The exam consists of two parts, a traditional multiple choice, true/false and multiple answer examination and a take-home practical exam.
"Upon completion of the multiple choice exam, candidates are then distributed a take-home practical, in which they will be tested on their ability on three Challenges. Candidates have 60 days from the completion of the multiple choice exam to complete the practical examination. The three challenges are as follows:
Challenge #1: Discover and create a working exploit for Microsoft Windows Vulnerability.
Challenge #2: Discover and create a working exploit for a Unix / Linux Vulnerability.
Challenge #3: Reverse engineer a Windows Binary.
Candidates are instructed to submit a working exploit for Challenges #1 and #2. Partial credit is given for non-working exploits, when submitted with detailed documentation.
Challenge #3 requires that the candidate follow specific instructions, as well as optionally answer up to three questions about the binary and/or submit a binary with modified function as specified. Partial credit is also available for Challenge #3 with supporting documentation.
The practical is then submitted to an exam proctor, who will grade the exam. A 70% is considered a passing grade. Generally, candidates that submit working exploits as well as a properly reversed binary will pass the exam."
Needless to say, I'm sure the CEPT will continue to shine and hopefully grow in popularity. Jack Koziol is an excellent instructor who really knows his stuff and takes pen-testing beyond using automated tools and scripts. Good mojo.