Use this quick start guide to collect all the information about CertNexus CSC (CSC-210) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the CSC-210 CertNexus Cyber Secure Coder exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual CertNexus CSC certification exam.
The CertNexus CSC certification is mainly targeted to those candidates who want to build their career in Cybersecurity domain. The CertNexus Cyber Secure Coder (CSC) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of CertNexus CSC.
CertNexus CSC Exam Summary:
| Exam Name | CertNexus Cyber Secure Coder (CSC) |
| Exam Code | CSC-210 |
| Exam Price | $367.50 (USD) |
| Duration | 120 mins |
| Number of Questions | 80 |
| Passing Score | 60% |
| Books / Training | CSC training |
| Schedule Exam | Pearson VUE |
| Sample Questions | CertNexus CSC Sample Questions |
| Practice Exam | CertNexus CSC-210 Certification Practice Exam |
CertNexus CSC-210 Exam Syllabus Topics:
| Topic | Details |
|---|---|
Common Secure Application Development Terminology and Concepts - 15% |
|
| Understand basic security principles |
- Encryption - Division of resources/categorization of components - The CIA Triad - AAA - Least privilege - Least common mechanism - Defense in Depth - Fail safe - Weakest link - Separation of duties - Monitoring |
| Identify common hacking terminology and concepts |
- Black hat, gray hat, white hat - Builders and breakers - Social engineering - Vulnerability - Exploits and attacks |
Job and Process Responsibilities Related to Secure Application Development - 15% |
|
| Explain the software development lifecycle |
- SDLC phases - Secure SDLC |
| Understand the role of the designer/architect in creating secure applications |
- Design deliverables - Whiteboarding - Compliance assurance and adherence to organizational requirements |
| Explain the role of the developer in creating secure applications |
- Development deliverables - Debugging tools - Use of standard libraries and APIs |
| Understand the role of the code reviewer in creating secure applications |
- Review deliverables - Static analysis tools - Dynamic code analysis tools |
| Understand the role of the application tester in creating secure applications |
- Testing deliverables - Penetration testing |
Architecture and Design - 18% |
|
| Interpret use and abuse cases |
- Design intentions - Attacks |
| Understand architecture and design industry best practices |
- Modular design - Design methodologies - Software design patterns - Security design patterns - Requiring strong passwords - Identity management process - Design of monitoring/logging system |
| Identify common regulations that relate to secure software development |
- HIPAA - PCI DSS - ISO 27001 - SOX - Country-specific privacy laws |
| Explain the importance of organizational requirements to the development of secure software applications |
- Internal organizational processes - Internal organizational policies |
Risk Assessment and Management - 17% |
|
| Classify common threats and vulnerabilities in terms of their impact on applications |
- OWASP Top 10 - CWE/SANS Top 25 - Attack vectors - Assets - Risks - Threat types - Countermeasures - Impacts - Probability |
| Compare and contrast common risk assessment and management best practices |
- Quantitative risk assessment - Qualitative risk assessment - Policy adjustments/updates - Architectural review |
Application Implementation - 35% |
|
| Implement input validation |
- Input vulnerabilities - Input validation techniques |
| Restrict the output of sensitive data |
- Output vulnerability - Output security techniques |
| Implement cryptography |
- Crypto libraries - Key management - Algorithm implementation - Secure storage of data |
| Implement authentication and access control |
- Password verification - Roles, permissions, groups - Implementation of secure session management - Account lockouts - Password recovery |
| Implement error handling and logging |
- Error message logging - Security exception logging - Log centralization |
| Implement communication security |
- SSL/TLS - Encrypted tunnels - Mobile app considerations - IoT app considerations - Security of web services |
| Implement application security parameters and configure security settings |
- Parameterizing security properties and settings - Configuration file protection - Default passwords on third-party applications |
| Implement secure database access |
- Elimination of string concatenation for database queries - Database connection access control |
To ensure success in CertNexus CSC certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for CertNexus Cyber Secure Coder (CSC-210) exam.