What Are the Most Important CEH Exam Topics?

Introduction

The Certified Ethical Hacker (CEH v13) exam consists of 125 multiple-choice questions (4 hours) and a separate 6-hour practical exam on iLabs. Knowing the exact weightage of each module helps you focus your time and effort where it matters most.

Below is the official topic distribution plus real student feedback on which areas actually appear the most in 2025 exams.

Module-wise Weightage and Priority (Most Important First)

Master web application security first — it alone can give you 25%+ marks.

Web Application Hacking – The Highest Weightage Module

• OWASP Top 10 complete coverage
• SQL Injection (error, union, blind, time-based)
• XSS (reflected, stored, DOM)
• CSRF, LFI/RFI, SSRF
• Command injection, file upload vulnerabilities
• Authentication & session management bypass
• Burp Suite full workflow

System Hacking & Password Attacks

• Password cracking (online/offline, rainbow tables)
• Privilege escalation (Windows & Linux)
• Keylogging, spyware, maintaining access
• Covering tracks (log deletion, timestomping)
• Meterpreter commands

Password cracking questions appear in almost every exam.

Network Scanning, Enumeration & Reconnaissance

• Nmap all scan types and scripting
• Vulnerability scanning (Nessus, OpenVAS)
• SMB, SNMP, LDAP, DNS enumeration
• Google dorks, WHOIS, sub-domain enumeration

Social Engineering and Malware Threats

• Phishing techniques and tools (SET, Gophish)
• Trojan, virus, ransomware concepts
• Malware analysis basics

Learn to spot phishing tricks instantly.

Cryptography & Cloud Security

• Symmetric vs asymmetric encryption
• Hashing algorithms and cracking
• PKI, digital signatures
• Cloud misconfigurations (S3 buckets, IAM)
• IoT and mobile hacking basics

CEH Practical Exam – Top Scoring Areas

• SQL Injection & XSS
• Nmap scanning & scripting
• Metasploit exploitation
• Password cracking with Hashcat
• Privilege escalation
• Web server vulnerabilities

Setup your own lab to practice daily.

Low-Weightage Topics (Still Required)

• Ethics and laws
• Physical security
• Wireless security basics
• Firewall, IDS, honeypot concepts

Conclusion: Your 100% Success Study Plan

Follow this exact priority order:

• Days 1–15 → Web Application Hacking (SQLi, XSS, Burp)
• Days 16–25 → System Hacking & Password Attacks
• Days 26–35 → Scanning, Enumeration, Vulnerability Analysis
• Days 36–45 → Social Engineering, Malware, Cryptography, Cloud
• Last 15 days → Full mock exams + iLabs practical

Students who follow this weightage-based preparation clear CEH in first attempt with 90%+ marks. Start today with proper guidance and unlimited lab access.

Frequently Asked Questions

How many questions are there in CEH exam?

125 multiple-choice questions in 4 hours.

What is the passing score for CEH?

Usually 70–80% depending on exam form (70–100 marks out of 125).

Which module has highest weightage?

Web Application Hacking (22–25%).

Is practical exam compulsory?

For CEH Master title, yes. Many companies now demand CEH Master.

How much time to cover full syllabus?

2–3 months with daily 3–4 hours study.

Are labs included in theory exam?

No, but practical concepts are asked in theory.

Is CEH exam adaptive?

No, it is linear with fixed 125 questions.

Can I use calculator in exam?

No, but simple calculations are not required.

Do I need to memorize ports?

Yes, common ports (21,22,23,53,80,443,3389 etc.) appear regularly.

Is coding required for CEH?

Not required, but basic Python/Bash helps a lot.

Which is harder: CEH theory or practical?

Practical is harder because it is 100% hands-on.

Can I skip low-weightage topics?

Not recommended. Every module has at least 4–5 questions.

Is CEH multiple choice only?

Theory exam yes; practical is live lab-based.

How many attempts allowed?

Unlimited, but you pay exam fee each time.

Which book is best for CEH?

Official EC-Council courseware + practice on iLabs is sufficient.