Preparing for the Examination


Preparing for the Examination
Preparing for Examination

The final module provides guidance on the structure, format and scoring mechanisms of the BCS Foundation Certificate in Information Security Management Principles examination. It also contains a full mock examination that replicates the structure of the CISMP examination.

Learning Objectives

The objectives of this course are to provide you with and understanding of:

  • How the BCS Foundation Certificate in Information Security Management Principles examination is structured
  • The types of questions in the examination 

It also contains a full mock examination that replicates the structure of the CISMP examination.

Intended Audience

This course is ideal for members of information security management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities. It acts as a foundation for more advanced managerial or technical qualifications.


There are no specific pre-requisites to study this course, however, a basic knowledge of IT, an understanding of the general principles of information technology security, and awareness of the issues involved with security control activity would be advantageous.


We welcome all feedback and suggestions - please contact us at if you are unsure about where to start or if would like help getting started.



This final learning path contains a mock examination paper to help you prepare for the BCS Foundation Certificate in Information Security Management Principles examination.

Before you try the exam, we’ll go through the structure, format and scoring mechanisms in this video.


You can take the examination in one of three ways:

·        The first way is by applying direct to the BCS to take one of their public examinations. These are held at a Pearson/VUE centre;

·        The second way is to arrange a proctored exam with QA; and

·        The third way is to speak to QA about taking the BCS examination online, using a remote proctoring solution. This is particularly useful if you’re studying outside the UK. 


The exam comprises 100 multiple-choice questions, each with four options and one correct answer.

The pass mark is 65% and distinction is 80%.


It’s an invigilated examination lasting two hours. The answer sheet is designed to be read via a computer system so you’ll need to mark it using a pencil. The test centre will provide you with a pencil if you don’t have one with you. 


If you take the examination at a Pearson/VUE centre, the exam will be computer-based but will have the same type and number of questions.


The examination is ‘closed book’ which means no books, notes or other materials are permitted in the exam room. There’ll be space to leave your bag and possessions at the side of the room. At a Pearson/VUE centre, you’ll be assigned a locker to store any materials that you aren’t allowed to take into the exam room.


As mentioned, it’s a multiple-choice exam with a single correct answer for each question. However, there are different styles of questions – all of which you’ll already have come across in the course quizzes.

·        The first style is a simple question asking you which of the four answers is correct.

·        Some questions will ask a NOT question.

·        There will also be questions asking you to select the BEST or MOST LIKELY option

·        And the last style – and perhaps the most difficult kind – are combination answers.


The best advice is to read the question carefully to identify exactly what it’s asking, before you give your answer. Whilst each question is given a single mark, the number of questions on a particular topic is prescribed by the syllabus.


The table here shows approximately how many questions are likely to be asked for each section of the syllabus. You can see technical security controls comprises 25% of the syllabus and therefore about 25 questions will be asked in this area.


Here are a few tips to help you in the examination:

·        First – don’t panic!

·        Arrive at the examination centre in plenty of time – the last thing you need is to be stressed before you even start. You’ll have plenty of time to complete the questions. You have an average of 72 seconds to answer each question but you should allow some time to review your answers.


When you’re answering the questions:

·        Read the question carefully and ask yourself what it’s looking for. Don’t rush in with your first answer, even if it seems right – look for the best one;

·        Only mark one correct answer – there’s only ever one correct answer;

·        If you’re not sure of the correct answer, try to work out which is the ‘least-worst’ and go with that; and

·        If you don’t know, guess. There’s no negative scoring so you won’t be penalised for wrong answers.


And, of course, make sure you review the course videos and try the mock exam so you’re as prepared as you can be.


Now, if you’re ready, have a go at the mock exam. It’s formatted just like the real exam with 100 questions to be completed within two hours.


Try to take the mock exam a couple of times to really get yourself in the right frame of mind for the real examination.


Good luck!


About the Author
Learning Paths

Fred is a trainer and consultant specializing in cyber security.  His educational background is in physics, having a BSc and a couple of master’s degrees, one in astrophysics and the other in nuclear and particle physics.  However, most of his professional life has been spent in IT, covering a broad range of activities including system management, programming (originally in C but more recently Python, Ruby et al), database design and management as well as networking.  From networking it was a natural progression to IT security and cyber security more generally.  As well as having many professional credentials reflecting the breadth of his experience (including CASP, CISM and CCISO), he is a Certified Ethical Hacker and a GCHQ Certified Trainer for a number of cybersecurity courses, including CISMP, CISSP and GDPR Practitioner.