Vulnerability Assessment plus exam

This exam (VA+), developed by NCSC and IASME, is a requirement for all Cyber Essentials Plus assessors that do not have a Lead Assessor qualification.


The exam syllabus contains a series of modules that should help you focus on preparation for the exam assessment. It is highly recommended that your learning journey include both theory and practical study.

You can download the exam syllabus here

You can download the guidance notes here


    The exam is run remotely and is split into 4 sections, all of which must be passed by obtaining 60% or more in each:


    • Multiple choice paper – 1 hour
    • Vulnerability Scan – 30 minutes
    • Essay – 2 hours
    • Viva – 15 minutes


    The cost of the exam is £500 + vat per person



    If you fail the multiple choice paper but pass the other elements then you will be able to re-sit just that paper.

     If you fail any of the other elements of the exam then you will need to re-sit the whole exam after waiting 1 month (and pay again).  


    learning outcomes

    • Provide an overview of the vulnerability assessment process.
    • Learn about tools used during the vulnerability assessment process.
    • Understand the underlying concepts of TCP/IP, Ports and Protocols.
    • Apply critical thinking to solve problems encountered during an assessment

    Apply tools and techniques to assess:

    • external facing interfaces.
    • internal interfaces
    • the threat of malware (Antimalware solutions, Application whitelisting)
    • Assess the threat of common external attacks (Email, SMS etc)
    • Assess the threat of common internal attacks (Web Applications, Downloads)
    • Report/Explain Vulnerabilities found

      Learning objectives

      • Understand Information security in the corporate world.
      • Understand the laws and regulations involved with vulnerability assessing
      • Understand quantifying and measuring risks associated with vulnerabilities
      • Understand how to find internal and external vulnerabilities
      • Understand how to test hardening measures for malware
      • Report and explain vulnerabilities found throughout a project.

      Book to take the exam

      Please contact us to find out the next dates available to take this exam and book a place

      Find Out More

      Have a look at our Frequently Asked Questions or speak to our team