Exam Review Guide - Prometric

Review Guide 

Common Body of Knowledge 

Exam Content Outline 

How the Exam Was Built 

Study Strategy 

Exam Taking Tips 

Reference Material and Resources

Today’s world contains many people determined to break 

into computer systems for their own gain. Not one day 

goes by without a news story on the latest attempt. 

Whether they are agents of foreign governments, criminal 

elements or malicious individuals, they are all intent on 

obtaining data for their own gain. 

IT environments are central, then, to every element of business and government as they look for ways to prevent and 

detect these risks. And as such environments evolve, they create more complex interdependencies which drive the need 

for more professional technical expertise and leadership. This is why Prometric created this exam. 

We have also prepared this guide to help you get ready for Prometric’s Cyber Security Essentials Exam. In it, you will find 

the following topics covered: 

+ + Exam Content Outline 

+ + How the Exam Was built 

+ + Study Strategy 

+ + Exam Taking Tips 

+ + Reference Material and Resources 

Prometric | Canton Crossing Tower | 1501 South Clinton Street | Baltimore MD 21224 

www.prometric.com 2

Exam Content Outline 

You will find that Cyber Security Essentials is comprehensive in the material that it covers. The Exam consists of seven 

major subject areas that span the following. 

Information Systems Security − Means by which electronically stored information is kept confidential. Information 

Systems Security, also known as INFOSEC, often refers to the access controls to prevent unauthorized people from 

accessing an information system, which is accomplished through a combination of processes. 

Application Security − Use of software, hardware and procedural methods to protect applications from hacker threats. 

Because applications are increasingly accessible over networks, they are vulnerable to a wide variety of threats. 

Governance – Practices exercised by those responsible for an organization or enterprise. The overarching goal of 

governance is to provide an organization with a strategic direction to ensure that it reaches business objectives and that 

risks, including ever-increasing cyber security risks, are effectively managed. 

Compliance – How well an organization adheres to the standards of good practice when it comes to managing 

cyber risks. 

Operational Security - Identification and safeguarding of sensitive or critical information. In a well-run organization, 

management and users enhance operational security against cyber risks by instilling effective procedures and guidelines 

into the day-to-day operations. 

Network Security – Procedures and policies adopted by an organization’s computer network administrator to prevent 

unauthorized access or misuse of a computer network and systems attached to that network. It also refers to the 

systems put in place to ensure authorization of access to data in a network. 

Physical Security – Procedures and polices that blunt unauthorized access to areas in a facility where computer and 

networking resources are housed. Some common types of physical security include door alarms, video cameras, locked 

doors and barrier fences. 

Environmental Security – Protection of computer and networking resources from environmental damage from threats 

such as fire, water, smoke, dust, radiation and impact. 

Vulnerability Management – Consolidated methodology and process for assessing, mitigating and protecting an 

organization’s computer and networking resources, while also reducing the cost of security and compliance. 

Vulnerability management also includes assessing and planning for myriad threat scenarios, from environmental disaster 

to cyber attack. 


www.prometric.com 3

How the Exam Was Built 

Cyber Security Essentials was developed by Prometric in collaboration with senior IT engineers and technical staff from 

premier companies, spanning the globe, with more than 20 years of experience. These Subject Matter Experts (SMEs) 

who helped develop the exam hold excellent credentials including CISSP, CISA and CEH to name a few. They currently 

perform in a variety of fields, including computer hacking forensic investigation, ethical hacking, network security, digital 

forensics and cyber security. 

Prometric’s test design approach is founded in valid methods that follow well-established industry practices. Our 

services are in accordance with the four key measurement testing standards: 

The Standards for 

Educational and 

Psychological Testing 

(Standard 14) 

ANSI PCAC 

(GI 502) 

ANSI/ISO/IEC 

17024 

NCCA/ICE 

(Standard 10) 

These standards influence how a job analysis is conducted by outlining specific tasks, including: 

+ + Defining the job characteristics clearly; 

+ + Justifying why aspects of a profession are important; 

+ + Recruiting qualified SMEs to provide input during the study; 

+ + Sampling individuals that represent the full spectrum of practitioners by covering all job titles, major practice 

areas, work settings, geographic regions, ethnicities, demographics, genders and work experiences; 

+ + Developing a test specification for the construction of the examination; and 

+ + Updating the test specifications periodically with new job analyses (every three to five years, depending on 

the dynamic nature of the profession). 

All of our test design activities incorporate these standards, so you can trust that our methods have resulted in the 

development of the highest quality security exam. With Cyber Security Essentials, you have a vendor-neutral exam 

that affords you a flexible, affordable option while accurately measuring your competency in the content area 

described above. 


www.prometric.com 4

Study Strategy and Where to Find Training Curriculum 

Talk to people! Every organization has one or more expert in any security subject area you could imagine. 

Study Strategy 

Cyber Security Essentials is an affordable option that is just as comprehensive as other well-known entry-level security 

exams in the market place, such as CompTIA Security+ and GIAC Security Essentials, to name a few. There is a lot 

to know, and you should give yourself plenty of time to study. Begin by reviewing Prometric’s list of references and 

resources that are available on the website (also included in this guide). After looking over this list, you can start focusing 

on those references you realistically have time to absorb. Here are some other useful ideas: 

+ + The Exam is 100 well-researched multiple-choice questions, and the questions went through a rigorous 

process before being placed in the Exam. 

+ + You will have 2 hours to complete the Exam, and no breaks are included. 

+ + There is no extra penalty for wrong answers. (Wrong answers are not subtracted from the right answers.) 

+ + You need to get 180 “points” out of a possible 300 to pass. Prometric applies advanced statistical methodology 

to convert to a 3-digit scale that will allow the same ability level to be required to pass over time and across 

multiple versions of the test. 

+ + The Exam questions force you to read them carefully and consider context. 

+ + You should understand that the Exam tests your in-depth knowledge and your ability to integrate knowledge 

and experience, not your ability to merely memorize facts. 

+ + Attack the Content Domains one at a time, remembering that you will want to review the material. Remember to 

make time for review. 

+ + Assemble the material reflecting each Domain in turn. 

+ + Read, review and repeat. Repetition and review are good. 

+ + Identify those non-security areas in which you need deeper knowledge and get up to speed on them. We can’t 

tell you what to study here, but you’ll see your technical knowledge gaps as you study. 

+ + Identify those security areas where you need additional help. Focus on them. 


www.prometric.com 5

As you look over the sample Exam questions, you’ll see what we’re getting at. They include the following: 

1. A company needs to digitally sign all of the data sent to its customers. What should the administrator use 

to digitally sign the data? 

(A) 

(B) 

(C) 

(D) 

Asymmetric Keys 

Standard Keys 

Symmetric Keys 

Quantitative Keys 

2. What standard does a Certificate Authority (CA) use to create a certificate? 

(A) X.509 

(B) X.802 

(C) X.423 

(D) X.129 

3. The concept of comparing the best practices and performance metrics of other companies with similar 

processes is known as: 

(A) 

(B) 

(C) 

(D) 

Benchmarking 

Gap Analysis 

Baselining 

Quantifying 

4. If an intrusion detection system wanted to only monitor web traffic, on what would the rules filter? 

(A) 

(B) 

(C) 

(D) 

IP Address 

Port 

User Name 

Destination Name 

5. What security technique can be used to identify malicious HTTPS (Secure Hyper Text Transport 

Protocol) tunnels? 

(A) 

(B) 

(C) 

(D) 

Detection inspection 

Context inspection 

Plain HTTP inspection 

SSL inspection 

Training Curriculum 

You are also fortunate that there are now lots of training courses at a host of IT training organizations who have strong 

partner relationships with Prometric, including New Horizons Learning Centers and Global Knowledge, to name just two. 

You will find that they have reputable training material and even cyber security “boot camps” that will help you along 

the way. 


www.prometric.com 6

Exam-Taking Tips 

+ + Enter the Exam room as rested and relaxed as possible. Forget about last minute cramming. Passing Cyber 

Security Essentials depends on in-depth understanding. Cramming the night before won’t help you. Rest will. 

+ + Pay attention to the testing center regulations and requirements. Prometric is serious about the security of the 

Exam and the testing environment, so expect a great deal of monitoring and scrutiny. 

+ + Study the questions carefully. No word is wasted. Every word is important. Remember that the “easy” questions 

might have a nuance you are not expecting. Remember also, these questions are highly researched. Every 

word in the question is there for a reason. On the flip side, try not to read into a question a meaning or context 

that is not literally in the question. 

+ + Look closely for key words, especially NOT, EXCEPT, FIRST and BEST. 

+ + Think the “big picture.” Look for the most universal or general choice in the list of response options. 

+ + Try to eliminate the obviously wrong choices. Every choice you eliminate works in your favor. 


www.prometric.com 7

Reference Materials and Resources 

You will want to arm yourself with some of the more helpful texts. The authors of this document found the following books 

and online resources to be helpful. You are also fortunate that there are now lots of books hitting the CISSP marketplace. 

Just go to a bookseller of your choice (e.g., Amazon) and search on topics such as “CISSP.” 

Books 

1. Amies, Alex; Sluiman, Harm; Liu, Guo Ning, Infrastructure as a Service Cloud Concepts, (2012) -Developing and 

Hosting Applications on the Cloud. IBM Press. 

2. Bosworth, Seymour & Kabay, M.E. & (eds), Eric Whyne. Computer Security handbook, fifth edition. 

ISBN:9780471716525. 

3. Grimes, Roger A., Honeypots for windows., (2005) -Page # of reference: Chapter 1: An Introduction to Honeypots 

ISBN:9781590593356. 

4. Haines, Brad., Seven Deadliest Wireless Technologies Attacks., (2010). ADVANCED WPA AND WPA2 CRACKING 

ISBN:9781597495417. 

5. Ingram, D., Design - Build - Run: Applied Practices and Principles for Production-Ready Software Development. 

(2009). 

6. Krause, Micki; Tipton, Harold F., Information Security Management Handbook (Fourth Edition), (1997), (2009), CRC 

Press/Auerbach Publications. ISBN-10: 0849308003, ISBN-13: 978-0849308000. This is what some consider 

the classic text. 

7. Ligh, Michael Hale; Adair, Steven; Hartstein, Blake; Richard, Matthew., Malware Analyst’s Cookbook: Tools and 

Techniques for Fighting Malicious Code. (2011). ISBN:9780470613030. 

8. Littlejohn Shinder, Debra; Cross, Michael, Scene of the Cybercrime, Second Edition. 

9. Lowe, Doug, Networking all-in-one for dummies, (2011) -Pg: Controlling User Access with Permissions 

ISBN:9780470625873. 

10. National Institute of Standard and Technology (NIST) Special Publications – various. 

11. Orebaugh, A.; Pinkard, B., Nmap In the Enterprise: Your Guide to Network Scanning, (2008) -Chapter 1 - 

Introducing Network Scanning ISBN:9781597492416. 

12. Prowell, Stacy; Kraus, Rob; Borkin, Mike, Seven Deadliest Network Attacks, (2010) -Chapter 2: War Dialing 

ISBN:9781597495493. 

13. Stallings, W, Network Security Essential (2rd edition). (2003) -Pg; 88-89. 

14. Whitman, Michael E., Mattord, Herbert J., and Green, A. (2012). Guide to Firewalls and VPNs (3rd edition). Course 

Technology: Boston, MA. 

15. Vyncke, Eric; Paggen, Christopher., Lan Switch Security: What Hackers Know About Your Switches: A Practical 

Guide to Hardening Layer 2 Devices and Stopping Campus Network Attacks., (2008). ISBN:9781587052569. 

16. Whitman, Michael E. and Mattord, Herbert J. (2009). Principles of Information Security (3rd edition). Course 

Technology: Boston, MA. 


www.prometric.com 8

Internet 

The Web is a fantastic source for material, too. A search with the “CISSP” key word, for example, will result in lots of 

material. In addition, a search on the Domain titles will uncover lots of material, too. Here are some of the better Web 

sources we recommend: 

https://www.owasp.org - OWASP - The Open Web Application Security Project 

http://www.postcastserver.com 

http://www.n2net.net 

http://www.pcmag.com/encyclopedia_term/0,1237,t=whitelist&i=54441,00.asp 

http://www.infosecurity-magazine.com/view/26475/whitelisting-is-the-solution-for-the-national-infrastructure/ 

http://www.postcastserver.com/help/Internet_Black_and_White_Lists.aspx 

http://netforbeginners.about.com 

http://www.us-cert.gov 

http://www.sans.edu/research/security-laboratory/article/it-separation-duties - SANS Technology Institute 

http://www.openxtra.co.uk/articles/data-center-environmental 

http://www.dna.gov 

http://www.active-directory-privilege-escalation-security-risks.com/2012/07/in-this-post-we-will-look-at-3-primary.html 

http://www.theiia.org 

http://www.ietf.org - The Internet Engineering Task Force (IETF) 

http://www.domaintools.com 

http://www.auditnet.org 

https://www.ncjrs.gov – National Criminal Justice Reference Service 

http://searchvmware.techtarget.com 

http://www.unesco.org – United Nations Educational, Scientific and Cultural Organization 

http://www.clir.org – Council on Library and Information Resources 


www.prometric.com 9

Prometric, a wholly-owned subsidiary of ETS, is a trusted provider of technology-enabled testing and assessment. With 

more than 20 years’ experience, innovative testing methods, market-leading solutions and a secure worldwide network 

of more than 4,000 IT testing centers, you can count on us for your IT Certification program in cyber security. 

Find Out More 

Just visit www.prometric.com 

Copyright© 2013 Prometric, Inc. All Rights Reserved.

Exam Review Guide - Prometric

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?