CPENT Item Writing

Honor Board

What is Item Writing?

In the field of exam development, the questions that are used to construct tests and examinations are referred to as “items”, and the techniques involved in preparing those items are collectively referred to as item writing. EC-Council members are invited to submit potential exam items (questions) which shapes up the exam development process as stated in the ISO/IEC 17024 Standards.

In this process, the candidates are asked to write the exam items. These are used to map out quality assessments, which in turn are used for the creation of better versions of exam forms. This activity is instrumental to test development.

EC-Council’s Item Writing task is overseen by the Item Writing review board, who are all SMEs (Subject Matter Experts).

This is a remarkable way for candidates to use their creativity and imagination, while providing valuable insights into what you find easy and challenging.

EC-Council encourages the item writing exercise, as we believe that this is the finest way to build better exams while engaging and connecting with information security enthusiasts around the globe.

CPENT Exam Development Guidelines

The CPENT exam is a 100% hands-on practical. It focuses on real-world penetration testing skills and tests the candidate’s ability to think critically, enumerate thoroughly, and chain exploits effectively. This document outlines the expectations and development standards for the exam writers who are interested in contributing to the development of the CPENT exam.

Domain Selection and Expertise Requirement

The CPENT Exam environment comprises of 5 cyber ranges, each representing a specific information system infrastructure. Each exam writer is required to select one of the five ranges based on their area of expertise. The five exam ranges are as follows:

  • AD Range
  • Binaries Range
  • IoT Range
  • Web Range
  • Linux Infra (CTF) Range

Development Options

Exam writers may choose one of the two following methods to build and deliver the exam items:

1. Local Virtual Machine (VM) Creation

  • Build the exam using VMs on your local machine.
  • Submit:
    • The exported VM images
    • The detailed network topology (diagram + configuration)

2. Cloud-Based Development

  • Submit a basic specification of the system and network topology.
  • We will provision the base environment in our cloud-based cyber range.
  • Exam writer is responsible for configuring and implementing the exam challenges within the provided infrastructure.

Design Consideration

  • Exam writers must configure machines and cyber ranges to mimic a real-world scenario and should use realistic OSes, services, vulnerabilities and exploitation.
  • Exam writers must write and submit 10 flags (exam items) for their respective domain.
  • The flags should be appropriately complex so that it take approximately 4-5 hours to solve all the flags in a domain by an experienced pen tester
  • The flags should be designed in a manner that requires a diverse set of pen testing techniques as outlined in the CPENT Exam Blueprint.
  • Each flag must have at least one stable method to get to the solution and must not require guesswork.
  • Exam items (flags) in each domain should promote depth and creativity in solving the flags.

Deliverables:

  • VM images, network topologies and system configurations as per the development option selected.
  • Provide scoring recommendations (weightage) for flags based on their complexity.
  • Provide a complete walkthrough including all steps with commands, payloads, and screenshots for internal review.

Final Notes

  • We encourage innovation and unique approaches in challenge creation.
  • Submitted labs will undergo a review for technical quality, completeness, and adherence to the above standards.
  • Exam items will selected or rejected based on our review panel’s feedback.
  • Please ensure that your work is original. Copying or using plagiarized content is not acceptable.

Rewards of ECC Item Writing

  • Approved items are awarded a digital Certificate Of Participation, that will be sent to the candidate’s ASPEN email address.
  • Each approved item will be awarded 3 ECE credits that helps maintain certification(s).
  • An “EC-Council Item Writer” digital badge is awarded to participants whose items get approved, they in turn get to proudly share it on their social media.
  • The Contributor’s name will be published on our Honor Board.

Eligibility Criteria

In-order to contribute an item, you must,

  • Be certified in the title you want to write the item for, and your certification must be in good standing.
  • Have a minimum of 5 years of work experience in the Infosec domain.

Note: EC-Council CEI’s are not eligible to participate in this activity.