I failed the Scenario section of my Certified Infrastructure / Web Applications Tester examination. How can I improve?
• Read the questions, they actually give the mini breakdown of what’s expected. For example, for the issues where we expect to see a technical description, you should give a method to reproduce the issue along with some evidence and appropriate (not generic) recommendations for each issue.
• Answer all the questions. Again this might sound simple but people don’t always do this. It is impossible to give marks for empty sections/tasks. For example, where a question asks for two separate high risk vulnerabilities, make sure that there are two distinct vulnerabilities.
• When a section is worth 15 marks and you only give a couple of sentences, that answer isn’t going to get a lot of marks.
• Keep the target audience in mind, especially around the Technical Summary and Executive Summary. Too often for these sections we see a re-hash of other answers and they will not get any extra marks. Consider impact and risk and how a non-technical person would read this.
• Remember that this is a client report, so we would expect to see:
– A Table of Contents
– Name of consultant
– Name of client
– Date
– Scope
– Appropriate headings
– Etc
• Spelling and grammar are important; marks are removed for poor use of language.
• Don’t be too generic with recommendations.