Professional Exams

The Cyber Scheme currently offers three levels of qualification as described in the Learning and Development section of the website. Each qualification has varying assessment requirements. They are provided here for your benefit.

The Cyber Scheme Team Member/ Leader (CSTM/L) and certification has been approved by CESG for equivalence as part of the CHECK Team Member/ Leader (CTM/L) eligibility criteria.

Cyber Scheme Associate (CSA)

The Cyber Scheme Affiliate (CSA) exam and exam is for individuals who want an introduction to the theory and practical elements of cyber security, to learn the fundamentals of Penetration Testing and have their skills formally recognised by academia.

Assessment for this course is via a multiple choice examination, which covers many networking and penetration testing topics. The pass mark for the CSA is 60%.

The Cyber Scheme Team Leader (CSTL)

The Cyber Scheme Team Leader (CSTL) exam is for individuals who are looking to progress in the cyber security profession by successfully demonstrating their application of theory and skills. Achieving this qualification demonstrates the necessary theoretical and practical skills to apply to become a CESG CHECK Team Leader (CTL).

Assessment for this qualification is via a one day practical testing scenario. Candidates are presented with a testing scenario in which they assume the role of lead tester. They must test the system presented using all the tools and techniques that they have gathered during their qualifying period. A CHECK Team Leader will invigilate the process from start to finish and the days testing will culminate in a rigorous Viva with the CTL questioning not only the outcomes of the testing process, but the tools techniques and methodology employed. Candidates are assessed against pass/fail criteria and where a candidate fails, the invigilating CTL will provide guidance on the areas that they need to improve on.

Cyber Scheme Team Member (CSTM)

The Cyber Scheme Team Member (CSTM) exam is for individuals who want an introduction to the theory and practical elements of cyber security, to learn the fundamentals of Penetration Testing and have their skills formally recognised by academia.

Assessment for the CSTM consists of:

A 100-question one hour multiple choice exam.
A one hour written paper which covers theoretical and practical aspects of the course content.
A two hour practical assessment, which provides a full scenario for penetration testing.
A 15 - 30-minute viva during which students will provide a synopsis of their findings from the practical assessment.

Assessed components 3 and 4 must be invigilated and undertaken by a CHECK Team Leader (CTL)

Multiple Choice

The questions cover the full course syllabus and are either multiple choice single answer or multiple choice multiple answer. Negative marking is not in operation. Students are challenged with a mix of theoretical and practical questions and with 100 questions to answer in one hour there is limited time for students to read, assimilate and select their answer. This ensures they are being challenged at the appropriate level and in keeping with industry standard examination techniques.

The questions are structured in such a way as to ascertain knowledge and understanding across a wide variety of subject specific topics, without losing the essence of the subject matter.

Written Assessment

Students are asked to answer two from four questions in one hour. The test is closed book and invigilated by an appropriate person. This ensures that the theoretical foundations have been assessed as students must be able to provide detailed and correct responses to questions related to the course curriculum. The rationale for using a written exam is that this is an appropriate assessment instrument to assess the syllabus taught for the CSTM course. This is also in keeping with standard assessment approaches used within UK and international educational institutions.

Practical Assessment (Network Assault Course)

Students are presented with a practical network assault course, where they must demonstrate that they can used the tools and techniques taught in the module to probe a given network infrastructure to gain access to information. The activities are conducted under supervision by a CHECK Team Leader (CTL), students are permitted access to their own notes and course notes, but unsupervised access to the Internet or the use of mobile phones is not permitted. The rationale for using a practical assessment is that this is an appropriate assessment instrument to assess the syllabus taught in the CSTM course and allows the learning outcomes that require the student to demonstrate that they can use tools and techniques to be appropriately satisfied.

Viva

Students are asked to provide a short synopsis of the ‘way’ in which they carried out the activities within the practical assessment. This will include things like, why they used a particular tool, what information it provided them with and how that allowed them to move onto the next part of the assessment (or not, as the case may be). The assessor will be a CTL and will ask if there may have been a different or more efficient approach and if the student feels they have gathered all the required information.

Students may use differing approaches to tackling the problem, and the viva is useful in ensuring that the understood the tools and techniques they used and why some where successful and other less so. In addition, students must demonstrate ‘soft’ skills and have the ability to convey their findings to the client in an appropriate and comprehensible manner.

Pass Criteria & Resit Options

Students must achieve 60% in all four components of assessment. Assessment is non-synoptic and where a student fails one or more components of summative assessment, all four assessment components must be retaken. This is a CESG requirement to ensure rigour in the award of the Cyber Scheme CSTM qualification.