Top of Page

Certified in Cybersecurity Exam Outline

Last edited July 18, 2022

This exam outline enables pilot program candidates to familiarize themselves with the subject matter on which they will be evaluated during the pilot exam. The pilot exam outline is subject to change based on analysis of pilot exam administration results and ongoing evaluation of the entry-level certification pilot program. To learn more about the pilot certification, view our FAQs.

Exam Registration is Open

Start on your path to a cybersecurity career today. Turn your passion and drive into a rewarding career. No degree or experience required.

Candidates can register for the pilot exam via Pearson VUE. The process is simple:

  1. Create an account with Pearson VUE.
  2. Select the certification EL_Pilot: Entry Level Certification Pilot Examination.
  3. Schedule your exam and testing location.


Certified in Cybersecurity Examination Weights

DomainsAverage Weight# of Items
1. Security Principles26%20
2. Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts10%7
3. Access Controls Concepts22%17
4. Network Security24%18
5. Security Operations18%13

*Each exam also contains 25 pre-test items for a total of 100 items during the pilot exam. They’re included for research purposes only. The pre-test items aren’t identified, so answer every item to the best of your ability.


  • Domain 1 - Security Principles Domain 1 - Security Principles

    Domain 1:
    Security Principles (26%, 20 items)


    Understand the security concepts of information assurance

    • Confidentiality
    • Integrity
    • Availability
    • Authentication (e.g., methods of authentication, multi-factor authentication (MFA))
    • Non-repudiation
    • Privacy


    Understand the risk management process

    • Risk management (e.g., risk priorities, risk tolerance)
    • Risk identification, assessment and treatment


    Understand security controls

    • Technical controls
    • Administrative controls
    • Physical controls


    Understand (ISC)² Code of Ethics

    • Professional code of conduct


    Understand governance processes

    • Policies
    • Procedures
    • Standards
    • Regulations and laws
  • Domain 2 – Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts Domain 2 – Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts

    Domain 2:
    Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts (10%, 7 items)


    Understand business continuity (BC)

    • Purpose
    • Importance
    • Components


    Understand disaster recovery (DR)

    • Purpose
    • Importance
    • Components


    Understand incident response

    • Purpose
    • Importance
    • Components
  • Domain 3 – Access Controls Concepts Domain 3 – Access Controls Concepts

    Domain 3:
    Access Controls Concepts (22%, 17 items)


    Understand physical access controls

    • Physical security controls (e.g., badge systems, gate entry, environmental design)
    • Monitoring (e.g., security guards, closed-circuit television (CCTV), alarm systems, logs)
    • Authorized versus unauthorized personnel


    Understand logical access controls

    • Principle of least privilege
    • Segregation of duties
    • Discretionary access control (DAC)
    • Mandatory access control (MAC)
    • Role-based access control (RBAC)
  • Domain 4 - Network Security Domain 4 - Network Security

    Domain 4:
    Network Security (24%, 18 items)


    Understand computer networking

    • Networks (e.g., Open Systems Interconnection (OSI) model, Transmission Control Protocol/Internet Protocol (TCP/IP) model, Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6), WiFi)
    • Ports
    • Applications


    Understand network threats and attacks

    • Types of threats (e.g., distributed denial-of-service (DDoS), virus, worm, Trojan, man-in-the-middle (MITM), side-channel)
    • Identification (e.g., intrusion detection system (IDS), host-based intrusion detection system (HIDS), network intrusion detection system (NIDS))
    • Prevention (e.g., antivirus, scans, firewalls, intrusion prevention system (IPS))


    Understand network security infrastructure

    • On-premises (e.g., power, data center/closets, Heating, Ventilation, and Air Conditioning (HVAC), environmental, fire suppression, redundancy, memorandum of understanding (MOU)/memorandum of agreement (MOA))
    • Design (e.g., network segmentation (demilitarized zone (DMZ), virtual local area network (VLAN), virtual private network (VPN), micro-segmentation), defense in depth, Network Access Control (NAC) (segmentation for embedded systems, Internet of Things (IoT))
    • Cloud (e.g., service-level agreement (SLA), managed service provider (MSP), Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), hybrid)
  • Domain 5 - Security Operations Domain 5 - Security Operations

    Domain 5:
    Security Operations (18%, 13 items)


    Understand data security

    • Encryption (e.g., symmetric, asymmetric, hashing)
    • Data handling (e.g., destruction, retention, classification, labeling)
    • Logging and monitoring security events


    Understand system hardening

    • Configuration management (e.g., baselines, updates, patches)


    Understand best practice security policies

    • Data handling policy
    • Password policy
    • Acceptable Use Policy (AUP)
    • Bring your own device (BYOD) policy
    • Change management policy (e.g., documentation, approval, rollback)
    • Privacy policy


    Understand security awareness training

    • Purpose/concepts (e.g., social engineering, password protection)
    • Importance