I failed the Scenario section of my Certified Infrastructure / Web Applications Tester examination. How can I improve?

•   Read the questions, they actually give the mini breakdown of what’s expected.  For example, for the issues where we expect to see a technical description, you should give a method to reproduce the issue along with some evidence and appropriate (not generic) recommendations for each issue.

• Answer all the questions.  Again this might sound simple but people don’t always do this.  It is impossible to give marks for empty sections/tasks.  For example, where a question asks for two separate high risk vulnerabilities, make sure that there are two distinct vulnerabilities.

• When a section is worth 15 marks and you only give a couple of sentences, that answer isn’t going to get a lot of marks.

• Keep the target audience in mind, especially around the Technical Summary and Executive Summary.  Too often for these sections we see a re-hash of other answers and they will not get any extra marks.  Consider impact and risk and how a non-technical person would read this.

• Remember that this is a client report, so we would expect to see:
– A Table of Contents
– Name of consultant
– Name of client
– Date
– Scope
– Appropriate headings
– Etc

• Spelling and grammar are important;   marks are removed for poor use of language.

• Don’t be too generic with recommendations.