Online Exam Joining Instructions - VA+ exam

Please use the instructions below to help you organise your remote exam.

Please contact us if you have any queries.

Taking an Online Exam at The Cyber Scheme – what you need to know.

Please ensure that you have:

Access to a stable internet connection on the day of your exam (30 Mpbs or greater is preferable) with unfiltered outbound internet access. Restricted or heavily locked down corporate devices may be unsuitable. A wired connection is preferable to ensure a consistent connection but a reliable WiFi connection should be fine also. Mobile device tethering is not recommended, however.

The WireGuard VPN client installed on your device. This must be the same device where your vulnerability scanner is installed to ensure your scans can run successfully over the VPN connection.

A VPN configuration will be provided at the start of your exam.

A Teams meeting link will be sent to you the day prior.

WireGuard VPN

Please install the Wireguard VPN client before the assessment.

Please note activating the VPN client outside of the assessment timeslot will cause your device to lose access to the internet. This is by design. Simply turn off the VPN to re-enable your internet access. You can only use the internet through the Cyber Scheme VPN during the assessment time slot, not before or after.

Windows

Browse to: https://www.wireguard.com/install/

Download and install the client then import the .conf (configuration file supplied by the Cyber Scheme).

Linux

apt update

apt install wireguard

You will be sent a config file from the Cyber Scheme.

Rename your .conf (configuration file supplied by the Cyber Scheme) to wg0.conf
mv myfile.conf wg0.conf
To import the file use the following command: nmcli connection import type wireguard file “wg0.conf”.

FAQs

Where should I install Nessus? – in Windows is fine.

What Nessus licence do I need? – any is fine, we recommend the free essentials licence. Please note Nessus Essentials has a limit to 5 IPs Addresses that can be used for vulnerability scans and only lasts for 30 days now.

Can I use any vulnerability assessment software? – Yes, use any you like. Alternative software is available.

Do all candidates get their own network / devices to scan? – yes you cannot affect the other candidates.

Taking an Online Exam at The Cyber Scheme – what you need to know.

You will need to connect to a video conferencing solution.

Please have vulnerability assessing (VA) software available on your device ready for the exam. We recommend the use of Tenable Nessus for the assessment; however other options are available if required.

Please have available during the assessment:

  • A webcam
  • A microphone and speakers (ideally a headset)
  • Photo ID – passport or driving licence.

Only one display screen is allowed during the exam so either a laptop with no external monitors or a desktop with a single display.

Assessment Marking Criteria Matrix

All candidates will get feedback and this marking and feedback matrix will be used:-

Pass / Success Criteria: 

Software Assessment  – 4 out of 5

Soft Skills Assessment – 4 out of 5

Technical Interview  – 4 out of 5

Multiple Choice Quiz – 18 out of 30.

The assessment is in three parts, practical (including scope and scanning), technical interview and multiple-choice quiz.

Assessment Marking and Feedback

Criteria

Fail

Pass

Comment

Software Assessment

 

 

PASS/FAIL

Scanned all devices in scope

 

 

 

Did not scan out-of-scope devices

 

 

 

Found a critical-risk or high-risk issue

 

 

 

Scanned for default credentials

 

 

 

Configured both Windows and Linux credentials successfully

 

 

 

Soft Skills Assessment

 

 

PASS/FAIL

Candidate was polite and professional throughout the assessment

 

 

 

Explained technical issues to both technical and non-technical audiences

 

 

 

Was able to summarise findings and prioritise what an executive would care about

 

 

 

Mitigated risks before the vulnerability assessment

 

 

 

Understands the laws and ethics associated with cyber security (including permission to scan before the vulnerability assessment)

 

 

 

Technical Interview

 

 

PASS/FAIL

Understands networking protocols (ICMP, TCP, UDP etc)

 

 

 

Gave good mitigation advice

 

 

 

Gave good defence in depth advice

 

 

 

Gave good pushback / follow up advice

 

 

 

Could answer a technical question around current vulnerabilities

 

 

 

Multiple Choice Quiz

 

 

PASS/FAIL

Score equal to or above 18

 

 

 

Additional notes

 

Final Grade: PASS/FAIL

Remote Assessments and Reasonable Adjustments

The Cyber Scheme will, where possible, make provision for any additional time or support that might be required. Please contact The Cyber Scheme at least 3 working days ahead of the exam to ensure appropriate adjustments are made and the assessor is properly briefed.

You will need to provide adequate information about your needs in order for the appropriate adjustments to be made. The Cyber Scheme takes seriously the management of sensitive PII and as such will not make a formal record or retain any information provided other than to support any preparation an Assessor might need to undertake, and a record of any additional time allowed. All provided PII information will be deleted after the conclusion of the assessment.