CSX Practitioner Exam

CSX Practitioner Beta Exam Registration has closed. Results are expected to be released in Q3.

Coming Soon


CSX Practitioner Exam Prep Course

Purchase a Lab

Build your technical skills with immersive, hands-on training in an on-demand format!

Learn More


Not an ISACA member?

Learn how to become a member and gain access to our entire resource library, along with a host of other member benefits.

Join Now

The CSX Practitioner Certification (CSXP) exam has been updated to reflect the job tasks of today’s cybersecurity practitioner. CSX Practitioner Beta Exam Registration has closed. Results are expected to be released in Q3.

CSXP was named 2016 Top Professional Certification program by the SC Magazine Awards and remains the first and only comprehensive performance certification testing one’s ability to perform globally validated cybersecurity skills spanning five security functions – Identify, Protect, Detect, Respond, and Recover – derived from the CSXP Exam Content Outline. CSXP requires candidates demonstrate critical cybersecurity skills in a live, virtual environment assessing candidates’ analytical ability to identify and resolve network and host cybersecurity issues by applying foundational cybersecurity knowledge and skills required of an evolving cyber first responder.

ISACA will email Beta exam results once the new exam is released – tentatively Q3 2018. At that time, exam results will be uploaded to your MyCertification page of your ISACA profile. ISACA does not provide hardcopy score reports. Failure to respond to post-exam survey will delay results notification.


View Candidate’s Guide >>

 

 

 Exam Availability

Beta Exam Registration has closed. Beta results expected Q3

 Exam Description

The ISACA CSX Practitioner (CSXP) certification verifies that successful candidates have the knowledge and skills required to identify and remediate vulnerabilities; configure and implement protective technologies; and detect, respond, and recover from incidents.

 Content Areas

Domain 1-Business and Security Environment (23%)
Domain 2-Operational Security Readiness (23%)
Domain 3-Threat Detection and Evaluation (27%)
Domain 4-Incident Response and Recovery (27%)

 Certification Requirements

Pass CSX Practitioner examination
Compliance with ISACA’s Code of Professional Ethics
Compliance with ISACA’s CSX CPE Policy is required to maintain certification

 Type of Exam

Performance exam delivered by PSI Testing Solutions remote proctor capability

 Number of Tasks

30

 Length of Exam

4 hours to complete the exam.

 Passing Score

TBD (on scale of XXX–XXX)

 Languages

English

 Price

$400 member / $500 non-member

 Re-Certification Requirements

Attain and report 30 qualifying CPEs annually.
In year 3 of certification cycle: Retake and pass CSX Practitioner exam.


View CPE Policy >>

 

No specific training is required for the CSXP certification. CSXP candidates are assessed on their ability to perform cybersecurity tasks.

This 4-hour exam contains no multiple-choice questions or simulations and intentionally restricts access to the internet. Where applicable, man pages and help files are available. Candidates must complete tasks of varying durations with minimal instruction while navigating between multiple virtual machines and are expected to:

  • Demonstrate an ability to:
    • Use vulnerability assessment processes and scanning tool sets to identify and document vulnerabilities based on defined asset criticality and technical impacts.
    • Obtain and aggregate information from multiple sources – for example: logs, event data, network assessments – for use in threat intelligence, metrics incident detection, and response.
    • Implement specified cybersecurity controls – for network, application, endpoint, server, and more – and validate that controls are operating as required by defined policy or procedure.
    • Conduct ongoing control tests and validations to verify effectiveness of controls and identify deficiencies and vulnerabilities.
    • Implement and document changes to cybersecurity controls – for example: endpoint security and network security – in compliance with change management procedures.
    • Identify anomalous activity and potential internal, external, and third-party threats to network resources using network traffic monitors or intrusion detection and prevention systems, as well as ensure timely detection of indicators of compromise.
    • Perform initial attack analysis to determine the attack vectors, targets and scope and potential impact.
    • Execute defined response plans to contain damage on affected assets.
     
  • Be comfortable working with a variety of applications, operating systems, tools, and utilities prior to sitting for the exam. This includes but is not limited to:
    • ClamAV
    • Elastic
    • John the Ripper
    • Kali Linux
    • KeepNote
    • Kibana
    • Log Stash
    • Lynis
    • Microsoft Windows Server 2016
    • Microsoft Windows clients – all beginning with XP
    • Microsoft security features
    • MD5 and SHA hashing tools on Windows and Linux
    • Nmap/Zenmap
    • Network troubleshooting commands
    • OpenVAS
    • PfSense
    • Powershell (to access Windows data)
    • Security Onion
    • Squil
    • Tcpdump
    • Terminal applications
    • Ubuntu
    • Windows Event Forwarding
    • Wireshark  
     
  • Individuals unfamiliar with the Lab on Demand platform are encouraged to review this tutorial to gain insights regarding layout and navigation of the exam environment.

 

 

1

Business and Security Environment (ID)

23%

1A

Business Environment

 

1A1
1A2
1A3

Digital Infrastructure
Enterprise Architecture
Data and Digital Communication

 

1B

Security Environment

 

1B1
1B2
1B3
1B4

Network
Operating Systems
Applications
Virtualization and Cloud

 

2

Operational Security Readiness (PR)

23%

2A

Protection

 

2A1
2A2
2A3
2A4
2A5

Digital and Data Assets
Ports and Protocols
Protection Technologies
Identity and Access Management
Configuration Management

 

2B

Preparedness

 

2B1
2B2
2B3

Threat Modeling
Contingency Planning
Security Procedures

 

3

Threat Detection and Evaluation (DE)

27%

3A

Monitoring

 

3A1
3A2
3A3
3A4
3A5

Vulnerability Management
Security Logs and Alerts
Monitoring Tools and Appliances
Use Cases
Penetration Testing

 

3B

Analysis

 

3B1
3B2
3B3
3B4

Network Traffic Analysis
Packet Capture and Analysis
Data Analysis
Research and Correlation

 

4

Incident Response and Recovery (RS&RC)

27%

4A

Incident Handling

 

4A1
4A2

Notifications and Escalation
Digital Forensics

 

4B

Mitigation

 

4B1
4B2
4B3

Containment
Attack Countermeasures
Corrective Actions

 

4C

Restoration

 

4C1
4C2
4C3

Security Functions Validation
Incident Analysis and Reporting
Lessons Learned and Process Improvement

 

 

ISACA and authorized enterprise/training partners do offer training. Depending on provider, this may include self-paced on-line, in-person, or course offering at ISACA conferences. More information is coming soon.

 

Frequently Asked Questions

View Candidate’s Guide >>
View CPE Policy >>

Q: Why CSXP certification?

Employers, governments, and academia widely recognize the shortcomings of traditional multiple-choice exams. Whereas not all certifications are conducive to performance assessment, the cybersecurity industry demands it. No two corporate networks are identical meaning today’s cybersecurity practitioner must adapt to ever-changing environments. CSXP exam takers cannot simply “cram” – they must perform tasks using widely available security tools and in doing so have demonstrated aptitude for performing security tasks in dissimilar environments.

Q: What are the prerequisites to take the certification?

There are no prerequisites to take the CSXP certification exam. Any candidate who feels that he or she has the knowledge and ability to pass the certification requirements may take the certification.

Q: Where can I find a list of test centers?

There are none! The new CSXP exam is delivered by PSI remote proctoring solutions. Remotely proctored exams allow CSXP candidates greater scheduling flexibility without the need to locate and travel to a physical test center.

Q: How do I prepare for the certification?

Candidates are strongly encouraged to review the CSXP exam blueprint and other publicly available information coming soon. ISACA does offers training opportunities to aid preparation but should not be considered all encompassing.

Q: How long after I take the Beta until I get my results?

Beta results are typically available 1 month after the Beta closes.

Q: What happens if I pass the Beta?

Passing a Beta counts the same as passing a regular exam. Your certification will be valid for three (3) years after you pass the Beta exam.

Q: HOW DO I SCHEDULE MY CSX PRACTITIONER EXAM?

To schedule your exam, you will need to do the following:

  • Signin to your Nexus account at https://nexus.isaca.org
  • Click on “My Exams” tab to access your exam voucher
  • Click on “Access Exam Dashboard” and you will be taken to the PSI site to schedule your exam.
  • Click on “Schedule Exam”
  • Select “English” as the language, enter your “Country” and “Time Zone” then on the calendar choose an available “date” and “time”, then click “Continue”.
  • Confirm the “Schedule Details” and click “Continue”.
  • You will receive a confirmation email from no-reply@psiexams.com confirming your exam appointment.

Be sure to read through the important information regarding Exam Day Expectations, Cancellation and Rescheduling Policy, No-Show Policy and Equipment Needs.

Q: HOW DO I RESCHEDULE MY CSX PRACTITIONER EXAM?

Exams may be rescheduled up to 48 hours in advance. If you cancel or reschedule less than 48 hours in advance or do not show for your rescheduled exam, you forfeit your exam fee. Exams are not refundable nor transferrable.

To reschedule your exam, you will need to do the following:

  • Signin to your Nexus account at https://nexus.isaca.org
  • Click on “My Exams” tab to access your exam voucher
  • Click on “Access Exam Dashboard” and you will be taken to the PSI site to reschedule your exam.
  • Click on “Reschedule Exam”
  • Select “English” as the language, enter your “Country” and “Time Zone” then on the calendar choose an available “date” and “time”, then click “Continue”.
  • Confirm the “Schedule Details” and click “Continue”.
  • You will receive a confirmation email from no-reply@psiexams.com confirming your new exam appointment.

Q: HOW DO I PURCHASE AN EXTENSION FOR MY CSX PRACTITIONER EXAM?

Details to come after Beta.

Q: HOW DO I PREPARE FOR THE CERTIFICATION?

Candidates are strongly encouraged to review the CSXP exam blueprint and other publicly available information located here. ISACA does offers training opportunities to aid preparation but should not be considered all encompassing.