Exam Structure & Requirements

All Encrypted Syntax certifications (CEPT, CCES, and CDOE) use a remote, hands-on practical exam that mirrors real-world work.

1. Exam Overview

Every Encrypted Syntax certification exam is designed to test your ability to operate in realistic environments, not just memorize commands.

  • Format: Fully remote, hands-on lab exam
  • Duration: 7 consecutive days (168 hours) of lab access
  • Pace: Self-paced within your 7-day window
  • Deliverable: A professional report submitted before your exam window ends
  • Environment: Dedicated per-student lab with realistic enterprise infrastructures

Your 7 days of access include both technical work and report writing time. Once your exam window starts, the clock runs continuously.

2. What You’ll Be Doing (By Certification)

Each certification focuses on a different type of environment, but they all follow a similar “objectives + report” structure.

CEPT — Certified Enterprise Penetration Tester

  • Compromise externally and internally exposed services.
  • Enumerate and attack Active Directory and enterprise hosts.
  • Pivot between networks and escalate privileges to prove impact.
  • Document vulnerabilities, exploitation paths, and risk.
  • Produce a full penetration test report similar to client deliverables.

CCES — Certified Cloud Exploitation Specialist

  • Enumerate cloud resources, identities, and trust relationships.
  • Abuse misconfigurations and IAM roles, policies, and permissions.
  • Exploit realistic cloud paths (SSRF → metadata → credentials).
  • Demonstrate lateral movement and data exposure in cloud environments.
  • Deliver a cloud-focused assessment report with risks and mitigations.

CDOE — Cyber Defense Operations Expert

  • Analyze logs, alerts, and artifacts from a compromised environment.
  • Reconstruct attacker activity, initial access, and impact.
  • Perform forensics and malware indicator triage.
  • Recommend detection improvements and hardening steps.
  • Submit an incident response / DFIR-style report.

3. Grading & Passing Criteria

Exams are graded on two major pillars:

  • Technical Objectives
    Systems compromised or objectives completed, quality of evidence (screenshots, logs, commands), and depth of understanding of how and why attacks or investigations were performed.
  • Reporting Quality
    Structure, clarity, accuracy of vulnerability or incident descriptions, reproducible steps, and practical remediation or hardening recommendations.

You must meet the minimum standard in both technical work and reporting to pass.

4. Exam Attempts & Retake Policy

  • Initial Attempt: 7 days of lab access plus time to complete and submit your report.
  • Free Retake: One free retake is available if you do not pass your first attempt. It must be started immediately or within 7 days of your failure notification, and it will use the same exam version.
  • Third Attempt: If you fail both the initial attempt and the free retake, you must purchase a new exam voucher ($150) to take a third attempt. The third attempt may use the same or a different exam version at Encrypted Syntax’s discretion.

Abuse of the retake policy or integrity violations may result in a permanent ban from future exams.

5. Technical Requirements

You are responsible for having an environment capable of completing the exam.

  • Stable and reliable internet connection.
  • Modern OS (Linux, Windows, or macOS).
  • Ability to run a VPN client (details provided in your exam email).
  • Hardware sufficient to run your tools and local VMs if desired.

Encrypted Syntax does not provide support for your local operating system, hardware issues, or home network configuration during your exam window.

6. Allowed Tools & Resources

You may use the following during your exam:

  • Standard pentesting, cloud, or DFIR tools installed on your own machine.
  • Your own personal notes, cheat sheets, mind maps, and summaries.
  • Official documentation from vendors (Microsoft, AWS, etc.).
  • Non-interactive references (blogs, documentation) for general techniques.

You are expected to understand every command, script, and tool that you use in the exam.

7. Use of AI Tools

AI tools are allowed in limited ways, but may not be used to “solve” the exam for you.

Allowed:

  • Using AI to generate generic helper code (e.g., parser, automation script).
  • Using AI to clarify or refactor non-exam-specific text.

Strictly Not Allowed:

  • Sharing any exam-specific details (hosts, IPs, screenshots, configs) with AI tools.
  • Asking AI or others for step-by-step help on your specific exam environment.
  • Using AI to write large portions of your exam report.

Violations are treated the same as collaborating with another person: immediate disqualification and possible permanent ban.

8. Collaboration & Academic Integrity

All exam work must be completed by you alone. Collaboration undermines the credibility of the certification.

  • No collaboration, pair-hacking, screen-sharing, or live coaching.
  • You may not share exam content, solutions, screenshots, or walkthroughs.
  • You may not post exam details online (Discord, forums, social media).
  • Any external help or shared code tied to the exam results in immediate disqualification.

9. Prohibited Actions in the Lab

You are not allowed to perform any actions that damage or disrupt the exam environment:

  • No DoS or DDoS attacks on lab systems or infrastructure.
  • No intentional crashing or corrupting of systems.
  • No pivoting or attacking outside authorized exam scope.
  • No tampering with hypervisors, VPN gateways, or grading infrastructure.

Attempts to break or destabilize the lab environment will result in immediate failure and may lead to a permanent ban.

10. Report Submission

You must submit a single PDF report before your exam window closes, using the official Encrypted Syntax report template.

  • Provide an executive summary for non-technical stakeholders.
  • Outline scope, methodology, and tooling.
  • Detail technical findings with proof (screenshots, logs, commands).
  • Explain impact, risk levels, and likelihood.
  • Provide clear remediation or hardening steps.

Late reports are not accepted unless an extension is granted in writing before your exam window closes.

11. After the Exam

Once your report is submitted, your exam and submission will be manually reviewed.

  • You will receive a pass/fail result and general feedback.
  • If you pass, you will receive your digital certificate and verification details.
  • If you do not pass, use your feedback to prepare for your free retake or third attempt.