Cyber Scheme Team Member (CSTM) exam

– £500+Vat
(price quoted is for the 1 day exam only).

A pass in this technical qualification is one of the mandatory assurance checks undertaken by the National Cyber Security Centre (NCSC) before CHECK Team Member Status can be awarded. The Cyber Scheme cannot award CHECK status, but do award Certificates recognised by NCSC as confirmation that the necessary technical standard for CHECK has been met.

The exam is also suitable for individuals who want formal certification of their understanding of the theory and practical elements of cyber security and the fundamentals of Penetration Testing. This exam also meets the standard required from NCSC and IASME to operate Cyber Essentials Plus Certification Services.

Assessment for the CSTM consists of:

  1.  A one hour 100 question multiple choice exam.
  2.  A one hour written paper which covers theoretical and practical aspects of the course content.
  3.  A two hour practical assessment, which provides a full scenario for penetration testing.
  4.  A 15 – 30-minute viva during which students will provide a synopsis of their findings from the practical assessment.

Assessed components 2, 3 and 4 are invigilated and undertaken by an approved assessor who holds CHECK Team Leader (CTL) status.

Multiple Choice

You will be faced with a number of theoretical and practical questions answered over a relatively short period of time.  This level of challenge ensures the candidate is being challenged at the appropriate level and in keeping with industry standard examination techniques. The questions are structured in such a way as to ascertain knowledge and understanding across a wide variety of subject specific topics, without losing the essence of the subject matter.

Written Assessment

Students are asked to answer two questions in one hour.

The rationale for using a written exam is that this is an appropriate assessment instrument to assess the syllabus taught for the CSTM course. This is also in keeping with standard assessment approaches used within UK and international educational institutions.

Practical Assessment (Network Assault Course)

Candidates are presented with a practical network assault course, where they must demonstrate that they can used the tools and techniques taught in the module to probe a given network infrastructure to gain access to information.

Candidates are permitted access to their own notes and course notes, but unsupervised access to the Internet or the use of mobile phones is not permitted.

This is a National Cyber Security Centre (NCSC) requirement to ensure rigour in the award of the Cyber Scheme CSTM qualification.

The technical skills candidates will be expected to demonstrate include:


  • Understanding common networking protocols such as SMTP, NFS, FTP, DNS
  • Service enumeration
  • The ability to map a network
  • Port scanning
  • Identification of valuable hosts on a network

Web application

  • Understanding basic web application vulnerabilities such as SQLi, XSS, LFI/RFI

 Host exploitation

  • Understanding of differences between OS’s
  • Identification of server vulnerabilities
  • Exploitation of server vulnerabilities Basic methods of privilege escalation

If you have a physical disability or other support requirements when sitting the exam we make allowances for all scenarios in terms of additional time, adaption of exam environment and any cases where you may need personal assistance. Please inform us at time of booking and ensure you speak with your assessor on the day of the exam in order to ensure your needs have been properly addressed.