The article will not be limited only to the certification itself, in addition to a brief description of the preparation and the exam, I plan to hook a little on the organizational aspects of most of the exams of the EC-Council company, since this is precisely where the most difficulties arose.
A little about certification and about the course
Information is presented on the official website . In short, this is an introductory course in the basics of cryptography for beginners. Consists of 5 modules:
- Introduction to cryptography and its history;
- Symmetric cryptography and hashes;
- Number theory and asymmetric cryptography;
- Application of cryptography;
- Cryptanalysis.
The official course is designed for 20 hours of lectures. The exam consists of 50 questions, 2 hours of time and a 70% passing score. After completing the course, the voucher for the exam and study materials are valid for a whole year - there is more than enough time for preparation and reflection, and for those who did not have time, the EC-Council wholeheartedly gives the opportunity to extend it by 3 months (for a fee).
The topics of this course are found in subsequent certifications, but in a very truncated form. So in CEH, a whole module (out of 20) was allocated for cryptography.
Qualification criteria
The EC-Council has its own rules regarding who and how can be certified. At the moment (at the CEH level), I did not notice any connection between exams or any specific order of passing, except for the recommended one (exceptions on Practical exams, where you need to pass an exam in the form of a test to start), that is, the company's policy is not prohibits immediately passing the advanced level.
However, each individual exam has requirements for candidates. All admission options are listed on the official website. There are usually only two choices:
- Take an official course at any EC-Council accredited center and take the exam calmly;
- Prove that you have n-years of experience in the field of Information Security, pay a fee of $ 100 and take the exam calmly.
But the most interesting thing is another, namely the mentioned lack of communication between exams - that is, even if there is already a certification with more stringent requirements for the number of years (CEH - 2 years), this does not give the right to take another certification (ECES - 1 year), you will still have to choose the tolerance options. But buying a retake voucher is not a problem.
An interesting fact: it is cheaper to take a course and get a voucher for it than to pay $ 100 and buy a voucher separately.
Taking an official course
I also did not find any restrictions on where and how to take the official course. The only question is the price and your desire. If you like classes in the classroom or if the option of distance learning in another country is more suitable - you decide. But there is a subtlety here too.
EC-Council, in its desire to control everything and everyone, takes over the issuance of official materials. During the training, you should receive a key for your personal Aspen account (details about the office will be further), using this key you will be provided with materials: a textbook in Secure PDF format, laboratory, laboratory software and a set of sample exam questions.
The accredited center can additionally issue its materials and prepare virtual laboratories for laboratory work. But ultimately it all translates into a 3-day course and communication with the instructor. We were lucky and the instructor led us straight to certification, but this is the exception, not the rule.
Preparation for the exam and the exam itself
It took me 3 weeks to get ready. He studied slowly in the evenings. I had to wait a little for my colleagues, since COVID-19 severely broke everyone's work plans. According to the EC-Council itself, it is more than enough to master their own textbook for the exam. This is true, but in ECES the textbook is only 300 pages (CND is already more than 1000, and CEH is 2000+) and topics are given very superficially, although this certification is of the Fundamental level - it's not solid to complain about simplicity. However, I used Applied Cryptography by Bruce Schneier and Chapter 8 from Computer Networks by Andrew Tannenbaum. Overkill, but interesting, although it turned out badly for me on the exam.
The questions in the exam are similar to the sample questions in the course, but they were drafted differently. One sentence from examples turned into 3-5 on a real exam. This was somewhat annoying. Most of the questions were very simple and, according to my feelings, I reached the passing score already at the 15th minute of the exam, and then another 20 fiddled with the rest. they were compiled very ambiguously and required not so much an understanding of the material as how this material was presented in the official book, which, given its not too great popularity, is a little outdated. After the exam, this was reported to www.eccouncil.org/errata and a couple of days later the answer came that it will be fixed in the near future. My result is 86%, my colleagues are 84% and 90%.
Organizational issues and Aspen personal account
When taking the official course, you will need to create an account on the Aspen portal , receive the course key (23 characters) from the training center and register it in your personal account.
- TRAINING course materials page.
- EVALUATION leads to a form that must be filled out in order to confirm your training at an accredited center (and give a grade to the materials and the teacher)
- EXAM link to the exam portal
- CERTIFICATE will be available after passing the exam
- ECE STATUS your ECE status
After filling out the form, you will receive a certificate of the course participant ( Certificate if Attendance ), a badge for social networks (LinkedIn) and a voucher (34 characters) for passing the exam.
To pass the exam, you will need a proctor, perhaps the training center is one, but even if not, this is not a problem, the exam is easily passed on the portal https://www.proctoru.com/
On the appointed day of the exam, you need to come to the exam center or contact the proctor online (depends on your choice). For the exam, you will need to create an account on the https://www.eccexam.com/ portal with the same mail as your Aspen account.
The exam takes place in a browser. In Take Testenter your voucher, and the proctor will enter your username and password. For the exam you need to bring documents, voucher, login and password to www.eccexam.com . If you rent at home, then you must follow the instructions of the proctor and not violate the conditions: the camera is working, no one enters the room, nothing superfluous is in sight, otherwise the exam will end quickly and not in your favor. It would be more comfortable for me to rent in the center than at home, but this time I didn't have to go anywhere.
A couple of pages with agreements and the exam begins. 50 questions and 2 hours of time. At any time, you can return to any question and change it. The results appear immediately after the end of the exam:
Certificate delivery and additional difficulties
The certificate comes to the mail and appears in Aspen's personal account after about a week, and the progress of the course changes:
But sometimes everything can go wrong and the evil and terrible EC-Council Audit will stick to you .
EC-Council Audit
You passed the exam and are looking forward to the certificate, but the following unexpectedly comes to the mail:
So someone doubted the honesty of your exam or is surprised that someone is taking ECES at all in 2020 (my whole group received this letter).
We reply to the letter, go to our LinkedIn page and observe how the comrades from the audit are looking at it. The solution of the issue, in our case, took a couple of hours, then letters arrived that everything was in order and a certificate would come in a couple of days.
If not everything is in order, then they may be forced to take an additional exam of 30 questions or even reset the results, but I have not heard of such an outcome.
Conclusion
The article turned out to be a little cumbersome and the topic of the certification itself was given the least amount of material. The reason for this is that this is a basic exam and you most likely will not have any difficulties with it, but on its example I tried to show most of the organizational points that I myself spent time on at the start. If the topic is interesting, I will continue on the Certified Network Defender (CND) certification.