CSX Practitioner Exam

The CSX Practitioner Exam is now available.

Save an additional 25% for members/20% for non-members now thru 30 November on the Exam!

Additional $100 off when individuals purchase the CSX Practitioner Exam Prep Training and Exam Bundle!

ISACA Member: $400

Non-Member: $500

Purchase Exam


CSX Practitioner Exam Prep Course

Purchase a Lab

Build your technical skills with immersive, hands-on training in an on-demand format!

Learn More


Not an ISACA member?

Learn how to become a member and gain access to our entire resource library, along with a host of other member benefits.

Join Now

The CSX Practitioner Certification (CSXP) exam has been updated to reflect the job tasks of today’s cybersecurity practitioner.

CSXP was named 2016 Top Professional Certification program by the SC Magazine Awards and remains the first and only comprehensive performance certification testing one’s ability to perform globally validated cybersecurity skills spanning five security functions – Identify, Protect, Detect, Respond, and Recover – derived from the CSXP Exam Content Outline. CSXP requires candidates demonstrate critical cybersecurity skills in a live, virtual environment assessing candidates’ analytical ability to identify and resolve network and host cybersecurity issues by applying foundational cybersecurity knowledge and skills required of an evolving cyber first responder.


View Candidate’s Guide >>

 

 

 Exam Availability

September 2018

 Exam Description

The ISACA CSX Practitioner (CSXP) certification verifies that successful candidates have the knowledge and skills required to identify and remediate vulnerabilities; configure and implement protective technologies; and detect, respond and recover from incidents.

 Content Areas

Domain 1-Business and Security Environment (23%)
Domain 2-Operational Security Readiness (23%)
Domain 3-Threat Detection and Evaluation (27%)
Domain 4-Incident Response and Recovery (27%)

 Certification Requirements

Pass CSX Practitioner examination
Compliance with ISACA’s Code of Professional Ethics
Compliance with ISACA’s CSX CPE Policy is required to maintain certification

 Type of Exam

Remotely proctored performance exam delivered by PSI Testing Solutions

 Number of Tasks

30

 Length of Exam

4 hours (240 minutes) to complete and score their exam. Candidates are strongly encouraged to submit their exam for scoring at 3 hours 45 minutes. Proctors will communicate when 15 minutes remain.

 Languages

English only

 Price

$400 member / $500 non-member

 Re-Certification Requirements

Attain and report 30 qualifying CPEs annually.
In year 3 of certification cycle: Retake and pass CSX Practitioner exam.


View CPE Policy >>

 

No specific training is required for the CSXP certification. CSXP candidates are assessed on their ability to perform cybersecurity tasks.

This 4-hour exam contains no multiple-choice questions and intentionally restricts access to the internet. Where applicable, man pages and help files are available. Candidates must complete tasks of varying durations with minimal instruction while navigating between multiple virtual machines and are expected to:

  • Demonstrate an ability to:
    • Use vulnerability assessment processes and scanning tool sets to identify and document vulnerabilities based on defined asset criticality and technical impacts.
    • Obtain and aggregate information from multiple sources – for example: logs, event data, network assessments – for use in threat intelligence, metrics incident detection, and response.
    • Implement specified cybersecurity controls – for network, application, endpoint, server, and more – and validate that controls are operating as required by defined policy or procedure.
    • Conduct ongoing control tests and validations to verify effectiveness of controls and identify deficiencies and vulnerabilities.
    • Implement and document changes to cybersecurity controls – for example: endpoint security and network security – in compliance with change management procedures.
    • Identify anomalous activity and potential internal, external, and third-party threats to network resources using network traffic monitors or intrusion detection and prevention systems, as well as ensure timely detection of indicators of compromise.
    • Perform initial attack analysis to determine the attack vectors, targets and scope and potential impact.
    • Execute defined response plans to contain damage on affected assets.
     
  • Be comfortable working with a variety of applications, operating systems, tools, and utilities prior to sitting for the exam. This includes but is not limited to:
    • ClamAV
    • Elastic
    • John the Ripper
    • Kali Linux
    • KeepNote
    • Kibana
    • Log Stash
    • Lynis
    • Microsoft Windows Server 2016
    • Microsoft Windows clients – all beginning with XP
    • Microsoft security features
    • MD5 and SHA hashing tools on Windows and Linux
    • Nmap/Zenmap
    • Network troubleshooting commands
    • OpenVAS
    • PfSense
    • Powershell (to access Windows data)
    • Security Onion
    • Squil
    • Tcpdump
    • Terminal applications
    • Ubuntu
    • Windows Event Forwarding
    • Wireshark  
     
  • Individuals unfamiliar with the Lab on Demand platform are encouraged to review this tutorial to gain insights regarding layout and navigation of the exam environment.

 

 

1

Business and Security Environment (ID)

23%

1A

Business Environment

 

1A1
1A2
1A3

Digital Infrastructure
Enterprise Architecture
Data and Digital Communication

 

1B

Security Environment

 

1B1
1B2
1B3
1B4

Network
Operating Systems
Applications
Virtualization and Cloud

 

2

Operational Security Readiness (PR)

23%

2A

Protection

 

2A1
2A2
2A3
2A4
2A5

Digital and Data Assets
Ports and Protocols
Protection Technologies
Identity and Access Management
Configuration Management

 

2B

Preparedness

 

2B1
2B2
2B3

Threat Modeling
Contingency Planning
Security Procedures

 

3

Threat Detection and Evaluation (DE)

27%

3A

Monitoring

 

3A1
3A2
3A3
3A4
3A5

Vulnerability Management
Security Logs and Alerts
Monitoring Tools and Appliances
Use Cases
Penetration Testing

 

3B

Analysis

 

3B1
3B2
3B3
3B4

Network Traffic Analysis
Packet Capture and Analysis
Data Analysis
Research and Correlation

 

4

Incident Response and Recovery (RS&RC)

27%

4A

Incident Handling

 

4A1
4A2

Notifications and Escalation
Digital Forensics

 

4B

Mitigation

 

4B1
4B2
4B3

Containment
Attack Countermeasures
Corrective Actions

 

4C

Restoration

 

4C1
4C2
4C3

Security Functions Validation
Incident Analysis and Reporting
Lessons Learned and Process Improvement

 

 

ISACA and authorized training partners offer training for the CSX Practitioner Certification. This course is offered by ISACA as a self-paced on-line course. In person training is available thru ISACA approved training partners.

WHY CSX PRACTITIONER EXAM PREP TRAINING?

CSX Practitioner Exam Prep Training helps you develop and build the technical cybersecurity skills necessary to sit for the CSX Practitioner certification exam. Becoming a Certified Cybersecurity Practitioner is a testament to your real-life skills and shows employers that you have both the knowledge and the technical ability to walk into an organization and do the job from day one.

COURSE STRUCTURE

Each lesson and corresponding lab in this immersive training covers complex technical skills and concepts in one of five areas aligned to existing global cybersecurity frameworks:

  • Identify: Identification, assessment and evaluation of assets, threats and vulnerabilities in both internal and external networks
  • Protect: Implementation of cybersecurity controls to protect a system from identified threats
  • Detect: Detection of network and system incidents, events and compromise indicators, along with assessment of potential damage
  • Respond: Execution of comprehensive incident response plans and mitigation of cyber incidents
  • Recover: Recovery from incidents and disasters, including post incident-response documentation and implementation of continuity plans

Each lesson covered in the course is matched with practice labs and tools

Frequently Asked Questions

View Candidate’s Guide >>
View CPE Policy >>

Q: Why CSXP certification?

Employers, governments, and academia widely recognize the shortcomings of traditional multiple-choice exams. Whereas not all certifications are conducive to performance assessment, the cybersecurity industry demands it. No two corporate networks are identical meaning today’s cybersecurity practitioner must adapt to ever-changing environments. CSXP exam takers cannot simply “cram” – they must perform tasks using widely available security tools and in doing so have demonstrated aptitude for performing security tasks in dissimilar environments.

Q: What are the prerequisites to take the certification?

There are no prerequisites to take the CSXP certification exam. Any candidate who feels that he or she has the knowledge and ability to pass the certification requirements may take the certification.

Q: Where can I find a list of test centers?

There are none! The new CSXP exam is delivered by PSI remote proctoring solutions. Remotely proctored exams allow CSXP candidates greater scheduling flexibility without the need to locate and travel to a physical test center.

Q: How do I prepare for the certification?

Candidates are strongly encouraged to review the Exam Content Outline and Preparation tabs on this website, as well as other publicly available information. ISACA offers training opportunities to aid preparation but should not be considered all encompassing.

Q: HOW DO I SCHEDULE MY CSX PRACTITIONER EXAM?

To schedule your exam, you will need to do the following:

  • Signin to your Nexus account at https://nexus.isaca.org
  • Click on “My Nexus” (top right), select "Exam Access and Scheduling" from the drop-down menu to access your CSXP exam voucher
  • Click on “Access Exam Dashboard” and you will be taken to the PSI site to schedule your exam.
  • Click on “Schedule Exam”
  • Select “English” as the language, enter your “Country” and “Time Zone” then on the calendar choose an available “date” and “time”, then click “Continue”.
  • Confirm the “Schedule Details” and click “Continue”.
  • You will receive a confirmation email from no-reply@psiexams.com confirming your exam appointment.

Be sure to read through the important information regarding Exam Day Expectations, Cancellation and Rescheduling Policy, No-Show Policy and Equipment Needs.

Q: HOW DO I RESCHEDULE MY CSX PRACTITIONER EXAM?

Exams may be rescheduled up to 48 hours in advance. If you cancel or reschedule less than 48 hours in advance or do not show for your rescheduled exam, you forfeit your exam fee. Exams are not refundable nor transferable.

To reschedule your exam, you will need to do the following:

  • Signin to your Nexus account at https://nexus.isaca.org
  • Click on “My Nexus” (top right), select "Exam Access and Scheduling" from the drop-down menu to access your CSXP exam voucher
  • Click on “Access Exam Dashboard” and you will be taken to the PSI site to reschedule your exam.
  • Click on “Reschedule Exam”
  • Select “English” as the language, enter your “Country” and “Time Zone” then on the calendar choose an available “date” and “time”, then click “Continue”.
  • Confirm the “Schedule Details” and click “Continue”.
  • You will receive a confirmation email from no-reply@psiexams.com confirming your new exam appointment.