Wiz

Wiz Certified Defend Fundamentals Exam

Who should take this exam?

The Wiz Certified Defend Fundamentals Exam is a product-based exam that validates the knowledge, skills, and abilities required for effective deployment and management of Wiz Defend technology. It is for security operations professionals, such as SOC analysts, detection engineers, incident responders, forensic analysts, threat hunters, amongst others that will use Wiz Defend in their daily tasks, or for those professionals who would like to demonstrate their competency with Wiz Defend. It is recommended that a candidate have at least 3-6 months of experience with Wiz Defend prior to attempting this certification exam.

Exam Details

  • Content: 60 multiple-choice single response and multiple-choice multiple response items

  • Time allotted to complete the exam: 1.5 hours to complete the question portion of the exam with a total seat time of approximately 2 hours, to allow for identification verification by the exam proctor, reading opening screens, and completing the brief survey.

  • Prerequisites: None required

  • Exam preparation: While not prerequisites, we do offer recommended enablement courses to prepare for this exam: Introduction to Cloud Threat Detection, Self-Paced Lab - Wiz Defend: Prepare (Part 1), Wiz Defend Overview, Wiz Runtime Sensor Overview, Architecture and Deployment, Wiz Defend - Prepare, Self-Paced Lab - Wiz Defend: Prepare (Part 2), Wiz Defend - Detect, Self-Paced Lab - Wiz Defend: Detect, Wiz Defend - Investigate, Self-Paced Lab - Wiz Defend: Investigate, Wiz Defend - Respond, Self-Paced Lab - Wiz Defend: Respond. These training offerings may help you increase your expertise on topics that may appear on your exam. Click here to access our customer training portal. Reviewing Wiz documentation within the product, especially topics included on the exam blueprint (see below), will also help you to prepare for this exam.

  • Passing score: Wiz exams are pass or fail exams. The exams are scored against a minimum standard established by Wiz subject matter experts who follow certification industry best practices and guidelines. To evaluate candidates fairly when taking Wiz Certified exams, Wiz uses statistical analysis to set passing scores. To ensure consistency across varying exam forms and item difficulties, the Wiz Certification team uses scaled scoring models. Candidates will receive a score on a scale between 300-1000 with the passing scaled score set at 700.

  • References: No online or hard copy materials are allowed during the exam.

  • Registration fee: US$150 plus applicable taxes as required by local law

  • How to take this exam: This exam is available through the third-party Kryterion testing platform. Exams are delivered remotely through online proctoring and in person at Kryterion testing facilities in major cities worldwide. To register for the exam, visit: Wiz (webassessor.com) and follow the steps on the page. For more information on scheduling an exam, click here.

  • Badge and Certificate: Within one business days of passing the exam, you will receive an email from our virtual badge partner, Accredible. This will allow you to share your accomplishment via social media platforms and print out a hard copy of your certificate if you prefer.

  • Retake policy: If you do not pass the exam on your first try, you may retake the exam 24 hours after your first attempt. If you fail again, there is a 7-day waiting period. Each subsequent failure requires a 6-month waiting period. All exam attempts require full payment of the registration fee.

  • Recertification: Once certified, you can maintain your certification by retaking the exam within 2 years of your certification date. You are eligible to attempt recertification 18 months following your initial certification date.

Exam Blueprint

The Wiz Certified Defend Fundamentals exam measures your knowledge and skills related to the following topic areas. A candidate should have hands on experience with Wiz Defend and have demonstrated competency in each of the tasks and objectives below.

  • I. Wiz Defend Platform Overview (10%)

    A. Identify the Wiz Defend platform capabilities

    B. Navigate the Wiz Defend portal, across incident readiness, detections, threats, response, forensics, and workflow integrations

  • II. Wiz Defend Architecture (15%)

    A. Describe the Wiz Defend ingestion, detection, and response architecture

    B. Describe the Wiz Remediation and Response architecture

    C. Describe the onboarding methodologies for cloud events for AWS, Azure, and GCP

    D. Configure the Wiz CSP Deployment to ingest cloud events from one of the main Cloud Service Providers (AWS, Azure, or GCP)

    E. Configure the Wiz Remediation and Response deployment for one of the main Cloud Service Providers (AWS, Azure, or GCP)

  • III. Wiz Defend Policies and Monitoring (15%)

    A. Navigate to and describe the Threat Detection Rules

    B. Create a custom Threat Detection Rule for Cloud Events for one of the main Cloud Service Providers (AWS, Azure or GCP)

    C. Update Threat Detection Rules to generate threats based on detection engineering analysis

    D. Describe the difference between a cloud event, a detection, and a threat in Wiz Defend

  • IV. Wiz Defend: Prepare (10%)

    A. Define the capabilities of Wiz Defend for incident readiness and preparation

    B. Navigate to the Incident Readiness board

    C. Identify gaps in incident readiness across three posture domains (endpoint coverage, Log Collection breakdown, and MITRE ATT&CK for Cloud coverage)

  • V. Wiz Defend: Detect (16.67%)

    A. Define the capabilities of Wiz Defend for detection and security analytics

    B. Navigate to the Detections page

    C. Analyze detections that have triggered on the platform and grouped by different attributes

    D. Identify which detections are related to ongoing threats

  • VI. Wiz Defend: Investigate (16.67%)

    A. Define the capabilities of Wiz Defend for investigation of cloud incidents

    B. Navigate to and describe the Threats page

    C. Explain what a triggering event is in a Wiz Defend threat and identify the triggering events in a Wiz Defend timeline

    D. Use the Wiz Defend Investigation graph to identify the cloud assets involved in a threat

    E. Navigate to the activity tab for an involved asset and identify any suspicious activity highlighted in the threat as indicated by the lightning bolt

    F. Navigate to the cloud events page and find all cloud events associated with the main principal in the threat

  • VII. Wiz Defend: Response and Workflow Integrations (16.67%)

    A. Define the capabilities of Wiz Defend for response, containment, forensics and workflow integration

    B. Navigate to and describe the Response Actions Catalog

    C. Identify and use the Response Actions that may be used for containment during an incident

    D. Navigate to a Threat and analyze the cloud native forensics for the primary resource (e.g. virtual machine, principal, bucket, etc.)

    E. Navigate to a Threat and to the Response tab and leverage the AI recommendation to contain the threat

    F. Set up an integration to send Wiz Defend detections via webhook to a downstream system