What to Do if You Get Audited by EC-Council

Disclaimer: All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with CBT Nuggets nor any endorsement of CBT Nuggets by them.

Congrats on passing your EC-Council exam! You passed with flying colors, an incredible score. A score so high, in fact, that it earned you an audit.

Yes. An audit.

The EC-Council actively audits the results of the CEH certification exam. We hear reports that candidates are (somewhat) frequently required to take a CRA (Candidate Retesting Audit) Exam in order to get their certification. (Just go take a listen at /r/CEH for the details.)

What's that all about? We'll try to shed some light.

Why might you get audited? What are the red flags?

Apparently, EC-Council auditors review each and every exam result. There's not a lot of solid information about exactly what is being flagged in an audit.

We do know that the audits are intended to help maintain the integrity of the certification process, so it's certain that the auditors are looking for indications of possible mischief. High scores achieved in very short time might raise a flag. Highly correlated correct/incorrect answers by candidates at the same exam center might also trigger an audit. They might also audit you if they think you memorized an exam dump or triggered a honeypot answer.

As we said, there's not a lot of reliable information available and the EC-Council does not appear to be in a sharing mood. All they say is: "In the case of any suspicious patterns or trends on either the side of the candidate or the testing center, EC-Council reserves the right to demand the candidate(s) to re-sit for the exam and/or assessment test."

What does it mean when you get audited?

You'll know that you have been audited when you receive an email from the EC-Council's audit team telling you that you need to take and pass a CRA (Candidate Retesting Audit) Exam in order to receive your certification.

Sometimes, the auditors will first request additional information on your cybersecurity work experience or education, including how you studied for the CEH exam.

If that satisfies them, they may NOT require you to take the CRA exam and will issue your certification. However, if you're unlucky, then they'll refer you to an appropriate testing center to take the additional exam.

You'll get one chance to take and pass the CRA exam. If you fail the CRA test, you'll be given further chances to retake the full Certified Ethical Hacker exam, albeit with waiting periods after your first retake.

What can you do if you get audited?

There's not much you can do, except retake the exam.

How can you avoid being audited?

First, prepare with official test material. Keeping with the 'ethical' nature of the certification, we recommend that you prepare for the exam with well-established study paths.

Second, steer clear of the exam dumps. They may promise a shortcut to testing success, but you're probably more likely to trigger audit red flags in the exam.

How can you ethically become an ethical hacker?

You can choose the EC-Council's own instructor-led or self-study training. 

And by studying the ethical way, we hope that you'll avoid the dreaded audit trap.