Certified Blue Team Practitioner
(CBTP)
The Certified Blue Team Practitioner (CBTP) exam is an entry-level exam to test a candidate’s knowledge on the core concepts of blue teaming.
Note: This exam will be made available on/before 23rd December 2025.
- MCQ
- 1 Hour
- Online
- On-demand
- Factual and Scenario based questions
£100
Who should take this exam?
The Certified Blue Team Practitioner exam validates a candidate’s foundational knowledge in defensive cybersecurity operations. It covers a broad range of blue team domains including digital forensics, log analysis, malware behavior, incident handling, and threat detection. CBTP is intended to be taken by security engineers, penetration testers, red and blue team members, and any security enthusiast who wants to evaluate and advance their knowledge.
What is the format of the exam?
The exam includes Multiple Choice Questions (MCQs) covering the syllabus. The time duration of the exam is 60 minutes. The exam will be proctored but can be taken online, anytime (on-demand) and from anywhere. The exam will cover a variety of questions, which are both factual and scenario based.
What is the pass criteria for the exam?
The pass criteria are as follows:
- Candidates scoring over 60% marks will be deemed to have successfully passed the exam.
- Candidates scoring over 75% marks will be deemed to have passed with merit.
What is the experience needed to take the exam?
This is an entry-level exam. It checks the understanding of core fundamentals in relation to blue team topics. Candidates should know about SOC & SIEM, digital forensics, incident response, and malware analysis, etc.
Note: Professional pentesting is not a requirement for this exam.
What will the candidates get?
On completing the exam, each candidate will receive:
- A certificate with their pass/fail and merit status.
- The certificate will contain a certificate number, which can be used by anyone to validate the certificate.
What is the exam retake policy?
Candidates who fail the exam, must purchase a new exam voucher.
What are the benefits of this exam?
The exam will allow candidates to demonstrate their understanding of the Blue Team. This will help them to advance in their career.
How long is the certificate valid for?
The certificate does not have an expiration date. However, the passing certificate will mention the details of the exam such as the exam version and the date. As the exam is updated over time, candidates should retake the newer version as per their convenience.
Exam Syllabus
Security Operations Center (SOC) Fundamentals
- SOC Architecture & Organization
- SOC Metrics & Performance
- Alert Management
- SOC Tooling Ecosystem
Security Information & Event Management (SIEM)
- SIEM Fundamentals
- Query Languages
- Detection Engineering
- Visualization & Reporting
Digital Forensics
- Forensic Fundamentals
- Windows Forensics
- Event Log Analysis
- File System Artifacts
- Registry Analysis
- Browser Artifacts
- Linux Forensics
- Memory Forensics
- Timeline Analysis
Network Security Monitoring
- Packet Analysis
- Protocol Analysis
- Network Threat Detection
- DNS Security
- Intrusion Detection Systems
Incident Response
- IR Lifecycle
- Evidence Collection
- Containment & Remediation
- Incident Documentation
Malware Analysis
- File Analysis Fundamentals
- Static Analysis
- Dynamic Analysis
- Malware Capabilities
- IOC Extraction
Active Directory Security
- AD Fundamentals
- Authentication Protocols
- Common AD Attacks
- Lateral Movement
- AD Monitoring & Detection
Threat Intelligence
- Intelligence Fundamentals
- Frameworks & Models
- Threat Intelligence Operations
- Intelligence Application
Email & Phishing Security
- Email Security Fundamentals
- Phishing Analysis
- Email Threat Response
Cloud Security Monitoring
- Cloud Logging & Visibility
- Cloud Threat Detection
- Cloud-Specific Considerations
Threat Hunting
- Hunting Fundamentals
- Hunting Methodologies
- Hunting Techniques
- Hunting Outputs
Security Automation & Orchestration
- SOAR Fundamentals
- Scripting & Automation