Limited time: Get 2 months free with annual plan — Claim offer →
Certifications Tools Flashcards Career Paths Exam Guides Blog Pricing
Start for free
Home / Blog / cybersecurity
cybersecurity

Can You Retake CEH After Failing? Retake Rules Explained (2026)

CT
Certsqill Team
Certification Expert
May 10, 2026
18 min read

Can You Retake CEH After Failing? Retake Rules Explained (2026)

Direct answer

Yes, you can retake the CEH exam after failing. EC-Council allows multiple retake attempts with specific waiting periods between each attempt. However, you’ll need to pay the full exam fee again for each retake, and there are mandatory waiting periods you must observe. The exact waiting period and number of allowed attempts can vary, so always check EC-Council’s official exam page for the most current retake policy as rules can change.

The key point most candidates miss: your retake isn’t just about scheduling another exam date. It’s about using the mandatory waiting period strategically to address the specific knowledge gaps that caused your initial failure, particularly in the high-weight domains like Network and Web Hacking (25%) and Reconnaissance and Scanning (20%).

CEH retake rules: the official policy

EC-Council’s CEH retake policy follows a structured approach that’s designed to ensure candidates use the time between attempts to genuinely improve their knowledge rather than simply hoping for better luck with different questions.

The fundamental rule is straightforward: if you fail the CEH exam, you cannot immediately reschedule and take it again the next day. EC-Council enforces mandatory waiting periods that increase with each subsequent failure. This isn’t punitive—it’s educational. The organization recognizes that candidates who fail often need time to address fundamental knowledge gaps, not just memorize more practice questions.

When you fail the CEH exam, you’ll receive a score report that breaks down your performance across the five main domains:

  • Ethical Hacking Fundamentals (15%)
  • Reconnaissance and Scanning (20%)
  • System Hacking and Malware (20%)
  • Network and Web Hacking (25%)
  • Cryptography and Cloud Security (20%)

This breakdown is crucial because it shows exactly where your knowledge gaps are. Many candidates make the mistake of treating a retake like starting completely over, when they should focus their study time on the specific domains where they scored lowest.

The retake policy also means you’re essentially buying a new exam each time. There’s no discount for retakes, and your original exam fee doesn’t carry over. Think of each attempt as a separate purchase, which makes strategic preparation even more important.

Check EC-Council’s official exam page for the most current retake policy as rules can change. The organization occasionally updates their policies, particularly around waiting periods and the total number of allowed attempts.

How long do you have to wait before retaking CEH?

The waiting period for CEH retakes typically follows an escalating schedule, though the exact timeframes can vary and should be verified with EC-Council directly. Generally speaking, you’ll face a longer waiting period after each subsequent failure.

For your first retake (second attempt), the waiting period is usually shorter—often around 14 days. This gives you time to review your score report, identify weak areas, and do focused study without having to wait months.

If you fail a second time, the waiting period typically extends significantly—potentially 30-60 days or more. This extended period reflects the reality that candidates who fail twice usually have more substantial knowledge gaps that require comprehensive review.

The exact waiting periods can change, and EC-Council may have different policies for different regions or candidate types. Some candidates report different waiting periods based on whether they’re taking the exam through a testing center or online proctoring. Always verify the current waiting period requirements directly with EC-Council before planning your retake timeline.

Here’s what’s important about these waiting periods: they’re not dead time. The waiting period is actually your biggest opportunity to turn a failure into a pass. Many candidates waste this time being frustrated or discouraged, when they should be conducting a systematic review of their weak domains.

The waiting period also gives you time to gain practical experience. CEH isn’t just about theoretical knowledge—it tests your understanding of real-world hacking techniques and defensive measures. Use the waiting period to set up practice labs, work through real scenarios, and build hands-on experience with the tools and techniques you’ll encounter on the exam.

How much does a CEH retake cost?

A CEH retake costs the same as your original exam attempt. There are no discounts for retakes, and you’ll pay the full exam fee each time you attempt the certification.

As of 2024, the CEH exam fee is $1,199 USD when taken at a Pearson VUE testing center. This price can vary slightly based on your location and the testing method you choose (in-person vs. online proctoring), but expect to pay the full amount for each retake attempt.

This cost structure means that retaking the CEH exam is a significant financial decision. If you fail twice, you’re looking at potentially $3,597 in exam fees alone—not counting any additional training materials or courses you might purchase for your retake preparation.

The high retake cost is actually motivational if you approach it correctly. It forces you to take each attempt seriously and invest in proper preparation rather than treating retakes as “practice runs.” Many candidates who understand the financial implications spend more time preparing thoroughly for their retake, which leads to higher pass rates.

Some candidates try to save money by rushing into a retake without proper preparation, thinking they can pass through familiarity with the exam format. This is usually a mistake. The financial cost of multiple retakes quickly exceeds the cost of investing in quality preparation materials and taking the time to address knowledge gaps systematically.

Consider the retake fee as an investment in ensuring your next attempt is successful. This mindset shift—from seeing it as a penalty to viewing it as motivation for thorough preparation—can significantly improve your chances of passing on your retake.

How many times can you retake CEH?

EC-Council typically allows multiple retake attempts for the CEH exam, but there may be limits on the total number of attempts within a specific timeframe. The exact number of allowed retakes can vary based on EC-Council’s current policies and your specific situation.

Most certification bodies, including EC-Council, allow candidates to retake exams multiple times, but with increasing restrictions. You might be allowed four or five attempts within a 12-month period, after which you may need to wait for a longer period before being eligible to test again.

The reality is that most candidates who are going to pass the CEH will do so within their first three attempts. If you’re approaching your third or fourth retake, it’s worth stepping back and evaluating whether your preparation strategy is fundamentally flawed.

After multiple failures, some candidates find that they need to pursue additional training or gain more practical experience before attempting the exam again. The CEH tests not just memorized facts but your ability to think like an ethical hacker and understand complex attack scenarios. This kind of knowledge often requires hands-on practice and time to develop.

Each retake becomes progressively more expensive and potentially more stressful. The pressure of multiple failures can actually hurt performance, creating a cycle where anxiety about failing again interferes with your ability to demonstrate your knowledge during the exam.

Check EC-Council’s official exam page for the most current retake policy as rules can change. They may update their policies regarding maximum attempts, especially if they modify other aspects of the certification program.

What changes between your first and second attempt

The exam content doesn’t change fundamentally between your first and second attempt, but your experience and preparation strategy should change dramatically. Understanding these differences is crucial for retake success.

Your score report from the failed attempt is the most valuable resource you have. It breaks down your performance across the five CEH domains:

  • Ethical Hacking Fundamentals (15%)
  • Reconnaissance and Scanning (20%)
  • System Hacking and Malware (20%)
  • Network and Web Hacking (25%)
  • Cryptography and Cloud Security (20%)

Focus your retake preparation on the domains where you scored lowest. If you struggled with Network and Web Hacking (the heaviest-weighted domain at 25%), that’s where you should spend the majority of your study time. Don’t waste time reviewing areas where you already scored well.

Your mindset should also change. Your first attempt was about learning the material and hoping you knew enough. Your retake should be about proving you’ve mastered the specific areas where you previously struggled. This shift from hope to confidence comes from targeted, domain-specific preparation.

The question pool remains the same, but you won’t see identical questions. EC-Council has a large question database, and while some questions may be similar in format or content area, don’t expect to recognize most questions from your first attempt. Prepare for the concepts, not specific question wording.

Your test-taking strategy should evolve based on what you learned during your first attempt. Maybe you ran out of time, or maybe you second-guessed yourself on questions you actually knew. Use the retake to implement better time management and decision-making strategies.

Most importantly, your technical knowledge should be deeper. Use the waiting period to gain hands-on experience with the tools and techniques that the CEH exam covers. Set up practice environments, work through real scenarios, and build practical experience that will help you understand not just what the correct answers are, but why they’re correct.

How to use the waiting period strategically

The mandatory waiting period between CEH attempts isn’t punishment—it’s your greatest opportunity to transform a failure into a pass. Most candidates waste this time, but strategic candidates use it to address their specific knowledge gaps systematically.

Start with a detailed analysis of your score report. Identify which of the five domains caused the most problems:

  • If you struggled with Ethical Hacking Fundamentals (15%), focus on understanding the legal and ethical framework of penetration testing
  • Poor performance in Reconnaissance and Scanning (20%) means you need hands-on practice with information gathering tools and techniques
  • System Hacking and Malware (20%) weaknesses require deeper understanding of exploitation techniques and malware analysis
  • Network and Web Hacking (25%) gaps—the most heavily weighted domain—demand extensive practice with network attacks and web application security
  • Cryptography and Cloud Security (20%) struggles indicate you need stronger foundation in encryption methods and cloud security principles

Create a study schedule that dedicates time proportionally to your weak areas. If Network and Web Hacking was your weakest domain, spend 40-50% of your study time there, not just 25% because that’s its exam weighting.

Set up practical lab environments during the waiting period. The CEH isn’t just theoretical—it tests your ability to understand how attacks actually work. Use tools like Metasploit, Nmap, Wireshark, and Burp Suite. Practice actual reconnaissance, scanning, and exploitation techniques in controlled environments.

Don’t just read about vulnerabilities—reproduce them. Set up intentionally vulnerable applications like DVWA (Damn Vulnerable Web Application) or Metasploitable and practice identifying and exploiting the vulnerabilities you’ll be tested on.

Use the waiting period to gain exposure to real-world scenarios. The CEH exam includes questions about incident response, report writing, and business impact analysis. These topics are best learned through case studies and practical examples rather than just memorization.

Consider pursuing additional training during the waiting period, but make it targeted. Don’t retake a general CEH course if your weakness is specifically in web application security. Instead, focus on specialized training that addresses your specific knowledge gaps.

Track your progress with practice exams, but

don’t interpret your performance based on a single practice test result. Use multiple practice exams from different sources and track improvement trends over the weeks leading up to your retake.

Common retake mistakes that prevent success

Even with additional study time, many CEH candidates repeat the same fundamental errors that caused their initial failure. Understanding these common retake mistakes can help you avoid wasting your second (or third) opportunity.

The biggest mistake is treating the retake like a completely fresh start. Some candidates throw out all their previous study materials and begin from scratch, ignoring the valuable intelligence they gained from their score report. Your failed exam told you exactly where your knowledge gaps are—use that information instead of starting over with generic study plans.

Another critical error is overemphasizing memorization of practice question answers. Many retake candidates become obsessed with memorizing as many practice questions as possible, thinking this will somehow guarantee success. The CEH exam draws from a large question pool, and while practice questions help you understand concepts and question formats, memorizing specific answers won’t carry you through the real exam.

Time management continues to plague retake candidates. If you ran out of time on your first attempt, don’t assume you’ll naturally be faster the second time. During your waiting period, practice with timed exams and develop specific strategies for handling questions efficiently. Learn to identify questions you can answer quickly versus those that require more thought, and budget your time accordingly.

Many candidates also make the mistake of avoiding their weakest topics during retake preparation. If Network and Web Hacking (25% of the exam) was your worst-performing domain, you might feel tempted to focus on easier areas where you can build confidence. This is backwards thinking. Your retake success depends on improving your worst areas, not perfecting areas where you already score reasonably well.

Practice realistic CEH scenario questions on Certsqill — with AI Tutor explanations that show exactly why each answer is right or wrong.

The lack of hands-on experience continues to hurt retake candidates. Reading about SQL injection is different from actually performing SQL injection in a controlled lab environment. The CEH exam tests practical understanding, not just theoretical knowledge. If you didn’t set up practice labs before your first attempt, make this a priority during your waiting period.

Finally, many retake candidates underestimate the psychological pressure of their second attempt. The stakes feel higher, the financial cost is mounting, and there’s additional pressure to prove that the first failure was just bad luck. This anxiety can actually impair performance, especially if you don’t acknowledge and prepare for it.

Improving your technical foundations during the waiting period

The waiting period between attempts should be focused on building genuine technical competency, not just exam preparation. Many candidates treat retakes as a study problem when they’re actually facing a knowledge gap problem.

Start by setting up a comprehensive lab environment that mirrors the tools and scenarios covered in the CEH exam. This isn’t just about having the right software—it’s about understanding how these tools work in realistic attack scenarios. Install and configure Kali Linux, set up vulnerable target systems like Metasploitable and DVWA, and practice the complete attack lifecycle from reconnaissance through exploitation and post-exploitation.

Focus particularly on the high-weight domains where you struggled. If Network and Web Hacking was problematic, spend significant time with tools like Burp Suite, OWASP ZAP, and SQLmap. Don’t just learn the command syntax—understand when and why you’d use each tool, what the output means, and how to interpret results in the context of a penetration test.

Web application security deserves special attention because it appears throughout multiple CEH domains. Practice identifying and exploiting OWASP Top 10 vulnerabilities in controlled environments. Learn to read web application source code and identify potential security issues. Understand the business impact of different vulnerability types, because the CEH exam tests your ability to communicate technical findings to management.

Network security concepts require hands-on packet analysis. Use Wireshark extensively to understand network protocols, identify suspicious traffic, and analyze attack patterns. The CEH exam includes questions about network-based attacks that are much easier to answer when you’ve actually seen the traffic patterns and protocol behaviors being described.

System hacking knowledge improves dramatically with practical experience. Practice privilege escalation techniques on different operating systems, understand how various malware types behave, and learn to identify indicators of compromise. Set up Windows and Linux systems specifically for practicing exploitation techniques covered in the CEH syllabus.

Cryptography understanding comes from both theoretical study and practical implementation. Don’t just memorize encryption algorithms—understand when different cryptographic solutions are appropriate, how to identify weak implementations, and what cryptographic failures look like in real systems.

The key insight for retake candidates is that the CEH exam tests depth of understanding, not breadth of memorization. Your first failure likely indicated that you could recognize correct answers in some areas but couldn’t apply that knowledge to complex scenarios. Use the waiting period to build the practical experience that transforms recognition into genuine competency.

Building exam-day confidence for your retake

Retake candidates face unique psychological challenges that first-time candidates don’t experience. The combination of previous failure, increased financial pressure, and time constraints can create anxiety that actually impairs performance. Building genuine confidence requires both technical preparation and strategic test-taking preparation.

Technical confidence comes from mastering the specific areas where you previously struggled. This isn’t about feeling good—it’s about knowing you can handle complex scenario questions in your previously weak domains. If you struggled with web application security, you should be able to walk through the complete process of identifying, exploiting, and reporting a SQL injection vulnerability. This level of competency translates directly into exam confidence.

Practice realistic exam conditions during your waiting period. Take full-length practice exams under timed conditions, without breaks, in an environment similar to where you’ll take your actual retake. Many candidates are surprised by their decreased performance when moving from untimed study sessions to exam pressure situations.

Develop specific strategies for handling different question types. The CEH includes straightforward knowledge questions, complex scenario analysis, and tool-identification questions. Each type requires different approaches and time management strategies. Know which questions you can answer quickly and which require more careful analysis.

Time management confidence is crucial for retake candidates. If you ran out of time on your first attempt, you need proven strategies for managing your pace. Practice identifying questions you can answer immediately versus those that require careful thought. Learn to make educated guesses on questions where you’re uncertain rather than spending excessive time on single questions.

Most importantly, prepare for the emotional aspects of your retake. Acknowledge that some anxiety is normal and expected. Have specific strategies for managing stress during the exam, whether that’s brief breathing exercises, positive self-talk, or systematic review of your strongest knowledge areas during breaks.

Your retake mindset should shift from hoping you know enough to proving you’ve mastered the material. This confidence comes from systematic preparation, hands-on experience, and honest assessment of your current capabilities relative to the exam requirements.

FAQ

Q: Can I use the same Pearson VUE account to schedule my CEH retake?

Yes, you can use the same Pearson VUE account to schedule your retake. Your previous exam results and eligibility status will be visible in your account. However, you must wait until the mandatory waiting period has expired before you’ll be able to schedule your next attempt. The system will automatically enforce the waiting period requirements based on EC-Council’s current policy.

Q: Will my CEH retake score replace my previous score, or are all attempts recorded?

Your highest CEH exam score is what matters for certification purposes. If you pass on your retake, that passing score becomes your official result. However, EC-Council maintains records of all your attempts for their internal tracking purposes. Employers and verification services will only see your successful certification status, not your previous failed attempts or the number of tries it took to pass.

Q: Do I need to meet the work experience requirement again for my CEH retake?

No, you don’t need to resubmit work experience documentation for a retake. If you met the experience requirements for your first attempt (or paid the non-experience fee), those qualifications remain valid for your retakes. Your retake is simply another attempt at the same certification application, not a new certification request.

Q: Can I change my testing method from in-person to online proctoring for my retake?

Yes, you can choose a different testing method for your retake. If you took your first attempt at a Pearson VUE testing center, you can schedule your retake as an online proctored exam, or vice versa. The exam content and format are identical regardless of testing method. Choose the option that you feel most comfortable with based on your first attempt experience.

Q: What happens if I fail my CEH retake multiple times? Is there a point where I’m permanently banned?

EC-Council typically doesn’t permanently ban candidates from retaking the CEH exam, but there may be extended waiting periods after multiple failures. After several unsuccessful attempts within a specific timeframe, you might be required to wait 6-12 months before being eligible to test again. Check EC-Council’s current policy for specific details, as these rules can change. Many candidates who fail multiple times benefit from pursuing additional training or gaining more practical experience before attempting again.