In the exam, you will have a number of machines that you need to exploit, you can get partial points for partial access, meaning a local shell but not root/Administrator access will get you partial points. Full access (root/Administrator) will give you full points. Each exam scenario might be different but what will really help you is lab time and practice. The more time you can spend on different machines with different exploits, the better your chances are for passing the exam.
To answer your question: since you have limited time, you aren't expected to test possible exploits on a local system, that would mean having different flavours of OS running along with vulnerable web applications or vulnerable software installed locally which could be anything such as an FTP service, web browser, media player etc... Detailed reconnaissance will definitely help you, and good Google skills.
I highly recommend the course, the contents are explained clearly, the labs are great and if you spend as much time as you can in the labs and practice exploiting as many machines as possible, you should do fine in the exam.
Last edited by Data_Raid
on Sat Aug 06, 2011 3:09 am, edited 1 time in total.
All men by nature desire knowledge.