Vulnerability Assessment plus exam
This exam (VA+), developed by NCSC and IASME, is a requirement for all Cyber Essentials Plus assessors that do not have a Lead Assessor qualification.
Syllabus
If you’re interested in booking a VA+ Exam, or viewing the syllabus & guidance notes, please go to https://www.thecyberscheme.org/va/
exam
The exam is run remotely and is split into 4 sections, all of which must be passed by obtaining 60% or more in each:
- Multiple choice paper – 1 hour
- Vulnerability Scan – 30 minutes
- Essay – 2 hours
- Viva – 15 minutes
Renewal
The VA+ certificate is valid for three years, and the exam will need to be retaken at this point in order to renew.
learning outcomes
- Provide an overview of the vulnerability assessment process
- Learn about tools used during the vulnerability assessment process
- Understand the underlying concepts of TCP/IP, Ports and Protocols
- Apply critical thinking to solve problems encountered during an assessment
Apply tools and techniques to assess:
- external facing interfaces
- internal interfaces
- the threat of malware (Antimalware solutions,
- Application whitelisting)
- Assess the threat of common external attacks (Email, SMS etc)
- Assess the threat of common internal attacks (Web Applications, Downloads)
- Report/Explain Vulnerabilities found
Learning objectives
- Understand Information security in the corporate world
- Understand the laws and regulations involved with vulnerability assessing
- Understand quantifying and measuring risks associated with vulnerabilities
- Understand how to find internal and external vulnerabilities
- Understand how to test hardening measures for malware
- Report and explain vulnerabilities found throughout a project
Find Out More
Have a look at our Frequently Asked Questions or speak to our team