What you need to know:
Learning Outcomes:
- Provide an overview of the vulnerability assessment process.
- Learn about tools used during the vulnerability assessment process.
- Understand the underlying concepts of TCP/IP, Ports and Protocols.
- Apply critical thinking to solve problems encountered during an assessment.
Apply tools and techniques to assess:
- External facing interfaces.
- Internal interfaces
- The threat of malware (Antimalware solutions, Application whitelisting)
- Assess the threat of common external attacks (Email, SMS etc)
- Report/Explain Vulnerabilities found.
- Assess the threat of common internal attacks (Web Applications, Downloads)
Learning Objectives:
- Understand Information security in the corporate world.
- Understand the laws and regulations involved with vulnerability assessing
- Report and explain vulnerabilities found throughout a project.
- Understand quantifying and measuring risks associated with vulnerabilities
- Know how to find internal and external vulnerabilities
- Understand how to test hardening measures for malware
Exam Breakdown
1)Practical Element
During the practical element of the VA exam your assessor will act as your client contact and is open to questions about the scope of the engagement. You will conduct parts of a VA assessment and demonstrate good practice and a sound understanding of cybersecurity with regards to dealing with end users, VA automated tool use, solving problems and analysing the results of a VA assessment. You should attend the practical exam (online) ready to perform a VA assessment. It is your responsibility to install and configure your device and any tools as you wish.
Exam Tip:
If you have any questions regarding the scenarios, please ask your assessor for guidance.
2)Longform Written Essay Element
You will be asked to answer scenario style questions (the scenario may or may not be linked to practical phase – depending on the assessment paper on the day) in essay style paragraphs to a high standard, targeted at a specific audience (to be chosen by the assessor / exam paper).
Exam Tips:
If you are asked to produce an executive summary the language should be aimed at non-technical executives and should include organisation specific outcomes and consequences.
If you are asked to produce a technical summary this should be a “summary” not the finding details.
In the event you are asked for remediation advice you are expected to go beyond the tool output provided.
If you have any assumptions or questions regarding the scenarios either state your assumption in your answer or ask your assessor for guidance.
3)Multiple-choice Exam element
The multiple-choice element allows the candidate to demonstrate their wider understanding of cybersecurity in terms of knowledge, experience, and skills.
The topics and domains are wide in scope and examine topics from an historic stance as well as looking at current practices.
Shown below is a list of topics and domains often seen in the multiple choice element of the assessment:
- Enumeration
- Encryption / Cryptography
- Laws
- Linux operating system
- Networking
- Testing
- Vulnerabilities
- Windows
- Methodology
- OSMisc
- WebApps
- Metasploit
- Reporting
4) VIVA Exam element
A short verbal interview to allow the assessor and candidate to clarify any issues or to assess understanding. (Some assessors may split the VIVA element and cover the practical, longform and multiple-choice as distinct sections, others may combine all elements into a single VIVA – you will be asked to remove all exam materials from your device before the exam is complete).
FAQ’s
Renewal and resits
- The VA+ certificate is valid for three years, and the exam will need to be retaken at this point in order to renew.
- If you would like to book a re-sit please contact us. Please note that the following re-sit criteria applies:
- You will need to wait 4 weeks before re-sitting the exam
- The re-sit needs to be taken within 3 months of original date.
Exam Format
The exam is split into 4 sections, all of which must be passed by obtaining 60% or more in each:
- Multiple choice paper – 1 hour
- Practical (Vulnerability Scan) – 30 minutes
- Essay (long form questions) – 2 hours
- Viva – 15 minutes.