
Special Accommodation Request Form
Please submit the completed form to EC-Council as following:
E-mail Send the form to certmanager@eccouncil.org
Please attach the form as a scanned document that includes the certifying
authority’s signature.
Section 1: APPLICANT INFORMATION
Name :
Address (including city, state, and postal code) :
Phone Number:
Email Address:
Signature: Date:
EC-Council Voucher Number (
if available):
Please list all examinations and versions for which you are requesting accommodations:
EC-Council
Special Accommodation Request Form
Section 2: DOCUMENTATION OF ACCESSIBILITY NEEDS
I have known
in my capacity as a
I have read the accompanying description of potential accessibility barriers and understand the nature of
the examination(s) to be administered, and I certify that I have documentation on record supporting the
need for accommodation. I believe that this applicant should be provided the following accommodations
(identify relevant accommodations):
since
(Examination applicant name)
(Professional title)
(Date)
Accessible testing site (for example, ramp for wheelchairs)
Amanuensis (recorder of answers)
Extended exam time—one and one-half times the usual allotment
Extended exam time—twice the usual allotment
Extra time for breaks (specify frequency and duration): .............................................................................................
Reader (person to read the exam items aloud)
Separate testing room
Special chair (specify type): ...........................................................................................................................................................
Special input device, such as a trackball mouse (specify type): ..............................................................................
Special output device, such as a larger monitor (specify type): ..............................................................................
Written instruction of exam procedures
Other (please describe in the space below):
Professional’s Name:
Professional’s Title :
License Number
and Type (if applicable}:
Phone Number :
Email Address :
EC-Council
Special Accommodation Request Form
Justification for accommodation (include description of condition):
Contact information for professional certifying accommodation needs:
Signature: Date:
EC-Council
Special Accommodation Request Form
POTENTIAL ACCESSIBILITY BARRIERS
Standard format for EC-Council certification exams present the following potential
accessibility barriers.
Manual
Examinees must use a mouse to point-and-click, click-and-drag, navigate f rom one question
to the next by clicking, and perform tasks in a simulated or emulated software environment.
Exam question formats include multiple choice questions in which the candidate answers
by clicking on the selected response(s).
Optical
Reading text: Exam questions are written at a reading level appropriate to the content.
The electronic exams must be read on a 15-inch or larger monitor with at least 1024 × 768
resolution. The font can be as small as 9 pt. in graphics and 11 pt. in text. Graphics will be
displayed on the monitor (possibly in color).
Physical Stamina
Exams last for 4 hours (standard)
If you need more information in order to decide what accommodations are necessary, please contact the
EC-Council Certification Division at certmanager@eccouncil.org
ANSI ACCREDITED CEH EXAM DEVELOPMENT
& EXAM ITEM CHALLENGE
Exam development is a pivotal process that emphasizes on the technical, structural, semantic, and linguistic
quality of exam items. Exam quality checks are done by a team of independent experts and professionals to
ensure that the exam items are clear, error-free, unbiased and/or unambiguous.
Development Process
An invaluable input from industry experts was considered in the ANSI accredited CEH exam development,
especially on how the CEH qualifications and credentials are exercised worldwide. The CEH exam is meant
to meticulously and unsparingly transcend ordinary knowledge so as to reflectively gauge the necessary
knowledge and skill required by experts in the domain of ethical hacking.
Development phases
The CEH exam development process is comprised of 9 phases that cogently focus on optimizing the exam
to reflect qualities of relevance, validity and reliability.
Objective domain definition
Subject matter experts (SMEs) highlight the significant job functions of ethical hacking.
Job analysis
The job analysis identifies the tasks and knowledge important to the work performed by professionals in
the field of IT Security; and, creates test specifications that may be used to develop the ANSI accredited
CEH exam. The result of a job analysis is a certification exam blueprint.
The tasks and knowledge statements are transmuted into a survey that experts would use to rate,
measure, and assess the skills and knowledge required. These ratings are used to rank the statements
and determine the number of questions to stem from each exam statement.
Scheme Committee Approval
EC-Council Scheme Committee, a group of experts, inspects and validates the objective domain and
the approach used in the job analysis prior to the authoring or writing of the exams.
Exam writing
SMEs write the exam items to measure the objectives stated in the exam blueprint. The exact number
of exam items that they write is dependent on the feedback of the job analysis phase. The approved
items are those that are technically, grammatically, and semantically clear, unbiased, and relevant.
Standard setting
A panel of experts other than those who write the items will answer and rate all items to deduce a
minimum passing or cut score. Scores vary from one exam to another due to the score dependence on
the items pool difficulty.
Final Scheme Committee Approval
The EC-Council Scheme Committee give their final approval of the whole process prior to the beta
exam publication.
Beta exam
Once the Scheme Committee approves the scheme a beta exam is published. Candidates are to sit for
the beta exam under identical conditions to the real exam. The distribution of the beta exam scores
enables EC-Council to assess and calibrate the actual exam for better quality.
Final evaluation
The number and quality of items in the real live exam is determined by the scores and results of the
beta exam. The analysis of the beta exam includes difficulty of items, capability of distinguishing level
of candidates’ competencies, reliability, and feedback from participants. EC-Council works closely with
experts to continuously inspect the technical correctness of the questions and decide the pool of items
that will be utilized for the live exam.
Final Exam Launch
VUE and ECC operate and oversee the administration of EC-Council certification exams in their centers
around the world.
If the candidate believes that a specific part of the CEH exam is incorrect, he/she can challenge or request
evaluation of the part in question via the steps enumerated below. This should be done within three calendar
days of the exam day. Such a process is necessary to identify areas of weakness or flaws in the questions but
the exam itself cannot be re-scored. Nevertheless, all possible efforts are not spared to assure the candidate’s
satisfaction. The candidate’s feedback is paramount to EC-Council certification exams.
Steps for challenging exam items
1. Fill and sign EC-Council Exam Feedback Form as detailed as possible. The detailed and clear
description of the challenge will accelerate the review process. No candidate’s exam item challenge
of the exam’s items will be considered without completing the form.
2. The form should be submitted within 3 calendar days from exam date to
certmanager@eccouncil.org with the subject line typed “Exam Item Evaluation”. Only requests
received within 3 working days from taking the exams will be reviewed.
3. The candidate must fill a separate form for each exam item he/she is challenging.
4. EC-Council will acknowledge receipt of the request by email. This may include a conclusive result of
the evaluation, or an estimated time for the evaluation process to be completed and results to be
shared with the candidate.
EC-Council Exam Feedback Form
Use this form to describe in detail the specific reasons you are challenging an EC-Council Certification exam
item. Include your contact information, registration ID, the number and name of the exam, the date you
took the exam, and the location of the testing center. Please provide as much detail as possible about the
item to expedite review. Your challenge will not be accepted for evaluation unless this form is complete.
Within three calendar days of taking the exam, submit this form by e-mail to certmanager@eccouncil.org
with “Exam Item Evaluation” in the subject line. You must submit a separate form for each exam item you
are challenging.
Your submittal will be acknowledged by e-mail. At that time, you will receive either the result of the evaluation
or, if more time is needed for evaluation, an estimate of when you can expect a decision.
Full Name :
Email Address :
Phone Number :
Exam Portal :
Exam Voucher No :
Exam No & Name :
Exam Date :
Test Center Location :
Mailing Address: :
(including city, state,
and postal code)
VUE/ ECC Exam
Center)
(MM/DD/YYYY)
(When did you take
the exam?)
(Where did you take
the exam?)
Test Center Name
Street Address
City, State/Province
Zip/Postal Code
Country
EC-Council Exam Feedback Form
Item Description
(Describe the exam item in detail. Explain why you believe the item is not valid.)
Signature Date
EC-Council Certification Exam Policy
EC-Council has a number of exam policies to protect its certification program, including:
a. Non-Disclosure Agreement (NDA)
b. Candidate Application Agreement (CAA)
c. Candidate Certification Agreement (CCA)
d. Security and Integrity Policy
Non-Disclosure Agreement (NDA)
Prior to attempting an EC-Council exam, candidates are required to agree to EC-Council NDA terms.
Candidates should not attempt the exam unless they have read, understood and accepted the terms and
conditions in full. By attempting the exam, the candidates signify the acceptance of the NDA terms. In
the event that the candidate does not accept the terms of the agreement, he/she is not authorized by
EC-Council to attempt any of its certification exams.
The NDA mandates that candidates not to disclose exam content to any third party and do not use the
content for any purpose that will negatively undermine the integrity and security of the certificationexam.
All content and wording of the exam questions is copyrighted by EC-Council under the protection of
intellectual property laws.
Action will be taken against violators of their signed NDAs. EC-Council reserves the right to revoke the
candidate’s certification status, publish the infraction, and/or take the necessary legal action against the
candidate.
Please refer to Appendix B for EC-Council NDA.
Candidate Application Agreement (CAA)
Prior to attempting an EC-Council exam, candidates are required to agree to EC-Council CAA terms.
Candidates should not attempt the exam unless they have read, understood and accepted the terms and
conditions in full. By attempting the exam, the candidates signify the acceptance of the CAA terms. In
the event that the candidate does not accept the terms of the agreement, he/she is not authorized by
EC-Council to attempt any of its certification exams.
Action will be taken against violators of their signed CAAs. EC-Council reserves the right to ban candidates
from attempting EC-Council exams, revoke the candidate’s certification status, publish the infraction, and/or
take the necessary legal action against the candidate.
Please refer to Appendix B for EC-Council CAA.
Candidate Certification Agreement (CCA)
Prior to attempting an EC-Council exam, candidates are required to agree to EC-Council CCA terms.
Candidates should not attempt the exam unless they have read, understood and accepted the terms and
conditions in full. By attempting the exam, the candidates signify the acceptance of the CCA terms. In
the event that the candidate does not accept the terms of the agreement, he/she is not authorized by
EC-Council to attempt any of its certification exams.
Through passing the certification exam, successful candidates are governed through
EC-Council CCA. They are authorized to provide corresponding services and to use EC-Council marks, titles
and benefits pertaining to the certification program(s) that the candidate has completed.
Action will be taken against violators of their signed CCAs. EC-Council reserves the right to revoke the
candidate’s certification status, publish the infraction, and/or take the necessary legal action against the
candidate.
Please refer to Appendix B for EC-Council CCA.
Security and Integrity
EC-Council is committed to communicating clearly what may or may not represent unethical, fraudulent, or
cheating practices. We exert every effort to raise the necessary awareness among our candidates about this.
Security Policies
The policies developed and maintained by EC-Council are meant to guard the integrity, confidentiality, and
value of EC-Council exams and intellectual property.
a. Candidate bans
In the case of any infringement to any rules or policies in the NDA or any misdemeanor or misuse that
harms certification program in whatever way, EC-Council reserves the right to bar the candidate from
any future EC-Council certification exams by EC-Council. This may also be accompanied by EC-Council
decertification. Below are some examples:
• The transference, distribution, creation, trading, or selling of any derived content of the exam
through means like but not limited to copying, reverse-engineering, downloading or uploading,
or any other form of distribution whether electronically, verbally, or via any other conventional or
unconventional means for any purpose.
• Infringing EC-Council intellectual property.
• Utilizing the exam or any of its content in any way that may be break the law.
• Not adhering to the exam retake policy
• Forgery of exam scores report or any manipulation with its content.
• Any sort of cheating during the exam including communicating with or peeking on other
candidate’s answers.
• The sending or receiving of any information that can be a source of any assistance not in
accordance with accepted rules or standards, especially of morality or honesty.
• The use of disallowed or unauthorized materials such as cheat sheets, notes, books, or electronic
devices such as tablets or mobile phones.
• The use of certain materials that have been memorized re-created to provide an almost or close
exact replica of the exam, widely know as “brain dump”.
• Identity impersonation when sitting for the exam.
• Not adhering to EC-Council NDA.
• Not adhering to EC-Council CPA.
• Not adhering to EC-Council exam guidelines.
b. Candidate Appeal Process
1. Banned candidates have a right to appeal to EC-Council. The candidate should fill the EC-Council
Appeal form in full, attach his/her exam transcript and submit it to certmanager@eccouncil.org
within 90 days from the EC-Council ban date.
2. EC-Council will complete its thorough investigation in a maximum 15 working days and will contact
the candidate with the final decision.
3. If the candidate is not satisfied by EC-Council’s decision, he/she has the right to refer his/her case to
the Scheme Committee. The Scheme Committee decision is final. Please refer to the Appeal Process
section for more details.
c. Exam Retake Policy
a. If a candidate is not able to pass the exam on the first attempt, no cooling or waiting period is
required to attempt the exam for the second time ( 1st retake).
b. If a candidate is not able to pass the second attempt (1st retake), a waiting period of 14 days is
required prior to attempting the exam for the third time (2nd retake).
c. If a candidate is not able to pass the third attempt (2nd retake), a waiting period of 14 days is required
prior to attempting the exam for the fourth time (3rd retake).
d. If a candidate is not able to pass the fourth attempt (3rd retake), a waiting period of 14 days is required
prior to attempting the exam for the fifth time (4thd retake).
e. A candidate is not allowed to take a given exam more than five times in a 12 months (1 year) period
and a waiting period of 12 month will be imposed before being allowed to attempt the exam for the
sixth time (5th retake).
f. Candidates who pass the exam are not allowed to attempt the same version of the exam for the
second time
EC-Council strongly advises candidate who fail the exam for the third time (2nd retake) to attend official
hands-on training that covers the certification objectives.
EC-Council reserves the right to revoke the certification status of candidates who attempt the exam without
abiding to EC-Council retake policy as stated above.
d. EC-Council Test Center (ETC) Closures Due To Security Or Integrity Reasons
If there is a security or integrity issue with a certain testing center EC-Council may decide to suspend
testing there until an investigation is complete or terminate the ETC status. EC-Council will provide
affected candidates with a list of alternative test centers where they may attempt the EC-Council
certification exam.
e. Candidate Retesting at Request of EC-Council
• In the case of any suspicious patterns or trends on either the side of the candidate or the testing center
EC-Council reserves the right to demand the candidate(s) to re-sit for the exam and/or assessment
test. Candidate is to agree to the retest, failing which EC-Council will not award the certification to
the candidate. Candidate will be given one chance to take the Candidate Retesting Audit (CRA)
exam. Should candidate fails to pass the CRA exam, candidate will be given one chance to take the
full exam again. Should candidate fails to pass the full exam, candidate will be temporarily barred
from taking the exam.
• The new retest exam location will be decided by EC-Council and at a time that is collectively
convenient to the candidate and EC-Council.
• EC-Council has the right to ask for additional information pertaining to the experience and education
background of the candidate on the grounds of verification.
f. Revoking Certifications
The infringement of any exam policies, rules, NDA, certification agreement or the involvement in
misdemeanor that may harm the integrity and image of EC-Council certification program, may result
in the candidate’s temporary or permanent ban, at EC-Council’s discretion, from taking any future
EC-Council certification exams, revocation or decertification of current certifications. Such infringements
include but are not limited to:
• The publication of any exam contents or parts with any person without a prior written approval from
EC-Council.
• The recreation, imitation, or replication of any exam content through any means including memory
recalling whether free or paid through any media including Web forums, instant messaging, study
guides, etc.,
• Harnessing any materials or devices not explicitly authorized by EC-Council during the exam.
• Taking out any materials that hold any exam contents outside the exam room, using for example,
scratch paper, notebooks, etc.
• The impersonation of a candidate.
• Meddling with the exam equipment in an unauthorized way.
• Giving or being receptive of any assistance unauthorized by EC-Council.
• Acting in an uncivil, disturbing, mobbish, or unprofessional manner that may disregard or disrespect
other candidates or exam officials during the exam.
• Communicating by whatever verbal or non-verbal means with other candidates in the exam room.
• Not adhering to EC-Council Exam Retake Policy and other candidate agreements.
• Not adhering to EC-Council Code of Ethics.
• Felony conviction in the court of law.
g. Beta Exam
• Sitting for a beta exam is only by invitation.
• Beta tests are focused on collecting data on the exam itself and are not focused on certifying you.
h. Right of Exclusion
EC-Council reserves the right of exclusion of any test centers, countries, or regions from EC-Council
administering EC-Council certification exam/s.
C|EH Credential Renewal
Your CEH credential is valid for 3 years.
To renew your credential for another 3-year period you need to update your EC-Council Continuing
Education (ECE) credit account in the EC-Council Aspen portal and submit proof of your earned
credits. To maintain your certification you must earn a total of 120 credits within 3 years of ECE
cycle period
The credits can be earned in many ways including attending conferences, writing research papers,
preparing for training classes in a related domain (for instructors), reading materials on related
subject matters, taking an exam of a newer version of the certification, attending webinars, and
many others.
If you fail to meet the certification maintenance requirements within the 3-year time frame
EC-Council will suspend your certification. Your certification will be suspended for a period of 1 year
unless you earn the required 120 ECE credits to maintain/renew your certification.
If you fail to meet certification maintenance requirements during the suspension period your
certification will be revoked. You will need to take and pass the certification exam again to earn
the certification.
If you hold multiple EC-Council certifications, credits earned will be applied to all active certifications.
For full details regarding the ECE Policy please refer to the next section.
26CEH Candidate Handbook v4.0
EC-Council Continuing Education (ECE) Policy
1. REASONS FOR INTRODUCTION OF ECE SCHEME
All legitimate and credible certifications have a re-certification program. In fact, ANSI/ISO/IEC 17024, a quality
accreditation body requires credible certification providers to have their own re-certification program.
Requirement 6.5.1 states, “The certification body shall define recertification requirements according to the
competence standard and other relevant documents, to ensure that the certified person continues to
comply with the current certification requirements.”
Continued competency can be demonstrated though many methodologies such as continuing professional
education, examination (often not re-taking the original exam but an exam that would be at a higher level),
or portfolios (when there is a product involved). The fact is there needs to be a time limit for the certification
to ensure the consumers that the person has up-to-date knowledge.
This is why several governmental agencies are mandating accreditation of certifications in fields such as IT,
Crane Operators, and Selling of Securities to the elderly.
Certification’s main purpose is to “protect the public/consumers” NOT to protect the profession. When health,
safety and security are at risk, certification is needed and it cannot be given for a “life- time”. It is generally
noted that, if professionals are not required to maintain their knowledge and skills in their profession, they
won’t. Today, credible organizations within professional domains require their members to provide evidence
of a continuous learning as a basis for maintaining their license.
Differentiation
The ECE will brand, differentiate and distinguish a certified member as dedicated IT Security professional
if he/she is willing to continuously learn and share knowledge to keep abreast of the latest changes in
technology that affects the way security is viewed, deployed and managed. This is a key requirement of
employers internationally and EC-Council being a major certification organization supports it.
27CEH Candidate Handbook v4.0
How does it work?
Once a candidate becomes certified by EC-Council, the relationship between EC-Council and
candidate will always be governed by the EC-Council Candidate Certification Agreement which
candidate must agree to prior from receiving your certification. This agreement is also provided at
https://cert.eccouncil.org/images/doc/EC-Council-Certification-Agreement-4.0.pdf
If a certified member earned certification/s that are included under the ECE scheme, he/she will have to
achieve a total of 120 credits (per certification) within a period of three years. If a member holds multiple
certifications, credits earned will be applied across all the certifications. However, effective January 1st 2013,
each certification will have its own ECE recertification requirements within its respective 3-year ECE window.
The credits can be earned in many ways including attending conferences, writing research papers, preparing
for training classes in a related domain (for instructors), reading materials on related subject matters, taking
an exam of a newer version of the certification, attending webinars, and many others. Qualified ECE activities
must have been completed within ECE program’s 3-year window and must be submitted in only one ECE
3-year window.
ECE credits are earned on a per annum basis, between January 1 – December 31 of each calendar year.
Certified members must register their ECE credits earned by 1 February of the following year to maintain
their certification status.
2. RECERTIFICATION
Effective January 1st 2009, all EC-Council certifications will be valid for three years from the date of certification.
During the three year period, the certification must be renewed by participating in EC-Council Continuing
Education (ECE) Program.
For members who were certified prior to 2009, their ECE period will be from January 1st 2009 until December
31st 2011. For their first ECE Scheme Period (2009-2011), they are only required to meet a total of 120 ECE
credits By March 31st 2012.
Upon completion of the 3 year ECE program and meeting the requirements, the member’s certification
validity will be extended for another three years from the month of expiry.
EC-Council has introduced in 2012 its new American National Standards Institute (ANSI) accredited version
of its CEH certification program.
3. SUSPENSION, REVOCATION & APPEAL
SUSPENSION
If the certified member fails to meet certification requirements within the 3 year time frame, EC-Council will
suspend his/her certification.
Suspended members will not be allowed to use the certification logos and related EC-Council membership
benefits.
Suspended members must remediate their suspension within a maximum period of 12 months from the
date of the expiry of the 3 year time frame. Failing which, the member’s certification and status will be revoked
and the member will need to challenge and pass the certification exam again to achieve certification.
For members who were certified prior to 2009, they will be given an extended suspension deadline of March
31st, 2013.
Suspended members that subsequently meet the 120 ECE credit requirements within the specified 12
months deadline from the date of the expiry of the 3 year time frame will be reinstated as a member in
good standing and can enjoy the use of their certification logo and related EC-Council benefits. However,
the reinstated member will have only a reduced period to achieve another 120 ECE credits for their next
recertification window. “Reduced period” refers to a time frame of 3 years less the suspension period.
REVOCATIONS
If member fails to meet certification requirements during the suspension period, he/she will have the
certification revoked and will no longer be allowed to continue usage of the certification logo and related
benefits. Members whose certification is revoked will be required to retake and pass the respective new
exam to regain their certification.
APPEALS
Members whose certification has been suspended or revoked due to non-compliance of certification
requirements may send in an appeal in writing to EC-Council. This appeal letter must be received by EC-
Council within ninety (90) days of the suspension/ revocation notice, providing details of the appeal and
reason(s) for non-compliance.
4. Audit Requirements
Certified members are required to maintain sufficient evidence to show your involvement in activities that
earns you ECE credits. There is no requirement to submit evidence until it is requested for specifically by
EC-Council.
5. Important Notice
Please note that the above is subject to change from time to time without prior notice. EC-Council reserves
the right to make changes as required in order to maintain the reputation and recognition of its certifications
and credentials. However, best effort will be used in informing members of changes via the website.
Below is a list of FAQs :
Are there any annual fees payable?
Effective January 1st 2016. Any member certified or recertified requires to pay an annual membership
of USD80 if he/she holds a minimum of one certificate under the ECE policy and USD20 if he/she
holds certificates that are not under the ECE policy.
More details about the membership fee, cycle and due date can be found at
https://cert.eccouncil.org/membership.html
How do I register my ECE credit?
Please log on to the Aspen Portal (https://aspen.eccouncil.org) to register your ECE credits.
ECE Qualifying Activities
Only IT security related events are qualified for ECE scheme such as IT seminars, reading IT security
books, publishing a paper on IT Security related topics and anything that updates your knowledge
on IT Security not only from EC-Council.
ECE Qualifying Events
• Volunteering in public sector - 1 credit per hour
• Association/Organization Chapter Meeting (per Meeting) - 1 credit per hour
• Author Article/Book Chapter/White Paper - 20 credits
• Author Tool - 40 credits
• Authoring Book - 100 credits
• Contribution to the exam development 40 credits - 100 credits
• Certification/ Examination - 40 credits
• EC-Council Examination (ECE) - 120 credits
• EC-Council Survey 20 credits
• Education Course - 1 credit per hour
• Education Seminar/Conference/Event - 1 credit per hour
• Higher Education - 15 credits per semester hour
• Identify New Vulnerability - 10 credits
• Presentation - 3 credits per hour
• Reading an Information Security Book/Article Review/Book Review/Case Study - 5 credits
• Teach New - 21 credits per day
• Teach Upgrade - 11 credits per day
• Review Board - 80 credits
What certifications from EC-Council are included in the ECE system?
EC-Council Examinations (CEH, CEH (Practical), ECSA, ECSA (Practical), LPT, LPT (Master),
CHFI, CCISO, CND, ECIH, EDRP, CASE, CSA, CBP, CTIA, ECES, ECSS, CEI, CAST, CIMP and
CDM) : 120 credits.
Can a member holding any of the abovementioned certification be
exempted from the ECE scheme?
No.
Who can I speak to if I need more help?
If the particular event or activity is not listed on the Aspen portal, you can contact the
Administrator at delta@eccouncil.org for assistance.
Can I use the certification name and logo after I pass my exams?
Yes, you can use the respective logos and labels of the certifications that you hold.
Where do I go to download the logos and guidelines?
You can download logos and usage guidelines from
https://cert.eccouncil.org/images/doc/ec-council-logo-usage-v3.0.pdf
C|EH CAREER PATH
If you would like to pursue your career beyond CEH, you have many paths you can choose from:
a. If you would like to be a licensed security consultant, apply to become a Licensed Penetration
Tester (LPT)
b. If you would like to become a trainer, apply to become a Certified EC-Council Instructor (CEI).
(Terms & conditions apply)
c. If you would like to be a multi-domain expert, earn the Computer Hacking Forensics Investigator
(CHFI), Certified Application Security Engineer (CASE) or choose from many other specialized
certifications.
d. If you would like to earn a master’s degree in IT Security, consider applying for the EC-Council
University (ECU) Master of Security Sciences (MSS). By earning the CEH credential you have
automatically earned 3 credits towards the degree.
For more details regarding the above certifications, please visit https://cert.eccouncil.org/
Code of Ethics
1. Keep private and confidential information gained in your professional work, (in particular as it pertains
to client lists and client personal information). Not collect, give, sell, or transfer any personal information
(such as name, e-mail address, Social Security number, or other unique identifier) to a third party without
client prior consent.
2. Protect the intellectual property of others by relying on your own innovation and efforts, thus ensuring
that all benefits vest with its originator.
3. Disclose to appropriate persons or authorities potential dangers to any e-commerce clients, the Internet
community, or the public, that you reasonably believe to be associated with a particular set or type of
electronic transactions or related software or hardware.
4. Provide service in your areas of competence, being honest and forthright about any limitations of your
experience and education. Ensure that you are qualified for any project on which you work or propose to
work by an appropriate combination of education, training, and experience.
5. Never knowingly use software or process that is obtained or retained either illegally or unethically.
6. Not to engage in deceptive financial practices such as bribery, double billing, or other improper financial
practices.
7. Use the property of a client or employer only in ways properly authorized, and with the owner’s knowledge
and consent.
8. Disclose to all concerned parties those conflicts of interest that cannot reasonably be avoided or escaped.
9. Ensure good management for any project you lead, including effective procedures for promotion of
quality and full disclosure of risk.
10. Add to the knowledge of the e-commerce profession by constant study, share the lessons of your
experience with fellow EC-Council members, and promote public awareness of benefits of electronic
commerce.
11. Conduct oneself in the most ethical and competent manner when soliciting professional service or
seeking employment, thus meriting confidence in your knowledge and integrity.
12. Ensure ethical conduct and professional care at all times on all professional assignments without
prejudice.
13. Not to associate with malicious hackers nor engage in any malicious activities.
14. Not to purposefully compromise or allow the client organization’s systems to be compromised in the
course of your professional dealings.
15. Ensure all penetration testing activities are authorized and within legal limits.
16. Not to take part in any black hat activity or be associated with any black hat community that serves to
endanger networks.
17. Not to be part of any underground hacking community for purposes of preaching and expanding black
hat activities.
18. Not to make inappropriate reference to the certification or misleading use of certificates, marks or logos
in publications, catalogues, documents or speeches.
19. Not to be in violation of any law of the land or have any previous conviction.
ETHICS VIOLATIONS
EC-Council commitment towards ethics is the mainspring that holds all of its programs, services, people
and operations together. EC-Council regards ethics in earnest and from stem to stern. Corollary, EC-Council
mandates and stipulates all of its certified professionals, candidates, and prospective candidates to conduct
themselves with the law, spirit of the law, and ethical practices that would reflect positively on clients,
corporates, industries, and the society at large. The EC-Council Code of Ethics tops EC-Council mandatory
standards and is a requisite and indeed a pillar of its strength.
EC-Council has an objective and fair process of evaluating cases of ethics violation. Any person/s may report
an EC-Council certified professional by filling EC-Council Violation of Ethics Report form, describing clearly
the facts and circumstance of the violation, and obtaining the confirmation of two verifiers who confirm
that the report is true and correct. The Director of Certification has the authority to temporarily suspend a
member that is suspected of violating EC-Council’s Code of Ethics while the case is being brought before
the EC-Council Scheme Committee.
The form will be submitted to EC-Council Scheme Committee for their review and resolution. The Committee
will rule in light of substantial and sufficient evidence of ethics violation. Possible resolutions or penalties
may include decertification, reprimand, warning, suspension of certification, publication of infraction and/or
penalty, and lastly any possible litigation.
EC-Council will be formally notified of the Scheme Committee resolution in writing and with full details. EC-
Council will notify the member/s, persons or parties concerned by email or registered mail of the Scheme
Committee resolution. The Committee resolution is considered as final.
EC-Council Ethics Violation Report Form
Complaint lodged by:
Name :
Email :
Title/Company :
Country :
Phone :
EC-Council Cert ID :
(if applicable)
Verified by
Contact 1
Name :
Email :
Title/Company :
Country :
Phone :
Contact 2
Name :
Email :
Title/Company :
Country :
Phone :
Complaint lodged against:
Name :
EC-Council Cert ID :
(if applicable)
Section of EC-Council Code of Ethics Violated:
A detailed description of the facts known and circumstances relevant to the complaint:
The information contained in this form is true
and correct to the best of my knowledge.
The information contained in this form is true
and correct to the best of my knowledge.
Signature/Date Signature/Date
Appeal Form v2
EC-Council
EC-Council adapts the term appeal as a reference to the mechanism by which a candidate/ member can
request the reconsideration of an EC-Council decision or exam. The appeal applicants should fill EC-Council
Appeal Form and attach all supporting evidence. For instance, if the applicant is seeking EC-Council’s decision
in relation to the exam, for example its equipment, materials, content, scheduling, registration, or proctoring,
he/should submit EC-Council Appeal Form, EC-Council Exam Feedback form and exam transcript.
If the appeal is related to an EC-Council exam, the appeal request must be submitted to
certmanager@eccouncil.org seven (7) calendar days from exam date. All other appeals must be submitted
to certmanager@eccouncil.org within sixty (60) calendar days from EC-Council’s written decision. Appeals
received beyond the above-mentioned timeframe would not be reviewed.
The appeal process is comprised of three primary stages:
Stage 1: EC-Council
EC-Council will inspect and scrutinize closely and thoroughly the candidate’s appeal before providing a
final decision. Technical issues like power outages, system crash, exam items will be forwarded to the testing
companies (VUE or ECC) to advise whether there is valid grounds for appeal. EC-Council will provide the
candidate with the appeal results within 30 days from receipt of candidate’s appeal request.
Stage 2: Scheme Committee
While EC-Council would exert every effort to resolve all matters in a fair and objective manner, EC-Council
gives the applicant the right to appeal to EC-Council Scheme Committee Board if he/she is not satisfied
with EC-Council’s decision. The Scheme Committee will verify the intactness of all events and processes
and provide EC-Council with its final decision, and EC-Council would communicate the decision to the
candidate.
The Scheme Committee meets once every quarter. Only appeal requests received at least 30 days before
the meeting will be reviews at that session. Appeals received less than 30 days from the Scheme Committee
meeting will be reviewed in the subsequent meeting.
Stage 3: Honorary Council
The appeal will only be put forward to the adjudication of a subcommittee of the EC-Council
Honorary Council, which will comprise of no less than 3 members; if the applicant is not
satisfied with the Scheme Committee final decision. The request should be submitted to
https://eccouncil.zendesk.com/anonymous_requests/new within thirty days from the date of the Scheme
Committee written decision. Appeals received beyond the 30-days timeframe would not be reviewed.
The Honorary Council meets once every year. Only requests received at least 30 days prior to the Honorary
Council meeting will be review at that session. Appeals received less than 30 days from the Honorary Council
meeting will be reviewed in the subsequent meeting. The decision concluded by the Honorary Council is
irrefutable and is obligatory to all parties involved in the appeal.
EC-Council Appeal Form
If the appeal is related to an EC-Council exam, the appeal request must be submitted within three (3)
calendar days from exam date. All other appeals must be submitted within sixty (60) calendar days from
EC-Council’s written decision.
Kindly submit your appeal form to certmanager@eccouncil.org
SECTION A
Name Details :
(Name given when
enrolled)
Address :
(including
city, state, and postal
code)
Phone Number :
Email Address :
Membership Cert ID :
Test Centre Name :
Title of Certification :
Test Centre Location :
EC-Council Proctor :
Name (if known)
Exam Voucher No. :
Cert Award Date :
Exam Title :
Cert Expiry Date :
Exam Version :
Date Tested :
Are you a certified EC-Council member? If yes, please complete section B
with one of your certification details.
SECTION B
SECTION C
Are you appealing against an EC-Council Exam? If yes, please complete Section C.
If no, kindly proceed to Section D.
SECTION D
EC-Council Appeal Form
Details of your appeal
Candidate’s Signature
*Please attach a copy of score transcript/certificate, exam item or any other
documents that may support your appeal.
Change in Certification Scope
EC-Council shall, where applicable, give due notice to interested parties and certified members on changes
in scope of certifications, rationale behind change, and effective dates of change. Such changes will be
published on the EC-Council Certification website (https://cert.eccouncil.org).
EC-Council shall verify that each certified member complies with the changed requirements within such
a period of time as is seen as reasonable for EC-Council. For instance, old versions of certification exams are
retired six months from the date of official announcement of the launch of the new version of the exam.
These changes will only be done after taking into consideration EC-Council Scheme Committee views.
EC-Council’s Scheme Committee is a member based network of volunteers that are recognized by
EC-Council as experts in the field of information security. They are carefully selected from the industry and
are committed to the information security community. More importantly, they remain an independent
voice for the industry and are responsible to advise EC-Council in the development and the maintenance of
key certification-related matters.
Changes may be suggested by any stakeholder of EC-Council, but changes will be verified with documented
psychometric analysis conducted by experts. Psychometric analysis would be conducted to determine the
certification scope every three years or sooner; whereas evaluation would be conducted every year to ensure
if amendment in scope of certification is required.
EC-Council Logo Usage Guidelines
To use any of EC-Council’s logos, candidate must be an EC-Council Certified Professional, EC-Council Test
Center, EC-Council Accredited Training Center, or a Licensed Penetration Tester. A list of certifications can
be found at https://cert.eccouncil.org/certifications.html
In this context, logo shall mean and include all logos provided by EC-Council. The logo is a trademark of EC-
Council.
1. GENERAL
a. Certified Member can only to use the logo in its original form as provided by EC-Council.
b. Certified Member must state the certification version number next to the logo such as v4, v6, v7.
Certified Member may not alter, change or remove elements of the logo in any other way.
c. “Only ANSI accredited certifications carry the ANSI logo”, the Certified Ethical Hacker – ANSI accredited
version does not carry a version number.
d. Certified Member may not alter, change or remove elements of the logo in any other way.
e. Certified Member may not translate any part of the logo.
f. Certified Member may not use elements of the logo to be part of the design of other materials or
incorporate other designs into the logo.
g. Certified Member may not incorporate the logo or parts of the logo into Certified Member company
name, company logo, website domain, trademark, product name and design, or slogan.
h. Certified Member may not use the logo to show any form of endorsement by EC-Council.
2. INDIVIDUALS
a. Certified Member may use the logo on his/her business cards, business letters, resume, Websites,
emails, and marketing materials for individual service.
b. Certified Member may only use the logo of the credential he/she is awarded.
c. Certified Member may not use the logo if certification has been revoked or suspended
d. Certified Member may not use the logo if certification term has expired/lapsed and not renewed.
e. Certified Member may not display the logo to be larger or more prominent than candidate’s name
or company name and logo.
f. Candidates who hold EC-Council ‘Retired Status’ may not use the logo unless the logo is used with
the word ‘retired’
g. Candidate may not use the logo if he/she is not certified.
h. Candidate may not use the logo if he/she is still in the midst of a program and have not passed the
certification exam.
i. Candidate may not use the logo to show affiliation with EC-Council in any way.
3. EC-Council Test Centers (ETCs) and EC-Council Accredited Training Partners (ATPs)
a. ETCs and ATP’s may use the logo on their marketing materials related to EC-Council programs
and certifications. ETCs and ATP’s may not use the logo on any material not related to EC-Council
certifications or programs.
b. ETCs may not use the logo to signify any relationship or affiliation with EC-Council other than as an
ETC
c. ATPs may not use the logo to signify any relationship or affiliation with EC-Council other than as an
ATP.
a) Color
Full Color
The colors used for the logos are red, yellow, black and white. The color codes are:
Color- Red
RGB R: 255, G: 0, B: 0
Color- Yellow
RGB R: 255, G: 255, B: 0
Black and White
The logo can also be printed in black and white due to budget restrictions. For this, the color
for the wordings and background of the logo must always be reversed. That is,
the wordings are in black and the background is white or the wordings are in white and the
background is black.
b) Size
The logo can be of any size but it must maintain all the elements of the logo without any distortions.
All elements of the logo must remain legible.
4. COMPLIANCE
a. EC-Council may occasionally conduct surveillance audits for materials bearing the logos. Candidates
are to abide by the guidelines stated above. Certified Member may be subject to sanction if he/she
does not adhere to these guidelines and may have his/her certification credential suspended or
revoked.
b. Certified Member must immediately cease to display, advertise or use the logo upon the suspension
or revocation of certification credential.
5. LOGO DETAILS
EC-Council Logo Usage Guidelines
C E
H
TM
Certified Ethical Hacker
C E H
TM
Certified Ethical Hacker
C E
H
TM
Certified Ethical Hacker
C E
H
TM
Certified Ethical Hacker
c) Spacing
The logo must not be overlapped and be fully prominent. There must be sufficient space between
the logo and any other text or object. We recommend a minimum spacing of 0.3 centimeters.
d) Elements
All elements must remain in its original form. All elements of the logo must not be distorted or
altered. Certified Member must ensure that the aspect ratio is maintained at all times.
e) Orientation
The logo must be presented in its upright form and not be displayed at other angles other than its
horizontal layout.
f) Multiple Credentials
Individuals who attain multiple EC-Council certification credentials may display any of the logos
for which certification has been achieved. Certified Member may not however, create a logo which
displays a combination of all the credentials achieved. All logos must stand alone in its own right.
C CISO
TM
Certified
Chief Information Security Of ficer
Certified
H
Ethical
Hacker
TM
C E
Certified
H
Ethical
Hacker
TM
C E
Certified
H
Ethical
Hacker
TM
C E
Certified
H
Ethical
Hacker
TM
C E
Certified
H
Ethical
Hacker
TM
C E
0.3 CM
C CISO
TM
Certified
Chief Information
Security Of ficer
EC-Council Logo Usage Guidelines
C E
H
TM
Certified
Ethical
Hacker
6. USAGE EXAMPLES
These are examples on the usage of the logo. The usage guidelines must be strictly adhered to
A. Business Cards:
We recommend displaying the logo on the lower left or lower right hand side of Certified
Member business card.
B. Business Letters:
We recommend displaying the logo on the lower left or lower right hand side of the
letterhead page of Certified Member business letter.
C. Resume:
We recommend displaying the logo on the lower left or lower right hand side of Certified
Member resume.
D. Website:
We recommend displaying the logo at an appropriate location on Certified Member website.
E. Email:
We recommend displaying the logo at the bottom of Certified Member email signature.
F. Marketing Materials:
We recommend displaying the logo at an appropriate but prominent place in Certified
Member market- ing materials.
EC-Council Logo Usage Guidelines
FREQUENTLY ASKED QUESTIONS
Should I attend training to attempt the CEH exam?
EC-Council recommends, but not mandatory, that CEH aspirants attend formal classroom training to reap
maximum benefit of the course and have a greater chance at clearing the examinations.
What are the pre-requisites for taking a CEH exam?
If you have completed CEH training (online, instructor-led, or academia learning), you are eligible to attempt
the CEH examination. If you opt for self study, you must have minimum two years of work experience in the
Information Security domain, submit a complete eligibility form and email it to cehapp@eccouncil.org for
approval and remit USD100 eligibility fee through our website at https://store.eccouncil.org. Once approved,
the applicant will be send instructions on purchasing a voucher from EC-Council directly. EC-Council will
then send the candidate the eligibility code and the voucher code which candidate can use to register and
schedule the test.
What are the eligibility criteria for self-study students?
It is mandatory for you to record two years of information security related work experience and get the same
endorsed by your employer.
Where do I purchase the prepaid examination vouchers?
You can purchase the vouchers directly from EC-Council through its website at https://store.eccouncil.org
I have just completed the training. Can I defer taking a test to a later date?
Yes, you can - subject to the expiry date of your exam voucher. Ensure that you obtain a certificate of
attendance upon completion of the training. You may contact your testing center at a later date and
schedule the exam.
Do I have to recertify?
You will need to earn EC-Council Continuing Education Credits (ECE) to maintain the certification. Go to
https://cert.eccouncil.org/ece-policy.html for more information. If you require any assistance on this, please
contact https://eccouncil.zendesk.com/anonymous_requests/new
Why are there different versions for the exam?
EC-Council certifications are under continuous development. We incorporate new techniques and
technology as they are made available and are deemed necessary to meet the exam objectives, as students
are tested on concepts, techniques and technology.
How many times can I attempt the examination in case I do not pass in the first attempt?
Kindly refer to the Exam Retake Policy on our web- site at
https://cert.eccouncil.org/exam-retake-policy.html
Can I take the exam at VUE testing center?
Yes. The CEH exam is available at VUE testing center as well. You will need an eligibility number to attempt
the exam at VUE. Please visit VUE’s EC-Council testing page at http://www.vue.com/eccouncil
When will I get my certificate once I pass the certification examination?
Upon successfully passing the exam you will receive your digital ANSI accredited CEH certificate within 7
working days.
How many questions are there in the exam and what is the time duration?
The examination consists of 125 questions. The exam is of 4 hour duration.
What kind of questions can I expect in the exam?
The examination tests you on security related concepts, hacking techniques and technology. Please refer to
the ANSI accredited CEH Test Blueprint to find out the competencies that you would be tested on.
Can I review my answers?
You can mark your questions and review your answers before you end the test.
EC-Council
CEH Exam Blueprint v3.0
51CEH Candidate Handbook v4.0
Domains Sub Domain Description
Number of
Questions
Weightage
1. Background Network and
Communication
Technologies
• Networking technologies (e.g., hardware,
infrastructure)
• Web technologies (e.g., web 2.0, skype)
• Systems technologies
• Communication protocols
• Telecommunication technologies
• Mobile technologies (e.g., smartphones)
• Wireless terminologies
• Cloud computing
• Cloud deployment models
10 21.79%
Information
Security Threats
and Attack
Vectors
• Malware (e.g., Trojan, virus, backdoor,
worms)
• Malware operations
• Information security threats and attack
vectors
• Attacks on a system (e.g., DoS, DDoS,
session hijacking, webserver and web
application attacks, SQL injection, wireless
threats)
• Botnet
• Cloud computing threats and attacks
• Mobile platform attack vectors
• Cryptography attacks
9
Information
Security
Technologies
• Information security elements
• Information security management (e.g. IA,
Defense-in-Depth, incident management)
• Security trends
• Hacking and ethical hacking
• Vulnerability assessment and penetration
testing
• Cryptography
• Encryption algorithms
• Wireless encryption
• Bring Your Own Device (BYOD)
• Backups and archiving (e.g., local,
network)
• IDS, rewalls, and honeypots
8
2. Analysis /
Assessment
Information
Security
Assessment and
Analysis
• Data analysis
• Systems analysis
• Risk assessments
• Vulnerability assessment and penetration
testing
• Technical assessment methods
• Network sning
• Malware analysis
8 12.73%
Information
Security
Assessment
Process
• Footprinting
• Scanning (e.g., Port scanning, banner
grabbing, vulnerability scanning, network
discovery, proxy chaining, IP spoong)
• Enumeration
• System hacking (e.g., password
cracking, privilege escalation, executing
applications, hiding les, covering tracks)
8
3. Security Information
Security Controls
• Systems security controls
• Application/le server
• IDS
• Firewalls
• Cryptography
• Disk Encryption
• Network security
• Physical security
• Threat modeling
• Biometrics
• Wireless access technology (e.g.,
networking, RFID, Bluetooth)
• Trusted networks
• Privacy/condentiality (with regard to
engagement)
15 23.73%
Information
Security Attack
Detection
• Security policy implications
• Vulnerability detection
• IP Spoong detection
• Verication procedures (e.g., false
positive/negative validation)
• Social engineering (human factors
manipulation)
• Vulnerability scanning
• Malware detection
• Snier detection
• DoS and DDoS detection
• Detect and block rogue AP
• Evading IDS (e.g., evasion, fragmentation)
• Evading Firewall (e.g., rewalking,
tunneling)
• Honeypot detection
• Steganalysis
9
Information
Security Attack
Prevention
• Defend against webserver attacks
• Patch management
• Encoding schemes for web application
• Defend against web application attacks
• Defend against SQL injection attacks
• Defend against wireless and Bluetooth
attacks
• Mobile platforms security
• Mobile Device Management (MDM)
• BYOD Security
• Cloud computing security
6
4. Tools /
Systems /
Programs
Information
Security Systems
• Network/host based intrusion
• Boundary protection appliances
• Access control mechanisms (e.g., smart
cards)
• Cryptography techniques (e.g., IPSec, SSL,
PGP)
• Domain name system (DNS)
• Network topologies
• Subnetting
• Routers / modems / switches
• Security models
• Database structures
7 28.91%
Information
Security
Programs
• Operating environments (e.g., Linux,
Windows, Mac)
• Anti-malware systems and programs (e.g.,
anti-keylogger, anti-spyware, anti-rootkit,
anti-trojan, anti-virus)
• Wireless IPS deployment
• Programming languages (e.g. C++, Java,
C#, C)
• Scripting languages (e.g., PHP, Javascript)
5
Information
Security Tools
• Network/wireless sniers (e.g., Wireshark,
Airsnort)
• Port scanning tools (e.g., Nmap, Hping)
• Vulnerability scanner (e.g., Nessus, Qualys,
Retina)
• Vulnerability management and protection
systems (e.g., Founds tone, Ecora)
• Log analysis tools
• Exploitation tools
• Footprinting tools (e.g., Maltego, FOCA,
Recon-ng)
• Network discovery tools (e.g., Network
Topology Mapper)
• Enumeration tools (e.g., SuperScan,
Hyena, NetScanTools Pro)
• Steganography detection tools
• Malware detection tools
• DoS/DDoS protection tools
• Patch management tool (e.g., MBSA)
• Webserver security tools
• Web application security tools (e.g.,
Acunetix WVS)
• Web application rewall (e.g.,
dotDefender)
• SQL injection detection tools (e.g., IBM
Security AppScan)
• Wireless and Bluetooth security tools
• Android, iOS, Windows Phone OS, and
BlackBerry device security tools
• MDM Solutions
24
• Mobile Protection Tools
• Intrusion Detection Tools (e.g., Snort)
• Hardware and software rewalls (e.g.,
Comodo Firewall)
• Honeypot tools (e.g., KFSenser)
• IDS/Firewall evasion tools (e.g., Trac IQ
Professional)
• Packet fragment generators
• Honeypot Detection Tools
• Cloud security tools (e.g., Core
CloudInspect)
• Cryptography tools (e.g., Advanced
Encryption Package)
• Cryptography toolkit (e.g., OpenSSL)
• Disk encryption tools
• Cryptanalysis tool (e.g., CrypTool)
5. Procedures /
Methodology
Information
Security
Procedures
• Cryptography
• Public key infrastructure (PKI)
• Digital signature and Pretty Good Privacy
(PGP)
• Security Architecture (SA)
• Service oriented architecture
• Information security incident
• N-tier application design
• TCP/IP networking (e.g., network routing)
• Security testing methodology
5 8.77%
Information
Security
Assessment
Methodologies
• Web server attack methodology
• Web application hacking methodology
• SQL injection methodology and evasion
techniques
• SQL injection evasion techniques
• Wireless and Bluetooth hacking
methodology
• Mobile platform (Android, iOS, Windows
Phone OS, and BlackBerry) hacking
methodology
• Mobile Rooting and Jailbreaking
6
6. Regulation /
Policy
Information
Security Policies/
Laws/Acts
• Security policies
• Compliance regulations (e.g., PCI-DSS,
SOX)
2 1.90%
7. Ethics Ethics of
Information
Security
• Professional code of conduct
• Appropriateness of hacking
3 2.17%
EC-Council (“Disclosing Party”) intends to make available or have made available to you (“Receiving Party”)
certain proprietary and confidential information including but not limited to exam items in connection with
EC-Council certification (“Purpose”), in accordance with the terms of this Confidentiality and Non-Disclosure
Agreement (“Agreement”). Such information so provided to the Receiving Party whether provided before or
after the date hereof and whether written or oral, together with all manuals, documents, memoranda, notes,
analyses, forecasts and other materials prepared by Receiving Party or any of its affiliates or Representatives
which contain or reflect, or are generated from, such information shall be collectively referred to herein as
the “Confidential Information.” The parties now agree as set forth below.
Receiving Party shall hold Disclosing Party’s Confidential Information in strict confidence and shall not
disclose such Confidential Information to any third party or use it for any purpose other than to further the
Purpose. Receiving Party further agrees not to disclose that they have received Confidential Information
with- out the prior written consent of Disclosing Party.
Disclosing Party shall be deemed the owner of all Confidential Information, including all patent, copyright,
trademark and other proprietary rights and interests therein. Receiving Party acknowledges and agrees that
nothing contained in this Agreement shall be construed as (i) granting any rights in or to any Confidential
Information or (ii) obligating either party to enter into an agreement regarding the Confidential Information,
unless otherwise agreed to in writing.
CONFIDENTIAL INFORMATION IS PROVIDED “AS IS” AND DISCLOSING PARTY MAKES NO WARRANTIES,
EXPRESS, IMPLIED, OR OTHERWISE, REGARDING CONFIDENTIAL INFORMATION, INCLUDING AS TO ITS
ACCU- RACY. DISCLOSING PARTY ACCEPTS NO RESPONSIBILITY FOR ANY EXPENSES, LOSSES OR ACTION
INCURRED OR UNDERTAKEN BY RECEIVING PARTY AS A RESULT OF RECEIVING PARTY’S RECEIPT OR USE
OF ANY INFOR- MATION PROVIDED HEREUNDER.
Any Confidential Information disclosed hereunder and any copies thereof (including, without limitation, all
documents, memoranda, notes, analyses, forecasts and other materials prepared by the Receiving Party or
its affiliates or Representatives, and all electronically stored copies) will be returned or destroyed.
All Confidential Information shall continue to be subject to the terms of this Agreement until three years
from the disclosure thereof. This Agreement shall be governed by and construed in accordance with the
laws of the State of New Mexico, without regard to its conflict of law principles.
This Agreement may not be modified except by writing by Disclosing Party. If any provision of this Agreement
or any portion thereof shall be held invalid, illegal or unenforceable by a court of competent jurisdiction, the
remaining provisions of this Agreement shall remain in full force and effect, and the affected provisions or
portion thereof shall be replaced by a mutually acceptable provision, which comes closest to the economic
effect and intention of the parties hereto. This Agreement may be executed in counterparts, all of which
shall constitute one agreement.
DO NOT attempt an EC-Council certification exam unless you have read, understood and accepted the terms
and conditions in full. By attempting an exam, you signify the acceptance of those terms. Please note that
in the event that you do not accept the terms and conditions of the Agreement, you are not authorized by
EC-Council to attempt any of its certification exams. EC-Council reserves the right to revoke your certification
status, publish the infraction, and/or take the necessary legal action against you, if you fail to comply with
the above terms and conditions.
EC-Council NON-DISCLOSURE AGREEMENT
57CEH Candidate Handbook v4.0
Candidate Application Agreement and Candidate
Certification Agreement (Hereinafter referred to
as “Certification Agreement” v4.0)
w.e.f. May 1st, 2015
EC-Council
For purposes this Agreement, the terms defined in this Section shall have the meanings set forth below:
1.1 "Candidate" means an individual who attempts the certification examination but is not conferred
the said certification. When it is evidenced that the candidate is conferred a certification status, the
Candidate shall be referred to as a "Certified Member".
1.2 "Program" shall mean one of the certification programs offered by EC-Council.
1.3 "Examination Materials" shall mean EC-Council certification examination(s) and any questions.
instructions, responses, answers, worksheets, drawings and/or diagrams related to such
examination(s) and any accompanying materials. The list is inclusive of all related EC-Council
Training Materials.
1.4 “Marks” means, as the case may be, any and all EC-Council titles, trademarks, service marks and/
or logos which EC-Council may from time to time expressly designate for use corresponding to the
EC-Council certification that a candidate attempts or a Certified Member have achieved.
2.1 At all times, you shall agree to adhere to the certification/candidate policies of EC-Council including
but not limited to:
2.1.1 Certification Exam Policy (https://cert.eccouncil.org/certification-exam-policy.html);
2.1.2 Exam Retake Policy (https://cert.eccouncil.org/exam-retake-policy.html );
2.1.3 Eligibility Policy (https://cert.eccouncil.org/application-process-eligibility.html);
2.1.4 EC-Council Non-Disclosure Agreement
(https://cert.eccouncil.org/images/doc/Non-Disclosure-Agreement-v1.0-15112011.pdf)
EC-Council reserves the right to add, edit, amend or delete the abovementioned policies at
any time without notice.
2.2 At all times, you shall agree to adhere to the Code of Ethics of EC-Council including but
not limited to
1. DEFINITIONS
2. OBLIGATIONS
59
Candidate Application Agreement and Candidate Certification Agreement (Hereinafter referred
to as“ Certification Agreement” v4.0)
READ THE FOLLOWING TERMS AND CONDITIONS CAREFULLY. EXAMINATION SHALL NOT
BE ATTEMPTED UNLESS ALL THE TERMS AND CONDITIONS OF THE AGREEMENT HAS BEEN
DULY READ, UNDERSTOOD AND ACCEPTED IN FULL.
This EC-Council Certification Agreement (the "Agreement") is entered into between you and
International Council of E-Commerce Consultants (“EC-Council”) as of the date of the acceptance
of the Agreement.
EC-Council CERTIFICATION AGREEMENT v4.0
60
EC-Council CERTIFICATION AGREEMENT v4.0
• Keep private and confidential information gained in one professional work, (in particular as
it pertains to client lists and client personal information). Not collect, give, sell, or transfer any
personal information (such as name, e-mail address, Social Security number, or other unique
identifier) to a third party without client prior consent.
• Protect the intellectual property of others by relying on own innovation and efforts, thus ensuring
that all benefits vest with its originator.
• Disclose to appropriate persons or authorities potential dangers to any e-commerce clients,
the Internet community, or the public that the Certified Member had reasonably believe to be
associated with a particular set or type of electronic transactions or related software or hardware.
• Provide service in own areas of competence, being honest and forthright about any limitations
of own experience and education. Ensure that the Certified Member is qualified for any project
by an appropriate combination of education, training, and experience.
• Never knowingly use software or process that is obtained or retained either illegally or unethically.
• Not to engage in deceptive financial practices such as bribery, double billing, or other improper
financial practices.
• Use the property of a client or employer only in ways properly authorized, and with the owner’s
knowledge and consent.
• Disclose to all concerned parties those conflicts of interest that cannot reasonably be avoided
or escaped.
• Ensure good management for any project the Certified Member leads, including effective
procedures for promotion of quality and full disclosure of risk.
• Add to the knowledge of the e-commerce profession by constant study, share the lessons of
own experience with fellow EC-Council members, and promote public awareness of benefits of
electronic commerce.
• Conduct oneself in the most ethical and competent manner when soliciting professional service
or seeking employment, thus meriting confidence in the Certified Member’s knowledge and
integrity.
• Ensure ethical conduct and professional care at all times on all professional assignments without
prejudice.
• Not to associate with malicious hackers or engage in any malicious activities.
• Not to purposefully compromise or allow the client organization’s systems to be compromised
in the course of the Certified Member’s professional dealings.
• Ensure all penetration testing activities are authorized and within legal limits.
• Not to take part in any black hat activity or be associated with any black hat community that
serves to endanger networks.
• Not to be part of any underground hacking community for purposes of preaching and expanding
black hat activities.
• Not to make inappropriate reference to the certification or misleading use of certificates, marks
or logos in publications, catalogues, documents or speeches.
• Not to be in violation of any law of the land or have any previous conviction.
3. CERTIFICATION
3.1 You shall be conferred a certification only upon a successful completion of the required certification
examination and your compliance with the requirements described in the current corresponding
program brochure. You agree that EC-Council has the right to modify any examination, certification
scheme, test objectives or the requirements for obtaining or maintaining any EC-Council certification
at any time.
3.2 Notwithstanding anything in this agreement to the contrary, EC-Council has the sole discretion
to withdraw, suspend, or refuse to renew and/or grant you the certification if EC-Council in good
faith determines that your certification or use of the corresponding Marks will adversely affect
EC-Council or the community at large or consumers.
3.3 Upon being conferred the certification, you are under the obligation to notify EC-CounciI of any
changes to your contact information.
3.4 Once you are certified, you are solely responsible for keeping yourself informed of EC-Council's
continuing certification requirements for maintaining your own certification. If you fail/do not
complete the continuing certification requirements within the time frame specified by EC-Council,
your certification for that particular Program will be suspended or revoked without further notice,
and all rights pertaining to that certification (including the right to use the applicable Marks) will
terminate.
61
EC-Council CERTIFICATION AGREEMENT v4.0
• Make claims regarding certification only with respect to the scope for which the certification
has been granted.
• Not to use the certification in such a manner as to bring EC-Council into disrepute.
• Not to make misleading and/or unauthorized statement regarding the certification or
EC-Council.
• Discontinue the use of all claims as regard to the certification which contains any reference to
EC-Council or to the certification upon suspension/withdrawal of the said certification.
• Return any certificates issued by EC-Council upon suspension/withdrawal of the certification.
• Refrain from further promoting the certification in the event of the said certification is withdrawn
or suspended.
• Inform EC-Council without any undue delay of any physical or mental condition which renders
the Certified Member incapable to fulfill the continuing certification requirement.
• Maintain the certification by completing, within the time frame specified by EC-Council, all
continuing certification requirements (if any) that correspond with Certified Member's particular
certification.
• To not to participate in any cheating incident, breach of security, misconduct or any other
behavior that could be considered a compromise of the integrity or confidentiality of any
EC-Council certification examination.
2.2.1 Upon being a Certified Member, you shall adhere to the EC-Council Continuing Education (ECE) policy
(https://cert.eccouncil.org/ece-policy.html).
62
4. TERM AND TERMINATION
4.1 Term. This Agreement shall begin on the Effective Date and shall terminate as provided in this
Agreement.
4.2 Once you are a Certified Member and decide to upgrade your status to include any other certification
Programs, this Agreement shall remain in effect and remain to govern your right to use any new
certification Marks.
4.3 Termination. Without prejudice to any rights it may have under this Agreement or in law, equity,
or otherwise, EC-Council shall terminate this Agreement upon the occurrence of any one or more
of the following events by you, under your capacity as a Certified Member:-
4.3.1 If you fail to perform any of the Certified Member’s Obligations under this Agreement;
4.3.2 If you render professional services without complying with the terms and conditions under
this Agreement, or if you discontinue offering the professional services without proper or just
reasons;
4.3.3 If any government agency or court finds that the professional services as provided by you are
defective or improper in any way, manner or form; or
4.3.4 If you, during the Term of this Agreement disparage or harm EC-Council or its reputation
in any way whatsoever either directly or indirectly, via written or oral comments/statements
that could reasonably be interpreted to criticize, condemn, or minimize the
competence, integrity, quality, value, or reputation of EC-Council whether or not it may
reasonably be expected to lead to unwanted or unfavorable publicity to EC-Council.
4.3.5 If any actual or potential adverse publicity or other information about you, your professional
services, or your use of the Marks causes EC-Council, in its sole judgment, to believe that
EC-Council’s reputation will be adversely affected.
4.4 In the event of breach by you, EC-Council will give you a written notice notifying the said breach.
In the event of a breach, EC-Council may immediately terminate this Agreement with a fourteen
(14) day notice period, during which time you shall be given the opportunity to cure the breach.
If you fail or are unable to correct the breach within the notice period, this Agreement will
automatically terminate on the last day of the notice period without further notice. EC-Council shall
have no liability to you under any circumstances for termination of this Agreement.
4.5 You shall also have the right to terminate this Agreement without cause with a prior written
notification of thirty (30) days in advance of the date of termination. Notice of the termination of this
Agreement without cause will be effective when EC-Council receives a written statement from you
at the following address:-
EC-Council CERTIFICATION AGREEMENT v4.0
63
EC-Council CERTIFICATION AGREEMENT v4.0
For Europe, Middle East and
Asia regions:-
Attention: Director of Certification
Plot No: Sl ,
TIE Phase -1 , Balanagar,
Hyderabad 500037,
INDIA
USA and South America
Attention: Director of Certification
101 C Sun Avenue NE,
Albuquerque, NM 87109
USA
4.6 Effect of Termination. Upon the termination of this Agreement, you as a Certified Member shall
immediately cease all use of the Marks, all representations or claims that you hold any EC-Council
Certifications, or any other statements that imply in any way that you are EC-Council Certified. This
obligation includes, but is not limited to, immediately removing the Marks from all web sites and
electronic materials under your control, including resumes, professional profiles, and email
signatures, as well as from all hard copy materials, including business cards. All unused business
cards or other hard copy materials bearing the Marks shall be destroyed within ten (10) days of
termination, and you agree to provide EC-Council a written statement under oath attesting to
such destruction, if requested by EC-Council. Upon termination, you shall also lose all access to the
related portals made available to you by EC-Council during the term by which you are a Certified
Member.
5. LICENSE
5.1 At all times, you in your capacity as a Candidate, shall not be granted the rights to use the Marks in
whatever way possible, be it for promotional, advertising, marketing and/or publicity purposes.
Failure to abide with this section shall attract legal recourse in the forms of injunctions, civil liability,
and forfeiture of profits, punitive damages and/or other legal sanctions deemed reasonable to
address such breach.
5.2 Subject to the terms and conditions of this Agreement and the attainment of one or more of
EC-Council certifications, EC-Council shall grant you in your capacity as a Certified Member a non-
exclusive and non-transferable license to use the Marks solely in connection with providing the
professional services that correspond to the certification Program that the Certified Member have
earned.
5.3 Once certified, you may use the Marks on such promotional display and advertising materials as it
may, in your judgment, promote the professional services in correspondence to your certification.
5.4 You shall not use the Marks for any purposes that are not directly related to the provision of the
professional services corresponding to your particular certification. You shall not use the Marks of
any certification program unless you have completed the certification Program requirements
and have been notified by EC-Council in writing that you have achieved the certification status for
that particular Program.
EC-Council CERTIFICATION AGREEMENT v4.0
5.5 As a Certified Member, you shall not misrepresent your own certification status or
qualifications so as to imply or suggest that EC-Council in any way endorses, sponsors or
recommends you, or any of your products or services.
5.6 You also agree that your status as a Certified Member and your rights pertaining to the
Marks as vested to you under this Agreement shall not permit you to hold yourself out
as having any ownership rights over the official Training/Examination Materials. Any
attempts/action which implies to the public that you have some degree of ownership to
the official Training/Examination Materials shall be construed as a material breach of this
Agreement and your certification shall be revoked with immediate effect.
6. OWNERSHIP OF MARKS BY CERTIFIED MEMBERS
Once certified, no title or ownership of the Marks shall be transferred to you in pursuant to this Agreement.
EC-Council owns and retains all title and ownership of all intellectual property rights in the products,
documentation, certificate and all other related materials. EC-Council does not transfer any portion of such
title and ownership, or any of the associated goodwill to you, and this Agreement should not be construed to
grant you any right or license, whether by implication, estoppel, or otherwise, except as expressly provided.
You agree to be bound by and observe the proprietary nature of the materials acquired by reason of your
certification under this Agreement.
7. CONDUCT OF BUSINESS OF CERTIFIED MEMBERS
You as a Certified Member shall agree to (i) conduct business in a manner which reflects favorably at all
times on the products, goodwill and reputation of EC-Council; (ii) avoid deceptive, misleading or unethical
practices which are or might be detrimental to EC-Council or its products; and (iii) refrain from making any
representations, warranties, or guarantees to customers that are inconsistent with the policies established
by EC-Council. Without limiting the above, you are also obliged to not to misrepresent your certification
status or level of skill and knowledge related thereto.
8. QUALITY OF PROFESSIONAL SERVICES BY CERTIFIED MEMBERS
You shall also agree that it is of fundamental importance to EC-Council that the professional services are of
the highest quality and integrity. Accordingly, you agree that EC-Council will have the right to determine in
its absolute discretion whether the professional services meet EC-Council’s standards of merchantability.
In the event that EC-Council determines that you are no longer meeting accepted levels of quality and/or
integrity, EC-Council agrees to advise you and to provide you with a commercially reasonable time of no
less than one (1) month to rectify and meet the same.
9. RESERVATION OF RIGHTS AND GOOD WILL IN EC-COUNCIL
EC-Council retains all rights not expressly conveyed to you by this Agreement. You must recognize the value
of the publicity and goodwill associated with the Marks and acknowledge that the goodwill will exclusively
inure to the benefit of, and belong to, EC-Council. You as a Certified Member shall have no rights of any
kind whatsoever with respect to the Marks licensed under this Agreement except to the extent of the
license granted in this Agreement.
EC-Council CERTIFICATION AGREEMENT v4.0
10. NO REGISTRATION BY CERTIFIED MEMBER
You agree not to file any new trademark, collective mark, service mark, certification mark, and/or trade
name application(s), in any class and in any country, for any trademark, collective mark, service mark,
certification mark, and/or trade name that, in EC-Council’s opinion, is the same as, similar to, or that contains,
in whole or in part, any or all of EC-Council’s trade names, trademarks, collective marks, service marks, and/
or certification marks, including, without limitation, the Marks licensed under this Agreement. You further
agree to not to register or use as your own any internet domain name which contains EC-Council’s Marks
or other trademarks in whole or in part or any other name which is confusingly similar thereto. This section
shall survive the expiration or termination of this Agreement.
11. PROTECTION OF RIGHTS BY CERTIFIED MEMBER
11.1 You agree to assist EC-COUNCIL, to the extent reasonably necessary and at EC-Council’s expense, to
protect or to obtain protection for any of EC-Council’s rights to the Marks.
11.2 If at any time EC-Council requests that you discontinue using the Marks and/or substitute using a
new or different Mark, you shall immediately cease use of the Marks and cooperate fully with
EC-Council to ensure all legal obligations have been met with regards to use of the Marks.
12. INDEMNIFICATION BY CERTIFIED MEMBER
12.1 You shall agree to indemnify and hold EC-Council harmless against any loss, liability, damage, cost
or expense (including reasonable legal fees) arising out of any claims or suits made against
EC-Council (i) by reason of your performance or non-performance under this Agreement; (ii) arising
out of your use of the Marks in any manner whatsoever except in the form expressly licensed
under this Agreement; and/or (iii) for any personal injury, product liability, or other claim arising
from the promotion and/or provision of the professional services.
13. CONFIDENTIALITY
13.1 Training/Examination Materials are the proprietary, confidential and copyrighted materials of
EC-Council. Any disclosure of the contents of any EC-Council certification examination is strictly
prohibited.
13.2 You, at all times, hereby agree to maintain the confidentiality of all Examination Materials and not
to disclose, publish, reproduce, distribute, post or remove from the examination room, any portion
of the Examination Materials. Failure to observe and comply with this provision shall be deemed
as a breach and shall attract legal recourse in the forms of injunctions, civil liability, forfeiture of
profits, punitive damages and/or other legal sanctions deemed reasonable to address such breach.
13.3 Your obligation of confidentiality hereunder shall terminate when you can establish that the
Examination Materials (a) is already in the public domain or becomes generally known or published
without breach of this Agreement; (b) is lawfully disclosed by a third party free to disclose such
information; or (c) is legally required to be disclosed provided that you promptly notify EC-Council
so as to permit such EC-Council to appear and object to the disclosure and further provided that
such disclosure shall not change or diminish the confidential and/or proprietary status of the
Confidential Information.
13.4 You further agree that, except as otherwise stated in this Agreement, you shall not use the name of
EC-Council and/or its other corresponding entities, either expressed or implied in any of its
advertising or sales promotional material.
14. LIMITATION OF LIABILITY
IN NO EVENT WILL EC-COUNCIL BE LIABLE TO YOU FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL
PUNITIVE, EXEMPLARY OR ANY SIMILAR TYPE OF DAMAGES ARISING OUT OF OR IN ANY WAY
RELATED TO THIS AGREEMENT.
15. GENERAL PROVISIONS
15.1 Governing Law and Venue. This Agreement will in all respects be governed by the law of the State
of New Mexico, excluding its conflicts of laws and provisions, and venue of any actions will be proper
in the courts of the State of New Mexico of the United States of America.
15.2 Attorney’s Fees. In the event of any action arising out of or relating to this Agreement, the prevailing
party shall be entitled to recover the costs and expenses of the action, including reasonable attorney’s
fees, incurred in connection with such action from the losing party.
15.3 Non-Waiver. No waiver of any right or remedy on one occasion by either party will be deemed a
waiver of such right or remedy on any other occasion.
15.4 Assignment. Neither this Agreement nor any of your rights or obligations arising under this
Agreement may be assigned without EC-Council’s prior written consent. This Agreement is freely
assignable by EC-Council, and will be for the benefit of EC-Council’s successors and assigns.
15.5 Independent Contractors. You acknowledge that you and EC-Council are independent contractors
and you agree to not to represent yourself as, an employee, agent, or legal representative
of EC-Council.
15.6 Compliance with Laws. You agree to comply, at your own expense, with all statutes, regulations,
rules, ordinances, and orders of any governmental body, department, or agency that apply to or
result from your rights and obligations under this agreement.
15.7 Modifications. Any modifications to the typewritten face of this Agreement will render it null and
void. This Agreement will not be supplemented or modified by any course of dealing or usage of
trade. Any modifications to this Agreement must be in writing and signed by both parties.
15.8 Revision of terms. EC-Council reserves the right to revise the terms of this Agreement from time to
time. In the event of a revision, your signing or otherwise manifesting assent to a new agreement
may be a condition of continued certification.
EC-Council CERTIFICATION AGREEMENT v4.0
EC-Council
