How to pass Cybersecurity Fundamentals CSX-F Certificate (2020-2022)

CSX-F, acronym for Cybersecurity Fundamentals, was a certificate issued by professional association ISACA until 2022 that demonstrated knowledge on cybersecurity. It was the entry-level exam for ISACA’s Cybersecurity Nexus (CSX) certificate series.

It was a completely theoretical exam, consisting entirely of multiple-choice questions.

ISACA substituted CSX-F certificate by ITCA Cybersecurity Fundamentals certificate by 2022, and they are completely different exams. Since then, CSX-F exam can no longer be taken.

I achieved CSX-F certificate on August 2020, so most of the information written here corresponds to this time.

Important Notes

Some readers informed that they applied for an exam expecting that it was CSX-F but they found a different one. They probably registered for ITCA Cybersecurity Fundamentals or CSX-P, both issued by ISACA, so please do not make the same mistake.

Do not confuse CSX-F and ITCA Cybersecurity Fundamentals

Please do not confuse CSX-F with ITCA Cybersecurity Fundamentals, both issued by ISACA.

As of 2022, CSX-F certificate has been superseded by ITCA Cybersecurity Fundamentals Certificate, sometimes just called Cybersecurity Fundamentals. This exam contains both multi-choice questions and practical exercises, unlike CSX-F.

The current post only gives advice about 2020’s CSX-F, not the 2022’s ITCA Cybersecurity Fundamentals exam. If you can register for the exam, definitely it is not the one this post is talking about.

Do not confuse CSX-F and CSX-P

Please do not confuse CSX-F with CSX-P, both issued by ISACA.

CSX-P (Cybersecurity Nexus Practitioner) was an advanced-level certification (not a certificate) for the CSX-series that was completely practical, without multiple choice questions. As it happened with CSX-F, CSX-P was last offered on 30 April 2023 and is replaced by a new cybersecurity certification exam.

Frequently Asked Questions about the exam

Why CSX-F was a certificate and not a certification? What were the differences?

According to ISACA’s criteria, certificate is a title that only requires the candidate to pass an exam once.

On the other hand, certification requires that the candidate renews the certificate periodically by completing activities that keeps the candidate engage with the subject (courses, workshops, events, training, etc.). Some certifications (like CISA or CISM) require that the candidate meets subject-related experience (relevant work experience, study degrees, etc.) in addition to passing the exam in order to get the certification for the first time.

CSX-F was a certificate because it did not require candidate to renew the certification.

Did I need any work experience to get CSX-F certificate?

Unlike other certifications (CISA, CISM, CRISP, CISSP, SSCP, etc.), exam candidate did not need to meet any specific requirements to achieve CSX-F certifcate in addition to obtaining a passing score.

How long took CSX-F exam?

2 hours is the maximum time to complete all questions.

How many questions were in the exam?

75 questions.

What kind of questions could I find in the exams?

Each question contained 4 options and only one was correct. The type of questions were similar to other ISACA exams like CISA or CISM.

CSX-F Study Guide included multiquestions, it means, there was a question with many possible answers, were many of them can be correct. Some of the questions had only one possible correct question. This kind of questions were not appearing in the official exam.

Which score was required to pass CSX-F?

The passing score was 65% of correct answers.

How much did the exam cost?

As of July 2020, exam fees for CSX-F were $150.00 for non-ISACA members and $125.00 for ISACA members.

What was the preparation material for CSX-F?

There was an official Cybersecurity Fundamentals Study Guide (1st Edition, 2nd Edition).

This material could be bought on ISACA’s bookstore, but it is no longer available.

Unlike other ISACA Certifications (e.g., CISA, CISM), there is no Questions, Answers and Explanation Review Manual. However, the Study Guide contained some sample questions at the end of each chapter. In my case, these questions were enough to pass the exam, but it is true that I had already studied for CISA and CISM so I was already familiar with the subject and type of questions.

Where could I find sample questions of the exams?

ISACA’s Cybersecurity Fundamentals Study Guide contains many sample questions at the end of each chapter.

In addition, you can still find a Practice Quiz with 10 questions on ISACA’s web.

How could I get prepared for CSX-F exam?

In my case, I just used the Study Guide to prepare the exam and passed on the first attempt.

Nevertheless, you could find online courses and workshops on ISACA web.

What were the subjects covered in the exam?

Questions came from the 5 subject domains in which Study Guide was divided:

  1. Cybersecurity Concepts (10%)
  2. Cybersecurity Architecture Principles (20%)
  3. Security of Network, System, Application, & Data (40%)
  4. Incident Response (20%)
  5. Security of Evolving Technology (10%)

How did I register for the exam?

This exam is no longer available to be registered. The certification was replaced by ITCA Security Fundamentals by 2022.

The link used to register for the exam and choose a date to complete it was this one, but it no longer works.

You might be also interested in…

External References


  1. In 2022 the exam is very difference making the above advice somewhat redundant.
    The 2022 exam consists of both multiple-choice questions AND a performance lab involving a command shell interface where one will have to know how to exercise shell commands to reach the objective.
    Using the study guide alone will cover only half of the exam.
    Fore-warned is fore-armed – only with some developer and practice labs experience will one be able to pass the 2022 exam.

    • Hi Nipa,
      Many thanks for your comment.
      If I am not wrong, you are referring CSX-P certification, but this post is about CSX-F certificate, that seems to have been recently replaced by ITCA Cybersecurity Fundamentals Certificate.
      I updated the post to avoid future misunderstanding on readers.
      Best regards

Leave a Reply

Your email address will not be published. Required fields are marked *