The Cyber Scheme banner image depicting people discussing something on a laptop screen

Cyber Scheme Team Leader (CSTL) Infrastructure Exam

Book your exam

The industry-leading exam suitable for individuals who require formal certification of Expert level understanding of the theory and practical elements of cyber security and Penetration Testing.

A pass in this technical qualification is one of the mandatory assurance checks undertaken by the NCSC before CHECK Team Leader Status can be awarded. Cyber Scheme cannot award CHECK status, but do award Certificates recognised by NCSC as confirmation that the necessary technical standard for CHECK has been met.

In order to pass the CSTL exam, a candidate must demonstrate all of the following:

  • Appropriate interaction with the commissioning client;
  • Knowledge of the process of conducting a penetration test including legal and ethical issues;
  • Core capability to exploit vulnerabilities of MSWindows devices or systems;
  • Core capability to exploit vulnerabilities of Unix devices or systems;
  • Core network mapping capability;
  • Advanced capability to exploit MSWindows OR Unix OR network devices.

 

The CSTL exam is structured to simulate a real-world penetration test for a client. It comprises three phases:

Phase 1 – Scoping

Candidates will share a common scoping briefing. Following the common scoping briefing, individually candidates will have up to 10 minutes to ask questions concerning the scope of the penetration test. During the individual scoping session, the Assessor will play the role of the commissioning client. The candidate’s performance during the individual scoping session will form part of the assessment.

Phase 2 – Practical Penetration Test

The candidate’s laptop will be connected to the assessment infrastructure, from which they will perform the practical penetration test, as defined in the scoping session. Connectivity will end after 4.5 hours. During the final 30 minutes the candidate will be advised to prepare for the interview which follow.

Phase 3 – Interview

During the interview the candidate will be required to produce a network diagram on a white board or flip chart. The network diagram must logically detail the infrastructures architecture at the network/IP layer (OSI layer 3), clearly showing all hosts, interfaces, subnets, subnet masks, firewalls and routes. The interview is an assessed component of the examination.
A candidate will also be expected to inform the commissioning client (Assessor) of the significant aspects/findings during the practical penetration test they conducted.

 

Exam Topics

The technical skills candidates will be expected to demonstrate include:

Networking

  • Understanding misconfiguration of protocols such as SMTP, NFS, FTP, DNS
  • Advanced methods of information enumeration
  • the ability to map a network
  • port scanning
  • Identification of valuable hosts on a network
  • Traffic analysis
  • Wireless networking weaknesses
  • Pivoting
  • Firewall evasion


Web applications

  • Understanding basic web application vulnerabilities such as SQLi, XSS, LFI/RFI


Host exploitation

  • Understanding of differences between OS’s
  • Identification of server vulnerabilities
  • Exploitation of server vulnerabilities
  • Privilege escalation
  • Breakout techniques.
CSTL-INF syllabus

The Cyber Scheme believe everyone should have access to a career in security testing. We are available to discuss any concerns you have and are more than happy to make reasonable adjustments for any candidate who requires them during examinations. 

These reasonable adjustments are to ensure you are given an equal opportunity to demonstrate the necessary knowledge, skills and behaviours required. We recognise that not all disabilities are visible.

We have a range of reasonable adjustments we can offer depending on what difficulty you might face.  If you request an adjustment which we are unable to offer, we will give you a reason why we cannot offer it.  This might be because it maps to a key Knowledge, Skill or Behaviour that we have to assess against within the certification.  If that is the case, we will tell you which aspect we think would not be properly assessed.

There may be background noise during an assessment. Please bring (or ask for) ear plugs / ear defenders or listen to music if background noise is likely to affect your concentration.

Mobility

Access to all of our facilities is suitable for people with mobility issues. Should any other special facilities be required please get in touch at time of booking.  For some reasonable adjustments, such as access to a disabled parking space, we will need to see supporting documentation around the condition to allow us to apply for this access for you. No information will be retained or stored once the request is validated.

We know it’s sometimes easier to talk on the phone. If you’d like someone from The Cyber Scheme to call you to discuss anything, please click below:

We work in partnership with:

NCSC logo
CiiSec logo
UK Cyber Security logo

Email us   |   Floor 7, Eagle Tower, Montpellier Drive, Cheltenham GL50 1TA   |  Privacy Policy   |   Booking Conditions

Facebook Twitter Linkedin
Skip to content