Practitioner Tester
This technical qualification mirrors our CSTM exam, and is suitable for consultants who do not need to obtain CHECK Status.
We have developed this exam to meet the demand of individuals and organisations who are looking for formal accreditation without the extra elements required to gain CHECK Status (working for a CHECK company, being Security Cleared and having the right to live and work in the UK).
The exam is suitable for individuals who want formal certification of their understanding of the theory and practical elements of cyber security and the fundamentals of security testing, from a company who specialises in assessments at this high standard and is licensed by the National Technical Authority.
This exam also meets the standard required from NCSC and IASME to operate Cyber Essentials Plus Certification Services. Find out more about becoming an assessor for Cyber Essentials Plus here.
Assessment for the Practitioner Tester mirrors that of our CSTM exam and consists of:
- A one hour 100 question multiple choice exam.
- A one hour written paper which covers theoretical and practical aspects of the course content.
- A 2.5 hour practical assessment, which provides a full scenario for penetration testing.
- A 15 – 30-minute viva during which students will provide a synopsis of their findings from the practical assessment.
Assessed components 2, 3 and 4 are invigilated and undertaken by an approved assessor.
Multiple Choice
You will be faced with a number of theoretical and practical questions answered over a relatively short period of time. This level of challenge ensures the candidate is being challenged at the appropriate level and in keeping with industry standard examination techniques. The questions are structured in such a way as to ascertain knowledge and understanding across a wide variety of subject specific topics, without losing the essence of the subject matter.
Written Assessment
Students are asked to answer two questions in one hour.
The rationale for using a written exam is that this is in keeping with standard assessment approaches used within UK and international educational institutions.
Practical Assessment (Network Assault Course)
Candidates are presented with a practical network assault course, where they must demonstrate that they can use the tools and techniques taught in the module to probe a given network infrastructure to gain access to information.
Candidates are permitted access to their own notes and course notes, but unsupervised access to the Internet or the use of mobile phones is not permitted.
The technical skills candidates will be expected to demonstrate include:
Networking
- Understanding common networking protocols such as SMTP, NFS, FTP, DNS
- Service enumeration
- The ability to map a network
- Port scanning
- Identification of valuable hosts on a network
Web application
- Understanding basic web application vulnerabilities such as SQLi, XSS, LFI/RFI
Host exploitation
- Understanding of differences between OS’s
- Identification of server vulnerabilities
- Exploitation of server vulnerabilities Basic methods of privilege escalation.
The Cyber Scheme believe everyone should have access to a career in security testing. We are available to discuss any concerns you have and are more than happy to make reasonable adjustments for any candidate who requires them during examinations.
These reasonable adjustments are to ensure you are given an equal opportunity to demonstrate the necessary knowledge, skills and behaviours required. We recognise that not all disabilities are visible.
We have a range of reasonable adjustments we can offer depending on what difficulty you might face. If you request an adjustment which we are unable to offer, we will give you a reason why we cannot offer it. This might be because it maps to a key Knowledge, Skill or Behaviour that we have to assess against within the certification. If that is the case, we will tell you which aspect we think would not be properly assessed.
There may be background noise during an assessment. Please bring (or ask for) ear plugs / ear defenders or listen to music if background noise is likely to affect your concentration.
Mobility
Access to all of our facilities is suitable for people with mobility issues. Should any other special facilities be required please get in touch at time of booking. For some reasonable adjustments, such as access to a disabled parking space, we will need to see supporting documentation around the condition to allow us to apply for this access for you. No information will be retained or stored once the request is validated.