The EXIN Cyber & IT Security Foundation certification builds IT professionals’ knowledge and understanding of the technical background surrounding digital security. It enables candidates to explain, understand and describe key concepts in Cyber and IT Security.
Try Sample Exam »
Who is this certification for?
This exam is intended for a broad audience who work in IT organizations including network administrators, application developers, auditors, quality managers and security officers. It creates a solid foundation of knowledge and enables candidates to progress to more specialized certifications that focus on the technical side of information security.
EXIN CISEF Exam Summary:
Exam Name | EXIN Cyber and IT Security Foundation |
Exam Code | CISEF |
Exam Price | $228 (USD) |
Duration | 60 mins |
Number of Questions | 40 |
Passing Score | 65% |
Sample Questions | EXIN CISEF Sample Questions |
Practice Exam | EXIN CISEF Certification Practice Exam |
EXIN CISEF Exam Syllabus Topics:
Topic | Details | Weights |
Tcp/Ip Networking – 10% | ||
Nodes, Node Connections & TCP/IP Addressing | The candidate can… – describe what a node is. – describe how nodes can be connected to each other. – explain the concepts of TCP/IP addressing of both IP v4 and IP v6. |
5% |
OSI Model, TCP/IP Model, Protocols | The candidate can… – describe the layers and main functionalities of the OSI and TCP/IP models. – explain the main network protocols, what their functionality is and how they fit into the OSI and TCP/IP reference models. |
5% |
Computer Systems – 10% | ||
Computer Architecture, Operating Systems | The candidate can… – explain the components of a computer system. – describe how an operating system works. – list the main operating systems. |
5% |
Computer System Vulnerabilities | The candidate can… – identify the most prevalent types of computer system vulnerabilities. |
2.5% |
Computer System Security Measures | The candidate can… – identify the main security measures related to computer systems. |
2.5% |
Applications & Databases – 15% | ||
Application Development | The candidate can… – explain the different methods and phases of the systems development life cycle. – describe the advantages and disadvantages of each of the different methods of the systems development lifecycle. – explain how to address security during the systems development life cycle. |
5% |
Databases | The candidate can… – describe the different database models. – explain the functionality of the database and the database management systems. |
5% |
Security Issues & Countermeasures | The candidate can… – describe the prevalent security issues related to applications development and databases. – explain the countermeasures against security issues related to applications and databases. |
5% |
Cryptography – 20% | ||
Encryption Methodologies & Standards | The candidate can… – differentiate between symmetric and asymmetric encryption. – identify encryption algorithms and standards. |
5% |
Digital Signatures, Hashing | The candidate can… – explain how digital signatures provide for authenticity and non-repudiation. – explain how hashing provides for the integrity of digital information. – describe the main hashing standards. |
5% |
Public Key Infrastructure (Pki) | The candidate can… – describe the components, parties and processes of a public key infrastructure. – explain what digital certificates and their use cases are. |
5% |
SSL/TLS, Ipsec | The candidate can… – explain the technology and use cases of SSL/TLS. – explain the technology and use cases of IPSec. |
5% |
Identity & Access Management – 15% | ||
Identification, Authentication, Biometrics, Single Sign-On (SSO), Password Management | The candidate can… – differentiate between identification and authentication. – describe the main technologies of authentication and two-factor authentication. – explain biometrics and their use cases. – explain the concepts and different types of Single sign-on (SSO). – explain password management and its use cases. |
10% |
Authorization | The candidate can… – describe how the principles of Need to know, Least privilege and Separation of Duties (SoD) relate to authorization. – describe authorization models such as role-based access control (RBAC) and attribute-based access control (ABAC). – describe the specifications and functionality of OpenID Connect and OAuth. |
5% |
Cloud Computing – 15% | ||
Characteristics & Deployment Models | The candidate can… – differentiate between the deployment models public cloud, private cloud and hybrid cloud. – explain the service models SaaS, PaaS, IaaS, SECaaS and IDaaS. |
10% |
Risks | The candidate can… – identify the risks of cloud computing. |
5% |
Exploiting Vulnerabilities – 15% | ||
Attack Categories & Threat Types | The candidate can… – identify the main attack categories of cybercrime. |
5% |
Actors & Tools | The candidate can… – recognize Black hat hackers, White hat hackers, Grey hat hackers, Script kiddies and Hacktivists. – identify which tools cybercriminals use. – identify the steps cybercriminals take to exploit vulnerabilities. |
10% |