What to Do if You Get Audited by EC Council

1_27

1_27

We dedicated an entire week of posts to breaking into the white-hot information security field, including how to get experience in IT security, tips for crushing your first security interview, certifying as an ethical hacker, and even what to do if you get audited during certification.

Congrats on passing your EC Council exam! You passed with flying colors, an incredible score. A score so high, in fact, that it earned you an audit.

Yes. An audit.

The EC-Council actively audits the results of the CEH certification exam. We hear reports that candidates are (somewhat) frequently required to take a CRA (Candidate Retesting Audit) Exam in order to get their certification. (Just go take a listen at /r/CEH for the details.)

What’s that all about? We’ll try to shed some light.

Why might you get audited? What are the red flags?

Apparently, EC-Council auditors review each and every exam result. There’s not a lot of solid information about exactly what is being flagged in an audit.

We do know that the audits are intended to help maintain the integrity of the certification process, so it’s certain that the auditors are looking for indications of possible mischief. High scores achieved in very short time might raise a flag. Highly correlated correct/incorrect answers by candidates at the same exam center might also trigger an audit. They might also audit you if they think you memorized an exam dump or triggered a honeypot answer.

As we said, there’s not a lot of reliable information available — and the EC-Council does not appear to be in a sharing mood. All they say is that “In the case of any suspicious patterns or trends on either the side of the candidate or the testing center, EC-Council reserves the right to demand the candidate(s) to re-sit for the exam and/or assessment test.”

What does it mean when you get audited?

You’ll know that you have been audited when you receive an email from the EC-Council’s audit team telling you that you need to take and pass a CRA (Candidate Retesting Audit) Exam in order to receive your certification.

Sometimes, the auditors will first request additional information on your cybersecurity work experience or education, including how you studied for the CEH exam. (By the way, CBT Nuggets Certified Ethical Hacker training is a perfectly legal way to study for the exam.)

If that satisfies them, they may NOT require you to take the CRA exam and will issue your certification. However, if you’re unlucky, then they’ll refer you to an appropriate testing center to take the additional exam.

You’ll get one chance to take and pass the CRA exam. If you fail the CRA test, you’ll be given further chances to retake the full Certified Ethical Hacker exam, albeit with waiting periods after your first retake.

What can you do if you get audited?

There’s not much you can do, except retake the exam.

How can you avoid being audited?

First, prepare with official test material. Keeping with the ‘ethical’ nature of the certification, we recommend that you prepare for the exam with well-established study paths.

Second, steer clear of the exam dumps. They may promise a shortcut to testing success, but you’re probably more likely to trigger audit red flags in the exam.

How can you ethically become an ethical hacker?

You can choose the EC-Council’s own instructor-led or self-study training. Alternatively, you may opt for reputable, third-party training like CBT Nuggets’ EC-Council Certified Ethical Hacker v9.0 course.

There are pros and cons for each training option, but if you’re looking for quality on a budget, then CBT Nuggets is a great choice. In our Certified Ethical Hacker v9.0 course, Keith Barker teaches you the ethical hacking tools and techniques needed to improve your network’s security posture.

You’ll get to walk through building your own practice lab, including using evaluation software, so you’ll be able to practice everything hands-on in your own lab environment.

Doing is the best way of learning, so by the end of Keith’s course, you’ll be well prepared to take — and pass — the 125-question, 4-hour Certified Ethical Hacker exam.

And by studying the ethical way, we hope that you’ll avoid the dreaded audit trap.

CBT Nuggets has everything you need to learn new IT skills, certify on in-demand technologies, and advance your career — unlimited video training and practice exams, virtual labs, validated learning with in-video quizzes, personalized study plans, and access to our exclusive community of professionals. Learn more about the CBT Nuggets Learning Experience.

Not a subscriber? Start your free week today.