The exam requires candidates to demonstrate the following knowledge, skills and abilities: Security Principles (26%); Business Continuity, Disaster Recovery, Incident Response Concepts (10%); Access Controls Concepts (22%); Network Security (24%); and Security Operations (18%).