ExamCert

Introduction

If you've been working in networking and wondering how software development fits into the picture, the Cisco DevNet Associate (200-901) cert is probably on your radar. Honestly, it’s one of the few exams that forces you to bridge that gap between old-school CLI management and modern API-driven automation. I took this exam not too long ago, and while it isn't the hardest one I've tackled, it’s definitely tricky if you underestimate it.

Exam Overview

The 200-901 exam is all about showing you know your way around programming basics, APIs, and infrastructure as code. You've got about 120 minutes to navigate through around 100 questions. It covers:

Software development & design (the programming foundations)

Understanding and using APIs (REST, etc.)

Cisco platforms & development

Application deployment & security

Infrastructure & automation

Network fundamentals (still very relevant!)

The passing score is usually around 800/1000, though Cisco doesn't always publish the exact number. It can be a bit overwhelming because the breadth is massive.

Study Strategy

I’d say 6 to 8 weeks is a solid, realistic timeline if you’re putting in steady hours. The biggest mistake I see folks make? Trying to memorize syntax rather than understanding how to interact with systems.

Focus on:

API concepts: Don't just learn what REST is; know how to construct specific requests.

Infrastructure as Code (IaC): This isn't just theory anymore. You need to be comfortable with the basics.

Network fundamentals: Don’t skip these just because you know coding. A lot of questions test your ability to apply dev skills back to networking scenarios.

Top Study Resources

Cisco Learning Network: Start here for the official exam blueprint. It’s free and tells you exactly what to study.

Official DevNet Associate Cert Guide: Good for foundational knowledge, though it can feel a bit dry at times.

Practice Exams: For realistic practice questions and detailed explanations (which are lifesavers), check out ExamCert. Their practice exams are excellent for identifying exactly where you're struggling before you spend money on the real exam. ExamCert really helped me pinpoint my weak spots in the API domain, which was a huge relief.

Exam Day Tips

Don't rush through the coding snippets. It’s easy to miss a small syntax error that completely changes the logic.

Pay attention to platform-specific details. Cisco likes to ask how their specific APIs differ from generic ones.

When in doubt, read the question again. Sometimes the answer is hidden in the requirements listed in the prompt, not the technical implementation.

Conclusion

While everyone in 2026 is sprinting toward AWS AI Practitioner or Azure AI-102, I quietly passed the Google Professional Machine Learning Engineer cert last month. And I’ve gotten three recruiter messages in the past four weeks that explicitly mentioned it.

Not the generic “we saw your profile” messages. Actual messages referencing the cert by name.

That’s unusual. So let me tell you what’s going on.

Why This Cert Is Different From the AI Cert Flood

There’s been an explosion of AI credentials in 2026. AWS has their AI Practitioner (AIF-C01). Azure has AI-102. Oracle has their GenAI cert. Everyone has an AI cert.

Most of them test your ability to explain AI concepts and know which managed service does what.

The Google Professional Machine Learning Engineer cert is different. It’s hard in a way that the others aren’t. You’re not just describing what Vertex AI does — you’re reasoning about when to use custom training vs AutoML, how to architect an ML pipeline that handles data drift, what monitoring strategy makes sense for a production model serving 10 million predictions per day.

This is an exam that separates people who’ve built ML systems from people who’ve read about ML systems.

The Exam Details

Questions: 60 multiple choice

Time: 2 hours

Cost: $200 USD

Difficulty: High — Google recommends 3+ years of ML experience

Format: Online or testing center

Domain breakdown:

Architecting low-code ML solutions — 12%

Collaborating within and across teams to manage data and models — 16%

Scaling prototypes into ML models — 18%

Serving and scaling models — 19%

Automating and orchestrating ML pipelines — 17%

Monitoring ML solutions — 18%

That last domain — monitoring — is where people get surprised. Google expects you to know how to detect and respond to data drift, concept drift, training-serving skew, and model degradation in production. This is real MLOps content, not theoretical.

Who Should Actually Take This

If you’re a data scientist who’s been building models in Jupyter notebooks and not dealing much with production deployment — this exam will be genuinely hard. Not impossible, but hard.

If you’re an ML engineer or platform engineer who ships models to production, handles pipeline orchestration, and thinks about serving infrastructure — you’re in the right zone.

If you’re trying to break into ML from a software engineering background, this cert will teach you a huge amount. Expect 3–4 months of serious study.

What I Actually Studied

Google Cloud’s own learning paths — specifically the “Professional Machine Learning Engineer” learning path on Google Cloud Skills Boost. It’s comprehensive and current.

Vertex AI hands-on — I can’t overstate how important this is. The exam simulates real decision-making, and that only comes from actually building things. Create a dataset, train a model with AutoML, deploy it, set up monitoring. Do it more than once.

Coursera’s ML on Google Cloud specialization — solid for foundational understanding, though some content needs supplementing with current documentation.

Practice exams — ExamCert’s GCP PMLE practice questions are scenario-heavy and close to the real exam style. ExamCert has all the major cloud certs at $4.99 lifetime access — I used it for GCP and have recommended it to three colleagues.

The Career Angle

Here’s what I’ve noticed: the AI cert space is getting crowded fast. In 18 months, having an AWS AI Practitioner will be table stakes — everyone will have it.

The Google Professional ML Engineer is harder to get. Fewer people have it. And it signals something meaningfully different: not “I know what AI is” but “I build and operate AI systems.”

In a market where everyone is claiming AI expertise, that distinction matters.

Salary data for ML Engineer roles in 2026 runs $155,000–$210,000 depending on market and company. Google Cloud ML-specific roles are on the higher end of that range. The cert doesn’t guarantee those numbers, but it gets you in the door for conversations that lead there.

The bottom line: if you’re serious about ML engineering as a career, not just AI literacy, the Google Professional Machine Learning Engineer is the most rigorous standalone ML credential available right now.

While the herd chases the easier AI badges, this is the one that will distinguish you.

While everyone in 2026 is sprinting toward AWS AI Practitioner or Azure AI-102, I quietly passed the Google Professional Machine Learning Engineer cert last month. And I've gotten three recruiter messages in the past four weeks that explicitly mentioned it.

Not the generic "we saw your profile" messages. Actual messages referencing the cert by name.

That's unusual. So let me tell you what's going on.

Why This Cert Is Different From the AI Cert Flood

There's been an explosion of AI credentials in 2026. AWS has their AI Practitioner (AIF-C01). Azure has AI-102. Oracle has their GenAI cert. Everyone has an AI cert.

Most of them test your ability to explain AI concepts and know which managed service does what.

The Google Professional Machine Learning Engineer cert is different. It's hard in a way that the others aren't. You're not just describing what Vertex AI does — you're reasoning about when to use custom training vs AutoML, how to architect an ML pipeline that handles data drift, what monitoring strategy makes sense for a production model serving 10 million predictions per day.

This is an exam that separates people who've built ML systems from people who've read about ML systems.

The Exam Details

Questions: 60 multiple choice

Time: 2 hours

Cost: $200 USD

Difficulty: High — Google recommends 3+ years of ML experience

Format: Online or testing center

Domain breakdown:

Architecting low-code ML solutions — 12%

Collaborating within and across teams to manage data and models — 16%

Scaling prototypes into ML models — 18%

Serving and scaling models — 19%

Automating and orchestrating ML pipelines — 17%

Monitoring ML solutions — 18%

That last domain — monitoring — is where people get surprised. Google expects you to know how to detect and respond to data drift, concept drift, training-serving skew, and model degradation in production. This is real MLOps content, not theoretical.

Who Should Actually Take This

If you're a data scientist who's been building models in Jupyter notebooks and not dealing much with production deployment — this exam will be genuinely hard. Not impossible, but hard.

If you're an ML engineer or platform engineer who ships models to production, handles pipeline orchestration, and thinks about serving infrastructure — you're in the right zone.

If you're trying to break into ML from a software engineering background, this cert will teach you a huge amount. Expect 3–4 months of serious study.

What I Actually Studied

Google Cloud's own learning paths — specifically the "Professional Machine Learning Engineer" learning path on Google Cloud Skills Boost. It's comprehensive and current.

Vertex AI hands-on — I can't overstate how important this is. The exam simulates real decision-making, and that only comes from actually building things. Create a dataset, train a model with AutoML, deploy it, set up monitoring. Do it more than once.

Coursera's ML on Google Cloud specialization — solid for foundational understanding, though some content needs supplementing with current documentation.

Practice exams — ExamCert's GCP PMLE practice questions are scenario-heavy and close to the real exam style. ExamCert has all the major cloud certs at $4.99 lifetime access — I used it for GCP and have recommended it to three colleagues.

The Career Angle

Here's what I've noticed: the AI cert space is getting crowded fast. In 18 months, having an AWS AI Practitioner will be table stakes — everyone will have it.

The Google Professional ML Engineer is harder to get. Fewer people have it. And it signals something meaningfully different: not "I know what AI is" but "I build and operate AI systems."

In a market where everyone is claiming AI expertise, that distinction matters.

Salary data for ML Engineer roles in 2026 runs $155,000–$210,000 depending on market and company. Google Cloud ML-specific roles are on the higher end of that range. The cert doesn't guarantee those numbers, but it gets you in the door for conversations that lead there.

The bottom line: if you're serious about ML engineering as a career, not just AI literacy, the Google Professional Machine Learning Engineer is the most rigorous standalone ML credential available right now.

While the herd chases the easier AI badges, this is the one that will distinguish you.

The GCP Professional Cloud Architect just quietly got a lot harder to bluff through.

Google updated the PCA exam in early 2026, and the big change is the case studies. Not just new companies — new types of architectural scenarios. The old EHR Healthcare and Dress4Win case studies that have been circulating for years? They're still referenced in some form, but the weightings and scenarios have shifted.

Here's what that means for you:

Why Case Studies Are 40%+ of Your Result

The PCA isn't a knowledge recall exam. It's a judgment exam.

Questions like: "A company is migrating a legacy Java monolith to GCP. They have a 99.95% SLA requirement. Which architecture best meets this requirement while minimizing operational overhead?"

Two answers look correct. One is technically valid. One is architecturally appropriate given the constraints.

That's what the exam tests. And the case studies give Google the ability to make those scenarios rich and specific — forcing you to reason about trade-offs rather than memorize service capabilities.

The 2026 update brought three changes to the case studies:

1. Day 2 Operations scenarios: More questions about operating and maintaining architectures, not just designing them from scratch. Monitoring, incident response, cost optimization after deployment.

2. AI/ML integration: New case study scenarios include companies adding Vertex AI workloads to their existing GCP architecture. You need to understand how Vertex AI fits into networking, security, and data architecture decisions.

3. Multi-cloud nuance: Some scenarios now explicitly reference hybrid or multi-cloud constraints. How do you architect GCP workloads when there are AWS components the company can't migrate?

The Services That Keep Appearing in 2026

Based on the updated 2026 exam feedback from the community:

Cloud Spanner — for scenarios requiring globally consistent transactional databases

Anthos / GKE Enterprise — for hybrid/multi-cloud workload management

VPC Service Controls — for data exfiltration prevention in regulated environments

Cloud Armor — DDoS protection and WAF decisions

Pub/Sub + Dataflow — streaming data pipelines that appear in multiple case study contexts

Vertex AI Pipelines — new in 2026, showing up in the AI-integrated case studies

If you've been studying from 2024 materials, check whether they cover the Day 2 Ops emphasis and Vertex AI integration. A lot of older courses skip these.

The Study Mistake That Catches Everyone

People read the case studies once before the exam and think they know them.

Wrong approach.

You need to be able to reason about each case study company's requirements without reading the case study during the exam. You should know:

What are their SLA requirements?

What are their compliance/regulatory constraints?

What are their data residency needs?

What are their cost sensitivity signals?

What migration timeline signals exist?

When an exam question references "EHR Healthcare" and asks about database selection — you should already know EHR's constraints cold. Looking them up during the exam wastes time and cognitive load.

Spend at least one full study session on each case study. Read it, make notes, and then quiz yourself on the requirements from memory.

Practice Questions Matter More Here Than on Most Exams

The PCA practice exam question quality varies wildly across resources. Some resources just test service knowledge — "what does BigQuery do?" That's not what the PCA tests.

You need practice questions that give you scenario constraints and make you choose between architecturally valid options. ExamCert has GCP PCA practice questions at that scenario level — and at $4.99 for lifetime access across all GCP certs, it's genuinely one of the best-value prep resources available.

I've seen people spend $200 on prep courses that have 50 practice questions. ExamCert has thousands. The math doesn't add up for anything else.

Quick Study Timeline (8 Weeks)

Weeks 1–2: Core GCP services — Compute, Storage, Networking. Build things in a free project.

Weeks 3–4: Data and analytics services — BigQuery, Pub/Sub, Dataflow, Spanner.

Weeks 5–6: Security, identity, networking design, VPC Service Controls.

Week 7: Case studies — memorize each company's requirements until you can recall them without reading.

Week 8: Full practice exams, scenario-based questions only.

The PCA is genuinely hard. It has one of the lower pass rates among cloud certifications. But it's also one of the most respected — GCP Professional Cloud Architect roles pay $165K–$210K in the US market.

If you're serious about GCP architecture, start with practice questions on ExamCert and use the gaps to build your study plan.

Let me save you a failed attempt.

I went into the Azure DP-203 thinking it was basically "AZ-104 but for data." I had done Azure for two years. I knew Blob Storage, knew SQL, thought I understood the basics well enough. I would be fine.

I was not fine.

The DP-203 is a different kind of exam. It's not testing whether you know Azure services exist. It's testing whether you can design complete data engineering solutions under real constraints — performance, cost, security, scalability — and make the right architectural choice when four options all technically work.

That's a much harder test. And I walked in completely unprepared for how hard it would actually be.

The Part Nobody Warns You About

The scenarios. The DP-203 loves multi-part case study scenarios where you're given a data architecture problem and asked to make 3-4 consecutive decisions about it. Each decision depends on the previous one. Get the first decision wrong, and the rest of the scenario unravels.

If you're used to studying facts — "Azure Synapse Analytics does X" — the scenario format will destroy you. You need to understand the why behind architectural choices, not just the what.

The exam has 40–60 questions and runs 100 minutes. Passing score is around 700/1000. Time pressure is real.

What You Actually Need to Know

Azure Synapse Analytics (very heavy) — Dedicated SQL pools vs. serverless, Copy activity, Spark pools, pipeline integration. This is the core. Know it deeply.

Azure Data Factory (heavy) — Pipelines, data flows, integration runtimes, triggers, debugging. ADF shows up constantly.

Azure Stream Analytics — Real-time processing, windows (tumbling, hopping, sliding, session), reference data joins. The exam loves testing edge cases on windowing logic.

Azure Databricks — Spark architecture, Delta Lake, cluster configuration, reading and writing different file formats. If you've never used Databricks, spend time here.

Azure Data Lake Storage Gen2 — Folder structure best practices, ACL permissions vs. RBAC, performance optimization. Sounds boring. The exam is not bored by it.

Azure Cosmos DB — Partitioning strategies, consistency levels, when to use it vs. SQL. Appears less frequently but costs points when it does appear.

My Revised Study Plan (What Actually Works)

1. Don't start with videos. Start with the Microsoft Learn data engineering path and do the hands-on exercises. The DP-203 is practical. Book learning only gets you halfway.

2. Build at least one end-to-end pipeline. ADF → ADLS Gen2 → Synapse Analytics. Or ADF → Databricks → ADLS. Something that moves data from source to sink through transformation. This single exercise teaches you more than 20 hours of video.

3. Drill scenario-based practice questions. ExamCert's DP-203 practice tests are formatted like real exam scenarios, not just fact-checking questions. That's critical for this exam. At $4.99 lifetime with a money-back guarantee, there's no reason not to use them.

4. Know your streaming vs. batch decision tree. One of the most common DP-203 trap questions: "A company receives IoT data every 500ms and needs analysis within 2 seconds. What do you use?" Know exactly when Stream Analytics is right and when Databricks streaming is right.

The Career Reality

Azure Data Engineers earn well. Microsoft data platform skills are consistently in the top 10 for cloud job postings. The DP-203 signals that you can actually design and implement the data pipelines that companies are building for AI training datasets, analytics platforms, and operational reporting.

It's not the flashiest certification conversation. But it's the one that lands roles.

Take a free DP-203 practice test on ExamCert and find out where your gaps actually are before you find out in the exam room.

Look, I'm a Python person. Always have been. Flask, Django, FastAPI — that's my world.

So when my employer said they needed someone to get Oracle certified on Java because of a new project, I wasn't exactly thrilled. But the 1Z0-808 — the Oracle Certified Associate (OCA) for Java SE 8 — turned out to be one of the more interesting certification experiences I've had.

Not because Java is exciting. But because the exam is genuinely challenging in ways I didn't expect.

---

What 1Z0-808 Actually Covers

77 questions. 150 minutes. 65% passing score. $245.

The exam doesn't test whether you can build a real application. It tests whether you understand how Java thinks — and Java thinks very differently from Python or JavaScript.

The big topics:

Java Basics — How the JVM works, classpaths, public/private/protected access modifiers. If you've never had to think about access control at the language level (Python doesn't care), this is your first wall.

Working with Java Data Types — Primitive types vs. wrapper classes. Type casting. Autoboxing. What happens when you assign int to Integer. These questions look trivial until you hit an edge case and get it wrong.

String handling — The String class is immutable in Java. Questions around StringBuilder vs String in terms of memory and performance. There are always several of these and they're always trickier than they look.

Arrays and ArrayList — The difference between fixed arrays and dynamic collections. Iterating, modifying, common pitfalls.

Lambda expressions — Java 8 introduced lambdas and they're absolutely on this exam. If you're coming from a functional programming background this'll feel natural. If not, give it extra time.

Flow control — if/else, switch statements, for loops, while loops, do-while. Plus exception handling (try/catch/finally). The exception handling questions are notorious for being tricky with edge cases.

---

The Bit Nobody Warns You About

The exam uses trick questions about output.

You'll see a snippet of 15 lines of Java code and the question is "what does this print?" or "what happens when this executes?"

These questions test deep understanding of:

Operator precedence

String concatenation vs. addition (classic: 1 + 2 + "3" vs "1" + 2 + 3)

Variable scoping

Exception flow (does the finally block execute if you throw an exception inside a catch block? Yes. Always.)

I got about a third of my study hours wrong before I understood these patterns. The answer key at ExamCert's free Oracle Java practice tests does a good job of explaining why each output is what it is — which is more valuable than just knowing the right answer.

---

My 10-Week Plan (Python Background, Not Java)

Weeks 1–3: Worked through the "Head First Java" book. It's approachable and visual in a way that Oracle's official study guide isn't. Got the mental model right.

Week 4–5: OCA: Oracle Certified Associate Java SE 8 Programmer I Study Guide (Boyarsky & Selikoff) — this is the gold standard for 1Z0-808 prep. Dense but accurate. Read it cover to cover.

Weeks 6–8: Practice questions, practice questions, practice questions. Targeting 80%+ consistently before attempting the real thing.

Weeks 9–10: Focused review of my weak areas (string operations and lambda expressions for me). Final practice exam simulation.

You can do it in 6 weeks if you have Java experience. From zero, 10 weeks is more realistic if you're also working full-time.

---

Is the OCA Still Worth Getting in 2026?

Genuine question worth answering: Java is not dying, but it's not the hot new thing either. Is this cert worth your time?

Yes, if:

Your employer or a target employer uses Java and requires it

You want to proceed to the OCP (1Z0-809), which requires the OCA

You're targeting enterprise development, Android development, or backend Java roles

You want to demonstrate programming language fundamentals to interviewers

Java is the 3rd or 4th most-used language globally depending on the survey. The enterprise Java ecosystem is massive. Oracle Java certifications still carry weight with employers who built their systems in Java — which is most of the Fortune 500.

For free Oracle 1Z0-808 practice questions, ExamCert covers the full exam blueprint. $4.99 for lifetime access to 30,000+ questions across all certifications, with a money-back guarantee.

Everyone's talking about PMP. Nobody's talking about CAPM. That asymmetry is hiding something interesting.

The Certified Associate in Project Management is PMI's entry-level credential. It's what you get before the PMP when you don't have 3 years of project management experience yet. On paper, it sounds like a stepping stone — something you get, then immediately forget about on your way to the "real" cert.

But that framing misses what CAPM actually is in the 2026 job market.

The Real Talk on CAPM

Companies hiring junior and mid-level project coordinators, business analysts, and entry-level PMs increasingly require some formal PM credential. Not necessarily PMP — the experience requirement for PMP is genuinely hard to meet early in a career. But CAPM? Totally achievable.

You need:

A secondary degree (high school diploma) — not a four-year degree

23 hours of project management education — this can be a paid course, but free options exist

No experience requirement

That's it. No "36 months leading projects" gatekeeping. You study, you pass, you have a PMI credential.

And here's the part that's undersold: CAPM signals something specific to hiring managers. It says you understand the PMBOK framework, you're serious about the profession, and you're not someone who wandered into project management because they were "organized."

What the Exam Actually Tests

150 questions, 3 hours, computer-based. PMI refreshed the CAPM in 2023 and it now aligns with the same hybrid (predictive + agile) approach used in the PMP.

Domains covered:

Project Management Fundamentals and Core Concepts (~34%)

Predictive Project Life Cycle (~26%)

Agile Frameworks/Methodologies (~20%)

Business Analysis Frameworks (~20%)

The agile and business analysis content is newer and catches people who only studied old PMBOK guide content. If your prep materials don't cover Scrum, Kanban, and requirements elicitation, you're studying for the old exam.

Cost: $225 USD for non-PMI members, $150 for PMI members. PMI membership is $139/year, so joining before registering saves you money if you plan to pursue PMP eventually anyway.

Hit free CAPM practice questions at ExamCert to test your understanding of both the predictive and agile domains before you commit to a study plan.

Who Should Get CAPM

You should seriously consider CAPM if:

You're in a non-PM role (analyst, coordinator, developer) and want to transition into project management

You're early in your career and can't meet the PMP experience requirements yet

You work in an industry where PMI credentials are explicitly valued (government contracting, consulting, financial services)

You want the discipline of learning PMBOK before the PMP without the pressure of the more demanding exam

You should probably skip CAPM if you already have 5+ years of PM experience and can go straight to PMP. CAPM won't impress people who expect PMP at your level.

The Study Approach That Works

CAPM is memory-heavy but not trick-heavy. The scenarios are simpler than PMP. The main trap is the terminology — PMI has very specific definitions for terms that you use differently in real life.

Buy the PMBOK Guide 7th Edition. Yes, it's expensive new. Used copies on Amazon are cheap. The CAPM won't test you verbatim from PMBOK7, but the concepts are foundational.

Practice agile scenarios. Many people fail because they nail the predictive (waterfall) content but fumble the agile domain. Practice Scrum ceremonies, Kanban WIP limits, and the agile mindset questions specifically.

Mock exams. ExamCert has full-length CAPM practice tests. Get to 75-80% on practice exams before sitting the real one.

One Honest Warning

Some people online say "CAPM is a waste of time, just get PMP." Those people are usually already PMP-certified and are not thinking about what it's like to be earlier in a PM career.

For someone three years into their career with a coordinator title, CAPM is a concrete, achievable credential that opens doors. PMP might still be 2-3 years away based on experience requirements. Waiting means having nothing on your resume in the meantime.

CAPM is a real credential from PMI. It's not perfect, but it's not nothing.

Microsoft quietly dropped news that most people missed: 9 new AI certifications are in the pipeline, with betas starting around March-April 2026 and general availability expected June-July 2026.

Nine. New. Certs.

The cert most people should care about right now isn't one of the new ones. It's the AI-102 Azure AI Engineer Associate — the cert that already exists, that's already mature, and that's about to get significantly more valuable as Microsoft's AI ecosystem expands.

Here's the logic: when a platform launches 9 new certifications, the foundational role-based cert doesn't get devalued. It gets more important. Companies implementing Copilot, Azure OpenAI Service, and custom AI solutions need engineers who understand the whole platform — and AI-102 is the credential that validates that.

What the New Certs Are (And Why AI-102 Still Wins)

The new Microsoft AI certs reportedly target specific domains: AI governance, responsible AI implementation, Copilot customization, specific industry verticals. Early details suggest SC-730 (an AI security credential) will be one of them, with beta available April 2026.

These are specialty certs — they go deep on specific use cases. AI-102 is the role-based cert — it covers the full scope of designing and implementing AI solutions on Azure.

In the job market, role-based > specialty for general demand. An employer hiring an AI Engineer wants someone who can build any Azure AI solution, not just someone certified in one specific tool.

What AI-102 Actually Tests

People assume AI-102 is just "Azure cognitive services flashcards." It's not that simple anymore.

The exam covers:

Azure OpenAI Service — Deploying models, configuring safety filters, managing endpoints, fine-tuning

Azure AI Services — Vision, Speech, Language, Document Intelligence, Content Safety

Conversational AI — Bot Framework, Azure AI Bot Service, multi-turn conversations

AI search — Azure AI Search, semantic search, knowledge mining

Responsible AI — Not optional background content. This comes up in scenario questions.

The Azure OpenAI section has grown significantly. If you're using study materials from 2024, there's a good chance they're light on Azure OpenAI depth because the service has evolved rapidly. Check that your resources cover GPT-4 deployment, content filtering policies, and the Azure OpenAI Playground in sufficient detail.

Quick Study Plan

Four to six weeks if you're already working with Azure. Eight to ten weeks if you're newer to the platform.

Hands-on time in Azure AI Studio is non-negotiable. The exam has moved toward scenario-based questions that assume you've actually used these services, not just read about them.

ExamCert has AI-102 practice exams for $4.99 with a full money-back guarantee if you don't pass. Compared to what other platforms charge for practice materials, this is genuinely absurd value. Use it.

The Timing Argument

With 9 new AI certs launching mid-2026, the AI-102 will sit clearly as the foundational Azure AI credential in a larger ecosystem. Getting it now, before the ecosystem expands, means you're established with the baseline credential when the new specialty certs start being discussed in job postings.

Six months from now, "Azure AI Engineer" is going to be a hiring category across enterprise and consulting. Don't wait to be obvious to yourself what you should have done earlier.

Microsoft quietly dropped news that most people missed: 9 new AI certifications are in the pipeline, with betas starting around March-April 2026 and general availability expected June-July 2026.

Nine. New. Certs.

The cert most people should care about right now isn't one of the new ones. It's the AI-102 Azure AI Engineer Associate — the cert that already exists, that's already mature, and that's about to get significantly more valuable as Microsoft's AI ecosystem expands.

Here's the logic: when a platform launches 9 new certifications, the foundational role-based cert doesn't get devalued. It gets more important. Companies implementing Copilot, Azure OpenAI Service, and custom AI solutions need engineers who understand the whole platform — and AI-102 is the credential that validates that.

What the New Certs Are (And Why AI-102 Still Wins)

The new Microsoft AI certs reportedly target specific domains: AI governance, responsible AI implementation, Copilot customization, specific industry verticals. Early details suggest SC-730 (an AI security credential) will be one of them, with beta available April 2026.

These are specialty certs — they go deep on specific use cases. AI-102 is the role-based cert — it covers the full scope of designing and implementing AI solutions on Azure.

In the job market, role-based > specialty for general demand. An employer hiring an AI Engineer wants someone who can build any Azure AI solution, not just someone certified in one specific tool.

What AI-102 Actually Tests

People assume AI-102 is just "Azure cognitive services flashcards." It's not that simple anymore.

The exam covers:

Azure OpenAI Service — Deploying models, configuring safety filters, managing endpoints, fine-tuning

Azure AI Services — Vision, Speech, Language, Document Intelligence, Content Safety

Conversational AI — Bot Framework, Azure AI Bot Service, multi-turn conversations

AI search — Azure AI Search, semantic search, knowledge mining

Responsible AI — Not optional background content. This comes up in scenario questions.

The Azure OpenAI section has grown significantly. If you're using study materials from 2024, there's a good chance they're light on Azure OpenAI depth because the service has evolved rapidly. Check that your resources cover GPT-4 deployment, content filtering policies, and the Azure OpenAI Playground in sufficient detail.

Quick Study Plan

Four to six weeks if you're already working with Azure. Eight to ten weeks if you're newer to the platform.

Hands-on time in Azure AI Studio is non-negotiable. The exam has moved toward scenario-based questions that assume you've actually used these services, not just read about them.

ExamCert has AI-102 practice exams for $4.99 with a full money-back guarantee if you don't pass. Compared to what other platforms charge for practice materials, this is genuinely absurd value. Use it.

The Timing Argument

With 9 new AI certs launching mid-2026, the AI-102 will sit clearly as the foundational Azure AI credential in a larger ecosystem. Getting it now, before the ecosystem expands, means you're established with the baseline credential when the new specialty certs start being discussed in job postings.

Six months from now, "Azure AI Engineer" is going to be a hiring category across enterprise and consulting. Don't wait to be obvious to yourself what you should have done earlier.

I passed the Azure Data Engineer Associate (DP-203) on my second attempt. The first time I failed, I was genuinely confused — I thought I'd studied hard. Turns out I'd studied the wrong things.

Here's the list of things I wish I'd known before attempt one:

1. Synapse Analytics will be on more questions than you expect.

Azure Synapse is basically four products in one — dedicated SQL pools, serverless SQL, Spark pools, and the data integration pipelines. The exam tests all of them. And the questions aren't always obvious about which Synapse component they're asking about. Study each one separately before combining them in your mental model.

2. "When to use which storage format" is its own category.

Parquet, Delta Lake, Avro, CSV, JSON. The exam loves asking you which format to use in specific pipeline scenarios. Delta Lake is Microsoft's preferred format for lakehouse architectures — know it well. They're not asking you to memorize specs, they're asking you to make architectural decisions.

3. The DP-203 is not just about Azure Data Factory.

ADF is important, but so is Databricks, Synapse Spark, and Stream Analytics. People study ADF intensely and then get wrecked by Databricks questions they haven't touched. Balance your prep.

4. Real-time streaming scenarios are heavily weighted.

Event Hubs, Stream Analytics, and event-driven architectures show up constantly. Know the difference between tumbling, hopping, sliding, and session windows in Stream Analytics — these appear in scenario questions where you need to pick the right window type.

5. RBAC and data security questions have a specific Microsoft perspective.

They expect you to know exactly how to implement role-based access in Synapse and Data Lake Storage Gen2 (ADLS Gen2). Managed identities, service principals, and the ACL system in ADLS Gen2 are all tested. This surprised me on attempt one.

6. Practice questions are essential — but explanations matter more than the questions.

The DP-203 has a lot of questions that come down to understanding why one option is better than another. Not just what the right answer is, but the reasoning. I used ExamCert's DP-203 practice questions specifically because the explanations are detailed — that's what actually built my understanding. $4.99, money-back guarantee, and you'll save yourself from the expensive lesson I learned the hard way.

7. Microsoft Learn paths are better than most people give them credit for.

I initially dismissed Microsoft's own learning materials as basic, but the DP-203 official learning path on Microsoft Learn is actually quite good. Do the labs. The sandbox environments let you practice without spending Azure credits.

The Quick Overview

The Azure Data Engineer Associate (DP-203) validates your ability to design and implement data solutions on Azure — ingestion, transformation, storage, and serving.

40-60 questions, 180 minutes

Passing score: 700/1000

Cost: $165 USD

Main services: ADF, Synapse Analytics, Databricks, Data Lake Gen2, Stream Analytics, Event Hubs

Data engineering roles are in high demand in 2026. The talent gap between companies that need data pipelines and engineers who can build them on Azure is significant. This cert helps you cross that gap faster.

If you're already working with Azure data services, this cert validates what you're doing. If you want to break into data engineering on Azure, it's the clearest path.

The market got noisier this month, but the signal is still clear. For Google Professional Cloud Architect (GCP-PCA), 2026 is less about 'which course is best' and more about whether you can make defensible technical decisions under time pressure. If you want a clean starting point, run a short baseline on ExamCert before you touch any long video playlist.

Why this exam feels different in 2026

Microsoft Learn pages now flag update and retirement windows more aggressively than before. That one change alone altered how candidates prioritize study time. The winners aren't necessarily the people with the most hours; they're the people with the tightest feedback loop.

I've watched candidates spend weeks memorizing edge trivia while missing high-frequency scenario logic. For GCP-PCA, broad memorization is expensive. Pattern recognition is cheaper and faster.

The prep model I'd use right now

Benchmark first using free GCP-PCA questions to find weak domains early.

Map domains to tasks, not definitions.

Run timed drills every other day.

Write post-mock notes in plain language.

Retest weak domains until your misses are predictable.

Candidates ask whether this can work on a budget. Yes. A lean stack beats a bloated stack: objective guide, one active community thread, and repeatable question sets.

Resource stack that stays practical

• Official vendor objective page

• Recent March 2026 discussion threads for live weak-topic signals

• Scenario labs that mirror production choices

• ExamCert practice workflow for timed loops

It also helps that the economics are low-friction: $4.99 lifetime, plus 100% money-back guarantee if you don't pass. In a year where everyone's cutting costs, that matters.

Exam-day playbook

Start with a two-pass rhythm. Grab quick points first, mark complex scenarios, and protect your last 20 minutes for marked items only. If two answers look plausible, pick the one that best satisfies explicit constraints in the stem.

I recommend keeping a one-page 'mistake ledger.' Every wrong answer gets a root cause: concept gap, misread constraint, or panic click. By the second week, patterns become obvious and fixable. If your plan has no weekly checkpoint, it's a wish—not a system. Put one fixed review slot on calendar and defend it.

Final word

If you treat GCP-PCA like a memorization contest, it will punish you. If you treat it like a decision-making simulation, it becomes manageable quickly. Start now with a baseline on ExamCert, then run a weekly free-practice loop until your error patterns flatten out. That's the boring method—and in 2026, boring methods win.

One more practical note

During interviews this year, hiring managers repeatedly ask for specific examples: a migration decision, a security tradeoff, or a cost-control move. Build these stories while you study. Every practice question can become a mini case study if you explain not just what is right, but why the other options are wrong in your context.

Extended practice plan (4-week sprint)

Week 1 is diagnosis, not heroics. Run one full timed set, then catalog misses by domain and by mistake type. You're trying to identify patterns, not chase confidence. Week 2 is targeted repair: drill only weak areas and force yourself to explain each answer choice as if you were mentoring someone else. Week 3 is integration: mix domains so your brain practices switching contexts under pressure, because real exams rarely keep topics isolated. Week 4 is stabilization: two full mocks, strict time-boxing, and a calm review routine that avoids last-minute content sprawl.

Some exams feel like checkbox credentials. GCP-PCA is not one of them when prepared properly.

Why GCP-PCA matters right now

Across March 2026 discussions on Reddit and hiring forums, teams are asking less about generic certs and more about role-specific, hands-on capability. Google Professional Cloud Architect (GCP-PCA) sits right in that intersection, which is why this exam keeps surfacing in hiring conversations. If you want realistic reps early, start with ExamCert and do one timed set before touching any long video course.

Exam snapshot

The exact blueprint details can shift, so always verify with the vendor page before booking. But the pattern is stable: scenario-heavy questions, time pressure, and trade-off decisions rather than memorization. In my view, candidates who can explain why one option is better than another outperform candidates who just remember definitions.

Study plan that works in 2026

Week 1–2: map the blueprint and build a ruthless baseline. Do a timed diagnostic first, then tag every miss by domain and by failure mode (concept gap, wording trap, or time pressure).

Week 3–4: switch from passive reading to active reps. Scenario drills, small labs, and mixed timed sets beat chapter marathons every single time.

Final 10 days: simulate the real exam window at least twice. Same time of day, no phone, strict review notes, and one page of last-minute reminders.

If you're short on time, cut resources, not practice volume. Better three high-quality sources used deeply than ten tabs you never revisit.

Midway through prep, I like using ExamCert's free GCP-PCA practice test sessions to expose weak domains quickly.

Domain strategy

What to over-study

Prioritize the domains with the highest weighting and the domains where you consistently lose points in timed sets.

What to under-study

Don't spend 30% of your time polishing a section that contributes 10% of exam weight unless it is your known blind spot.

How to allocate revision week

Use 60% targeted remediation, 30% mixed timed sets, 10% light notes refresh. Keep it simple.

Common mistakes that keep showing up

Treating video watching as progress instead of measuring timed performance

Ignoring the official objective language and relying only on community summaries

Doing random question banks without a miss-log

Burning out in the last two weeks by adding too many resources

My hot take: consistency beats intensity. A controlled 60–90 minute daily block wins over occasional 6-hour panic weekends.

Exam day tactics

Show up with a pre-decided pace. Don't invent strategy live. Flag, move, return. If a question is draining minutes, it's probably designed to. Keep your rhythm and avoid ego battles with one stubborn item.

Also, sleep matters more than one extra cram session. People hate hearing this because it sounds basic, but poor sleep wrecks judgment on scenario questions.

Resource stack I'd actually recommend

Official vendor blueprint + documentation

One trusted structured course for context

Timed question practice with review discipline

A tiny notebook of repeated mistakes

Notice what's missing: seven overlapping courses. You don't need that. You need signal, repetition, and honest review.

Final call

If this cert aligns with your role target, move now while the momentum is in your favor. Start lean, measure weekly, and keep your prep brutally practical. Before booking, run a final checkpoint on ExamCert GCP-PCA free questions and verify your weakest topic improved, not just your confidence.

Fast FAQ

Do I need paid resources? Not necessarily. You can do a lot with official docs plus focused practice. But if you value speed, curated practice can save weeks.

How many hours per week are realistic? For working professionals, 8–12 serious hours is sustainable. Less than that can work, but your timeline stretches.

When should I book the exam? Book when your last three timed sets are stable and your mistakes are narrowing, not random.

Every security career advice thread goes the same way. Someone asks "what cert should I get?" and five people immediately say "CISM."

I have my CISM. I'm telling you: most of you shouldn't get it. At least not yet.

The Problem Nobody Talks About

CISM stands for Certified Information Security Manager. That last word is doing a lot of heavy lifting. This cert is designed for people who manage security programs, not people who do security work.

If you're a SOC analyst, a pentester, a security engineer, or really anyone who spends their day in a terminal — the CISM is the wrong cert for you right now.

ISACA designed CISM for people who:

Write security policies

Present risk assessments to boards

Manage security budgets

Lead incident response programs (not incidents)

Align security with business objectives

Sound like your Tuesday? Great. Get the CISM.

Sound nothing like your job? Keep reading.

The Real Value of CISM

When CISM IS the right move, it's incredible. CISM holders earn an average of $148K according to ISACA's salary survey. That's not nothing.

But here's the thing — those high salaries correlate with experience level, not the cert itself. People who get CISM tend to already be in management roles. The cert validates what they already do; it doesn't teleport juniors into management.

Who Should Actually Get CISM

You're ready for CISM if you check at least 3 of these:

You've been in security for 5+ years

You currently manage people or programs

You interface with executives regularly

You think about security in terms of business risk

You're aiming for CISO or VP of Security

Who Should Get Something Else First

If you're earlier in your career, these will serve you better:

For technical security: CISSP (broader recognition, covers technical and management) For cloud security: CCSP or AZ-500 For auditing: CISA For ethical hacking: CEH or OSCP

If You're Still Going for It

Look, maybe I haven't talked you out of it. Maybe you ARE ready. Fair enough.

Here's what to know:

Exam format: 150 questions, 4 hours

Passing score: 450/800

Domains: Information Security Governance (17%), Risk Management (20%), Security Program (33%), Incident Management (30%)

Cost: $575 (ISACA member) or $760 (non-member)

The exam is conceptual, not technical. If you're used to technical security certs, the CISM will feel like taking a business school exam. Everything is about governance frameworks, risk appetite, and organizational alignment.

For practice questions, I used ExamCert's CISM prep which gives you thousands of questions for $4.99 lifetime. Compared to ISACA's official QAE database at $200+, that's a steal. Plus you get a 100% money-back guarantee if you don't pass.

My Actual Recommendation

If you're a mid-career security professional eyeing management:

Get the CISSP first (broader recognition, more versatile)

Get 2-3 years of management experience

THEN get the CISM to solidify your management credentials

If you're already in management: skip the CISSP, go straight to CISM.

And if someone on Reddit tells you to get the CISM as your first security cert? They mean well. But they're wrong.

The CISM is powerful in the right hands. Make sure they're your hands before spending $760.

Thinking about the AWS Data Engineer Associate? Cool. Here are 9 things I wish someone had screamed at me before I registered.

1. It's NOT a SQL exam.

Everyone assumes "data engineer" means "SQL expert." The DEA-C01 barely tests SQL. It tests your knowledge of AWS data services — Glue, Athena, Redshift, Kinesis, EMR, Lake Formation, Step Functions. If you walk in thinking your SQL skills will carry you, you'll walk out with a failing score.

2. AWS Glue is the star of the show.

Glue appears in roughly 25-30% of questions either directly or indirectly. ETL jobs, Glue crawlers, Glue Data Catalog, Glue Studio — know them all. I didn't study Glue enough and it cost me on at least 8 questions.

3. The exam blueprint lies about domain weights.

The official breakdown says:

Data Ingestion and Transformation (34%)

Data Store Management (26%)

Data Operations and Support (22%)

Data Security and Governance (18%)

In practice, Data Ingestion felt more like 40%. Security questions were harder than expected. The weights are approximate at best.

4. Kinesis will make you cry.

Kinesis Data Streams vs Kinesis Data Firehose vs Kinesis Data Analytics. They sound similar. They do different things. AWS loves testing whether you know which Kinesis service to use for which scenario. Here's the cheat sheet:

Data Streams: Real-time, you manage consumers, custom processing

Firehose: Near real-time, serverless delivery to S3/Redshift/etc

Data Analytics: SQL queries on streaming data (now part of Managed Apache Flink)

5. You need to understand data lakes deeply.

S3 as a data lake, Lake Formation for governance, Glue Data Catalog for metadata, Athena for querying. This isn't one question — it's an entire pattern that appears across dozens of questions. If you can't draw the data lake architecture from memory, keep studying.

6. The passing score is 720, not 700.

Unlike most AWS certs that use 720, some people still assume 700. The DEA-C01 requires 720/1000. That extra 20 points matters when you're on the edge.

7. Redshift isn't just "a data warehouse."

You need to know Redshift Spectrum (query S3 data), Redshift Serverless (no cluster management), distribution styles (KEY, EVEN, ALL), sort keys, and concurrency scaling. One question about distribution styles can be worth 2-3 points if you know it cold.

8. Practice exams are non-negotiable.

I'm not saying this because I'm trying to sell something. I'm saying this because the question format is unlike any other AWS exam I've taken. They give you complex scenarios — "Your company has 50TB of daily log data flowing from Kinesis into S3, and analysts need query results within 5 seconds" — and you need to pick the right architecture.

Free DEA-C01 practice questions were what finally got my scores from 65% to consistently above 80%. The $4.99 lifetime access on ExamCert is genuinely the best deal I've found. Money-back guarantee if you fail.

9. The cert is worth more than you think.

Data engineering is one of the fastest-growing specialties in tech. Glassdoor puts AWS-certified data engineers at $130K-$165K average. The demand is ridiculous because every company has data problems and not enough people who know how to solve them with cloud services.

The DEA-C01 proves you're not just someone who writes SQL queries — you're someone who designs end-to-end data pipelines in AWS. That distinction matters at the hiring table.

My timeline: 6 weeks of focused study, about 12 hours per week. Would recommend having at least AWS Cloud Practitioner or Solutions Architect Associate first. Going in completely cold would be painful.

How to Actually Pass It

The CEH v13 is a knowledge exam. It's testable. It's learnable. And it doesn't require you to hack anything during the test.

My approach:

Study resources:

Matt Walker's CEH All-in-One Exam Guide (the book is comprehensive)

TryHackMe's CEH prep path (free tier covers basics)

CEH v13 practice exams on ExamCert — $4.99 lifetime access. When the exam itself costs $1,199, spending $4.99 on quality practice questions is a no-brainer

Study timeline: 6-8 weeks of focused study. The content isn't hard — it's just vast. Break it into domains and tackle one per week.

Key areas to focus on:

Nmap flags and scan types (these show up constantly)

Encryption algorithms and their differences

Attack methodologies and phases

Social engineering techniques

Web app vulnerabilities (OWASP Top 10)

Cloud security models (shared responsibility)

The v13 Changes Worth Knowing

EC-Council updated the CEH to v13 with more AI-related content. Expect questions about:

AI-powered attack techniques

Machine learning in threat detection

Deepfake social engineering

AI-assisted vulnerability scanning

Let me start with the price because that's all anyone talks about.

EC-Council charges $1,199 for the exam voucher alone. If you want their official training? That's $2,199. For a multiple-choice exam. In 2026.

I took it anyway. And I have... feelings.

The Good Parts (Yes, There Are Some)

The CEH v13 covers a genuinely broad range of offensive security topics. Footprinting, scanning, enumeration, system hacking, web application attacks, cloud security, IoT hacking, AI-based threats.

For HR departments and government contracting, the CEH is basically currency. DoD Directive 8570 (now 8140) lists it as a baseline cert for certain roles.

The Parts That Made Me Angry

It's still primarily multiple choice. In 2026. For a cert called "Certified Ethical HACKER." The CEH Practical exists separately but costs even more.

The questions are memorization-heavy. Real penetration testing is about problem-solving. The CEH tests whether you memorized a list of tools.

That price tag. For $1,199-$2,199, you could get the OSCP ($1,749), which actually requires you to hack into machines.

Who Should Actually Get the CEH

✅ Get it if: You need it for a DoD/government role, your employer is paying, or you need "ethical hacker" on your resume.

❌ Skip it if: You want to actually learn offensive security, you're paying out of pocket, or you already have OSCP/GPEN.

How I Actually Studied

Matt Walker's CEH All-in-One book — $40

CEH v13 practice questions on ExamCert — $4.99 lifetime access

TryHackMe/HackTheBox for hands-on practice

YouTube walkthroughs

Total study cost: Under $50. The ExamCert practice exams were clutch — scenario-based, covering all 20 CEH domains.

My Verdict

The CEH is an overpriced credential that still holds weight in specific situations. The CEH on your resume opens doors that the OSCP doesn't, especially in the corporate and government world.

Was it the dumbest money I ever spent? No. But it wasn't the smartest either. It was the most... strategic.

Let me start with the price because that's all anyone talks about. EC-Council charges $1,199 for the exam voucher alone. If you want their official training? That's $2,199. For a multiple-choice exam. In 2026. I took it anyway. And I have... feelings. The Good Parts (Yes, There Are Some) The CEH v13 covers a genuinely broad range of offensive security topics. Footprinting, scanning, enumeration, system hacking, web application attacks, cloud security, IoT hacking, AI-based threats. It's like a survey course of everything a penetration tester needs to know at a surface level. For HR departments and government contracting, the CEH is basically currency. DoD Directive 8570 (now 8140) lists it as a baseline cert for certain roles. If you want to work in federal cybersecurity, you probably need it — not because it proves you can hack, but because a policy document says you need it. And honestly? Studying for the CEH taught me a lot. The body of knowledge is solid even if the exam format is... questionable. The Parts That Made Me Angry It's still primarily multiple choice. In 2026. For a cert called "Certified Ethical HACKER." You'd think they'd require you to actually hack something. The CEH Practical exists separately but costs even more. The questions are memorization-heavy. "What port does [protocol] use?" "What tool would you use for [specific task]?" Real penetration testing is about problem-solving. The CEH tests whether you memorized a list of tools. That price tag. For $1,199-$2,199, you could get the OSCP ($1,749), which actually requires you to hack into machines. The OSCP is harder, but it proves you can do things, not just name things. Who Should Actually Get the CEH Be honest with yourself about why you want it: ✅ Get it if: You need it for a DoD/government role (8140 compliance), your employer is paying, or you need "ethical hacker" on your resume for credibility with non-technical stakeholders. ❌ Skip it if: You want to actually learn offensive security (get OSCP instead), you're paying out of pocket and $1,199 hurts, or you already have OSCP/GPEN/GWAPT. How I Actually Studied I didn't buy EC-Council's $2,199 training. Here's what I did instead: 1. Matt Walker's CEH All-in-One book — $40 on Amazon 2. CEH v13 practice questions on ExamCert (https://www.examcert.app/exams/ceh-v13/) — $4.99 for lifetime access 3. TryHackMe/HackTheBox — For actual hands-on practice 4. YouTube — Free walkthroughs Total study cost (excluding exam): Under $50. Compare that to EC-Council wanting $2,199. The ExamCert practice exams were clutch — they're scenario-based and cover all 20 CEH domains. Plus you get access to every other cert's questions with the $4.99 premium. Money-back guarantee if you don't pass. My Verdict After Taking It The CEH is an overpriced credential that still holds weight in specific situations. If someone else is paying, absolutely get it. But here's my honest take: the CEH on your resume opens doors that the OSCP doesn't, especially in the corporate and government world. Non-technical hiring managers know what "Certified Ethical Hacker" means. It's not about what should matter. It's about what does matter in the hiring process. Was it the dumbest money I ever spent? No. But it wasn't the smartest either. It was strategic. Get it if you need the doors it opens. Just don't pretend it makes you a hacker.

Let me start with the price because that's all anyone talks about.

EC-Council charges $1,199 for the exam voucher alone. If you want their official training? That's $2,199. For a multiple-choice exam. In 2026.

I took it anyway. And I have... feelings.

The Good Parts (Yes, There Are Some)

The CEH v13 covers a genuinely broad range of offensive security topics. Footprinting, scanning, enumeration, system hacking, web application attacks, cloud security, IoT hacking, AI-based threats. It's like a survey course of everything a penetration tester needs to know at a surface level.

For HR departments and government contracting, the CEH is basically currency. DoD Directive 8570 (now 8140) lists it as a baseline cert for certain roles. If you want to work in federal cybersecurity, you probably need it — not because it proves you can hack, but because a policy document says you need it.

And honestly? Studying for the CEH taught me a lot. The body of knowledge is solid even if the exam format is... questionable.

The Parts That Made Me Angry

It's still primarily multiple choice. In 2026. For a cert called "Certified Ethical HACKER." You'd think they'd require you to actually hack something. The CEH Practical exists separately but costs even more.

The questions are memorization-heavy. "What port does [protocol] use?" "What tool would you use for [specific task]?" Real penetration testing is about problem-solving. The CEH tests whether you memorized a list of tools.

That price tag. For $1,199-$2,199, you could get the OSCP ($1,749), which actually requires you to hack into machines. The OSCP is harder, but it proves you can do things, not just name things.

Who Should Actually Get the CEH

Be honest with yourself about why you want it:

✅ Get it if: You need it for a DoD/government role (8140 compliance), your employer is paying, or you need "ethical hacker" on your resume for credibility with non-technical stakeholders.

❌ Skip it if: You want to actually learn offensive security (get OSCP instead), you're paying out of pocket and $1,199 hurts, or you already have OSCP/GPEN/GWAPT.

How I Actually Studied

I didn't buy EC-Council's $2,199 training. Here's what I did instead:

Matt Walker's CEH All-in-One book — $40 on Amazon. Covers everything you need

CEH v13 practice questions on ExamCert — $4.99 for lifetime access. Used these to identify knowledge gaps and drill weak areas. Way cheaper than EC-Council's official practice tests

TryHackMe/HackTheBox — For actual hands-on practice (even though the exam doesn't require it, understanding the concepts helps with the theory)

YouTube — Free walkthroughs of CEH concepts from multiple creators

Total study cost (excluding exam): Under $50. Compare that to EC-Council wanting $2,199 for their official course.

The ExamCert practice exams were clutch — they're scenario-based and cover all 20 CEH domains. Plus you get access to every other cert's questions too with the $4.99 premium. If you don't pass, money-back guarantee.

My Verdict After Taking It

The CEH is an overpriced credential that still holds weight in specific situations. If someone else is paying, absolutely get it. If you're paying, think hard about whether the OSCP or a GIAC cert would serve you better.

But here's my honest take: the CEH on your resume opens doors that the OSCP doesn't, especially in the corporate and government world. Non-technical hiring managers know what "Certified Ethical Hacker" means. They don't know what OSCP means.

It's not about what should matter. It's about what does matter in the hiring process.

Was it the dumbest money I ever spent? No. But it wasn't the smartest either. It was the most... strategic.

Get it if you need the doors it opens. Just don't pretend it makes you a hacker.