ISTQB® Certified Tester Security Tester (CT-ST) Practice Exam
ISTQB® Certified Tester Security Tester (CT-ST) Practice Exam
About ISTQB® Certified Tester – Security Tester Exam
The ISTQB® Security Tester (CT-ST) exam has been developed to assess the skills and knowledge of the candidates to perform tasks including planning, performing, and evaluating security tests considering perspectives like risk, requirements, vulnerability, and human factors. The certification exam covers security testing tools and standards.
Who should take the exam?
The Security Tester certification is aimed at people who have some experience in security testing and wish to further develop their expertise in security testing.
Eligibility Requirement
In order to appear for the ISTQB® Certified Tester Security Tester (CT-ST) exam candidates are required to qualify the Certified Tester Foundation Level certificate together with at least 3 years of relevant academic, practical, or consulting experience.
Exam Details
- Total Questions: 45 questions
- Total Points: 80 points
- Passing Score: 52 points
- Total Duration: 120 (+25% Non-Native Language)
Skills Evaluated
The following skills are evaluated for the candidate appearing for the ISTQB® Certified Tester Security Tester (CT-ST) exam -
- Ability to plan, perform and evaluate security tests based on policy, risk, defined standards, requirements and vulnerability.
- Ability to align security test activities with project lifecycle activities.
- Ability to analyze and evaluate the effective use of risk assessment techniques in a given situation to identify current and future security threats and assess their severity levels.
- Ability to analyze and evaluate the existing security test suite and identify any additional security tests.
- Ability to analyze and evaluate a given set of security policies and procedures, along with security test results for determining effectiveness.
- Ability to identify security test objectives based on functionality, technology attributes and known vulnerabilities.
- Ability to analyze a given situation and determine which security testing approaches are most likely to succeed in that situation.
- Ability to identify areas where additional or enhanced security testing may be needed.
- Ability to analyze and evaluate the effectiveness of security mechanisms.
- Ability to assist the organization build information security awareness.
- Ability to analyze and evaluate the attacker mentality by discovering key information about a target, performing actions on a test application in a protected environment that a malicious person would perform, and thereby understanding how evidence of the attack could be deleted.
- Ability to analyze and evaluate a given interim security test status report to determine the level of accuracy, understandability, and stakeholder appropriateness.
- Ability to analyze and document security tests required to be addressed by one or more tools.
- Ability to analyze and select candidate security test tools for a given tool search based on specified needs.
- Ability to define the benefits of using security testing standards and where to find them.
Course Outline
The ISTQB® Certified Tester Security Tester (CT-ST) Exam covers the following topics -
Domain 1 - Understanding the Basis of Security Testing
1.1 Security Risks
1.2 Information Security Policies and Procedures
1.3 Security Auditing and Its Role in Security Testing
Domain 2 - Understanding Security Testing Purposes, Goals and Strategies
2.1 Introduction
2.2 The Purpose of Security Testing
2.3 The Organizational Context
2.4 Security Testing Objectives
2.5 The Scope and Coverage of Security Testing Objectives
2.6 Security Testing Approaches
2.7 Improving the Security Testing Practices
Domain 3 - Understanding Security Testing Processes
3.1 Security Test Process Definition
3.2 Security Test Planning
3.3 Security Test Design
3.4 Security Test Execution
3.5 Security Test Evaluation
3.6 Security Test Maintenance
Domain 4 - Understanding Security Testing Throughout the Software Lifecycle
4.1 Role of Security Testing in a Software Lifecycle
4.2 The Role of Security Testing in Requirements
4.3 The Role of Security Testing in Design
4.4 The Role of Security Testing in Implementation Activities
4.5 The Role of Security Testing in System and Acceptance Test Activities
4.6 The Role of Security Testing in Maintenance
Domain 5 - Understanding the Testing Security Mechanisms
5.1 System Hardening
5.2 Authentication and Authorization
5.3 Encryption
5.4 Firewalls and Network Zones
5.5 Intrusion Detection
5.6 Malware Scanning
5.7 Data Obfuscation
5.8 Training
Domain 6 - Understanding Human Factors in Security Testing
6.1 Understanding the Attackers
6.2 Social Engineering
6.3 Security Awareness
Domain 7 - Understanding Security Test Evaluation and Reporting
7.1 Security Test Evaluation
7.2 Security Test Reporting
Domain 8 - Understanding Security Testing Tools
8.1 Types and Purposes of Security Testing Tools
8.2 Tool Selection
Domain 9 - Understanding Standards and Industry Trends
9.1 Understanding Security Testing Standards
9.2 Applying Security Standards
9.3 Industry Trends
What do we offer?
- Full-Length Mock Test with unique questions in each test set
- Practice objective questions with section-wise scores
- In-depth and exhaustive explanation for every question
- Reliable exam reports evaluating strengths and weaknesses
- Latest Questions with an updated version
- Tips & Tricks to crack the test
- Unlimited access
What are our Practice Exams?
- Practice exams have been designed by professionals and domain experts that simulate real-time exam scenario.
- Practice exam questions have been created on the basis of content outlined in the official documentation.
- Each set in the practice exam contains unique questions built with the intent to provide real-time experience to the candidates as well as gain more confidence during exam preparation.
- Practice exams help to self-evaluate against the exam content and work towards building strength to clear the exam.
- You can also create your own practice exam based on your choice and preference
