The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!
From the Wiki University
What evidence can you provide to prove your understanding of each of the following citeria?
Prepare for penetration testing
|
|
Analyse organisation’s existing cyber security environment, systems and network requirements Completed |
Evidence:
|
Identify individual data types and level of security requirements Completed |
Evidence:
|
Establish and outline goal and objectives of performing penetration testing Completed |
Evidence:
|
Evaluate scanning tools and select according to vulnerability assessment requirements Completed |
Evidence:
|
Establish and document testing regime and schedule, and requirements according to organisational procedures Completed |
Evidence:
|
Conduct penetration tests
|
|
Perform penetration test according to testing plan and procedures Completed |
Evidence:
|
Identify and document vulnerabilities arising from vulnerability assessment Completed |
Evidence:
|
Identify and document potential threats arising from penetration test according to organisational and testing procedures Completed |
Evidence:
|
Conduct follow up activities
|
|
Remediate identified vulnerabilities according to testing procedures Completed |
Evidence:
|
Determine and document improvement plan Completed |
Evidence:
|
Evaluate penetration testing effectiveness against testing plan and procedures Completed |
Evidence:
|
Escalate unresolved vulnerabilities to required personnel Completed |
Evidence:
|
Submit documentation to required personnel and seek and respond to feedback Completed |
Evidence:
|