Career / Career Progression

10 Most Difficult IT Certifications

10 Most Difficult IT Certifications picture: A
Follow us
Updated on March 19, 2024

Disclaimer: All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with CBT Nuggets nor any endorsement of CBT Nuggets by them.

What makes an IT certification valuable? Certifications are one way that employers assess potential new hires and also manage the retention of current employees. We reviewed the top IT certifications considered difficult to attain. We found that cloud computing, security, and project management were well represented. 

So let's look at the ten toughest IT certifications — and the CBT Nuggets training courses that can help you prepare for the certification exams.

10 Tough IT Certifications

Not all IT certifications are created equal. Whether you're looking to improve your career prospects or level up your knowledge, these certifications will help you do so—just make sure to take the exam prep seriously! 

10. Certified Associate in Project Management (CAPM®)

This Project Management Institute credential is designed for newer project managers and measures their understanding of effective project management's basics, terminology, and processes. The certification allows IT professionals to add project management to their technical credentials. 

The CAPM® certification exam is a three-hour test with 150 multiple-choice questions. Candidates must have at least 23 credit hours of project management education. 

To maintain the CAPM® certification, holders must earn 15 professional development units (PDU) over the three years from the certification award date.

9. AWS Certified Solutions Architect—Professional 

The AWS Certified Solutions Architect—Professional certification is a valuable indicator of the skills required to design a well-architected AWS solution. Although it has no set prerequisites, the exam SAP-C02 is tough! 

The test – taken as a proctored online exam or in a Pearson VUE testing center – has 75 multiple-choice/multiple-response questions and lasts three hours. A passing score is 750 out of 1000, but beware of the high failure rate! It’s reported that less than 30% of exam candidates gain a passing grade!

8. Microsoft Certified: Azure Solutions Architect Expert

The Microsoft Certified: Azure Solutions Architect Expert validates the holder’s ability to design Azure-based solutions in line with the Azure Well-Architected Framework and Cloud Adoption Framework for Azure.

As a prerequisite, candidates for the Azure Solutions Architect Expert must first earn the Microsoft Certified: Azure Administrator Associate certification. This certification requires passing the two-hour, 40-60-question Microsoft Azure Administrator Associate (AZ-104) exam. Then, candidates must take and pass the two-hour 40-60 question Microsoft Certified: Azure Solutions Architect Expert (AZ-305) exam, 

While the Azure Solutions Architect exam is difficult, what’s tougher is the certification only lasts ONE year! Microsoft requires holders to recertify through examination each year. 

7. Cisco Certified Network Professional – Security (CCNP Security)

The certification focuses on skills related to securing Cisco-based networks, including identity management, authentication, authorization, firewalls, anti-malware programs, and security policy development. To earn the CCNP-Security, candidates must pass a core two-hour exam, Implementing and Operating Cisco Security Core Technologies (350-701 SCOR), followed by their choice of one of seven elective concentration exams.

The concentration exams last 90 minutes and cover design, administration, and deployment in a particular security area. The seven concentration exams are:

  • Securing Networks with Cisco Firewalls (300-710 SNCF)

  • Implementing and Configuring Cisco Identity Services Engine (300-715 SISE)

  • Securing Email with Cisco Email Security Appliance (300-720 SESA)

  • Securing the Web with Cisco Secure Web Appliance (300-725 SWSA)

  • Implementing Secure Solutions with Virtual Private Networks (300-730 SVPN)

  • Automating and Programming Cisco Security Solutions (300-735 SAUTO)

  • Designing and Implementing Secure Cloud Access for Users and Endpoints (300-740 SCAZT)

The CCNP - Security certification is good for three years, after which it must be renewed.

6. Certified Ethical Hacker (CEH)

The EC-Council’s Certified Ethical Hacker (CEH) accreditation validates the holder has the knowledge, skills, and expertise to search for and detect vulnerabilities in an organization's security infrastructure. 

CEH candidates are expected to have at least two years of experience in IT security. To earn the certification, they must pass both a CEH knowledge and practical exams. The CEH knowledge exam is a four-hour test with 125 multiple-choice questions.

The CEH practical exam validates the candidate’s practical hacking skills and knowledge. It is a monster six-hour test with 20 scenario-based questions. CEH certification is no pushover – the failure rate is reportedly between 20% and 40%!

5. Certified Information Security Manager (CISM)

The CISM is from the independent, nonprofit ISACA association. The certification demonstrates the holder can develop and manage an information security program under ISACA's goals.

The CISM certification exam is a four-hour, 150-question test. It focuses on four CISM domains –  information security governance, risk management, program development and management, and incident management.

CISM certification is not awarded until the candidate passes the exam AND has verified five or more years of work experience across at least three CISM domains! To maintain the CISM certification, holders must take at least 20 hours of relevant continuing professional education (CPE) annually for 120 CPE hours over three years. 

4. Certified Information Systems Auditor (CISA)

ISACA also grants the Certified Information Systems Auditor certification, targeted at practicing IT auditors. To earn the certification, CISA candidates must pass a four-hour, 150-multiple-choice question exam with a score of at least 450 out of 800. 

Before you can display a CISA badge, you must pass the exam and either already have the required minimum of five years of IT auditing, control, or security experience or satisfy this requirement with subsequent work experience.

Once earned, the CISA certification must be maintained with a minimum of 20 hours of continuing professional education (CPE) per year and 120 CPE units over three years.

3. Certified Information Systems Security Professional (CISSP)

The Certified Information Systems Security Professional (CISSP) is a vendor-neutral security certification granted by the non-profit (ISC)2 security consortium. Candidates for CISSP hold roles such as security consultants, security auditors/analysts, security managers, network architects, etc.

The certification exam is four hours long, with 125-175 multiple-choice questions and ‘advanced innovative items’ focused on eight domains:

  • Security and Risk Management

  • Asset Security

  • Security Architecture And Engineering

  • Communications and Network Security

  • Identity and Access Management (IAM)

  • Security Assessment and Testing

  • Security Operations

  • Software Development Security

To take the exam, you must have at least five years of work experience in two or more of the above domains. A passing grade is 700 out of 1000 points.

Once you're a CISSP, you must recertify every three years through at least 120 hours of continuing professional education. And there's more. You must also subscribe to the (ISC)2 code of ethics and pay a yearly $US 85 fee to maintain your certification.

2. Project Management Professional (PMP)

The PMP is another certification granted by the Project Management Institute. It is claimed to be the global standard of project management certification!

The PMP demands some serious real-world experience as a project manager before you can apply for the certification exam. If you don't have a four-year degree, you'll need five years of experience leading and directing projects, plus 35 hours of project management education! 

If you have a degree, you'll only need three years of experience as a project leader or manager and, of course, 35 hours of project management education! In either case, CAPM® certification is accepted instead of 35 hours of project management education.

The PMP exam is a four-hour test with 180 multiple-choice scenario-based questions covering the five life stages of a project: initiation, planning, execution, monitoring and controlling, and closing. Many PMP exam takers report that the exam is difficult, with a passing rate of around 60% on the first attempt. Once you've gained your PMP certification, you'll have to earn 60 professional development units (PDUs) every three years.

1. Cisco Certified Internetwork Expert (CCIE)

Here's our vote for the #1 most challenging certification! The CCIE is Cisco's top-level certification and a highly valued "badge of competency" in the industry. According to TechTarget, fewer than 3% of Cisco-certified engineers obtain the CCIE certification—that’s less than 1% of all networking professionals worldwide. Certainly, becoming a CCIE is not easy. And once you become one, you must recertify every two years, or your CCIE will be suspended!

The CCIE is a series of certifications with specializations in Enterprise Infrastructure, Enterprise Wireless, Collaboration, Data Center, Security, and Service Provider. Each certification stands alone. For each specialization, candidates need to pass a two-hour written qualification exam and then, within 18 months, take an 8-hour hands-on practical exam. The practical exams are held on-site at Cisco CCIE lab locations worldwide.

The most popular CCIE specialization is probably the CCIE Enterprise Infrastructure, which measures the holder’s skills in designing and operating complex enterprise infrastructure solutions.

There are no prerequisites, although it’s recommended that candidates have five to seven years of experience in the design, operation, and optimization of networking solutions. The first step towards the CCIE Enterprise Infrastructure is to take the qualifying written exam Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR 350-401). 

The CCIE ENCOR 350-401 test is tough! It’s two hours long and requires a passing grade of 750-850 out of 1000. Surveys indicate that most candidates study three to six months or more before they attempt this exam. Following success in the qualifying exam, candidates have 18 months to register and take the eight-hour, hands-on CCIE Enterprise Infrastructure v1.1 lab exam at a Cisco CCIE lab exam testing facility. 

If you’re on a different CCIE specialization, CBT Nuggets training courses are also available:

In Conclusion

It's not easy to compare the toughest IT certifications, but we tried! What do you think? Is CCIE tougher than PMP? Who's voting for CISA or maybe the CISSP? Whatever one votes, CBT Nuggets has online training courses to help you clear the certification hurdle! 

Ready to get your next IT certification? Sign up for CBT Nuggets and access all our online certification training.


By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Don't miss out!Get great content
delivered to your inbox.

By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Recommended Articles

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2024 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522