ECSA v10 vs v9: What’s New on the Certification Exam
August 31, 2018
The updated EC-Council Certified Security Analyst (ECSA) v10 certification course and exam reflects a greater shift in several EC-Council certifications. This significant change comes in the form of a new ECSA Practical Exam. The Practical Exam element of the certification is an optional add-on exam that further verifies the skills and knowledge addressed by the ECSA course content. Certified Ethical Hacker (CEH) v10 has a practical exam as well now.
Before diving into the new practical exam, let’s examine the major changes to the ECSA v10 content.
Content Updates for ECSA v10
The ECSA content updates reflect larger trends that focus on preparing and testing modern cyber security professionals for the most pressing cyber security challenges facing organizations.
The core of the content covered in the certification maps to government and industry frameworks. Version 10 content maps to the NICE 2.0 Framework, specifically the NICE Framework Analyze (AN) and Collect and Operate (CO) specialty area.
New Module on Social Engineering
According to EC-Council, 43% of documented breaches involved social engineering. Version 9 and other programs do not spend enough time addressing this issue and mitigation techniques to combat the threat.
Increased Attention to Applying Pen Testing Methodologies
Look for an increased focus on how to apply methodologies for network, web application, database, wireless, and cloud pen testing. Leverage tools learned in CEH to apply them to scoping and engagement penetration testing methodologies to improve upon the ones from ISO 27001, OSSTMM, and NIST Standards.
Other content updates
The certification emphasizes the importance of utilizing manual and automated penetration testing tools and techniques. Automation only applies for coverage a portion of threats.
There is a stronger focus on report writing for analyzing and reporting on pen testing results. Cyber security professionals must know how to perform the hands-on penetration testing techniques with the appropriate skills, and be able to communicate the results, analysis, and recommendations to management. This is a vital skill that is tested in the knowledge and practical exams.
ECSA v10 Exam Requirements
The criteria for the exam is still the same as before. Exam candidates must:
- Be a CEH member in good standing
- Or hold at least two years of experience working in the InfoSec domain
- Or hold other relevant industry certifications, such as Offensive Security Certified Professional (OSCP) or GIAC Penetration Tester (GPEN)
- Exam Name: EC-Council Certified Security Analyst v10
- 150 questions
- 4 hours long
- Multiple Choice
- 70% minimum to pass
The New ECSA v10 Practical Exam
The ECSA v10 practical exam provides an chance to test your skills and earn the ECSA (Practical) credential after passing the knowledge exam.
This exam takes place over 12 hours where you encounter 8 different challenges that test your skills in a simulated organization with underlying networks and hosts. The challenges entail numerous tasks that you will face on the job, such as:
- Performing comprehensive security audits
- Performing advanced networking scans
- Running automated and manual vulnerability analysis
- Creating and executing exploits
- Writing penetration testing reports providing analysis and mitigation recommendations to move the organization in the right direction
ECSA v10 Practical Exam Format
- Exam name: EC-Council Certified Security Analyst (Practical)
- Number of Challenges: 8
- Duration: 12 hours
- Test format: iLabs cyber range
- Passing score: 5 out of 8 challenges and the submission of an acceptable penetration testing report
Why Take the ECSA v10 Practical Exam
Taking the Practical Exam may seem unnecessary at first, but it offers additional proof of your hands-on skills and knowledge to current and future employers. ECSA v9 and CEH v9 did not include these Practical exams. This is one way to separate yourself from the crowd of other individuals with EC-Council certifications without the practical exam credential.