Cybersecurity Education, Research & Outreach Center
CPTC Frequently Asked Questions
PRE-COMPETITION FAQS
Q: Can we bring software tools to the competition?
A: No. You will be provided with everything you are allowed to use during the competition.
Q: There are six members on our team. Will each of them have a system to pen test from?
A: Yes. There will be workstations available for each of your team members to work.
Q: One of our members is uncomfortable signing the “agreement to participate in CPTC”. Does that disqualify our whole team?
A: That member will not be allowed to attend and participate. The rest of the team will be allowed to attend and participate without that member.
Q: Because of travel issues, our team (or some members) cannot be there by 8am on the first day. Will that disqualify us?
A: No – At least ONE person has to represent your team during the initial discussion and your time to access the infrastructure will NOT be extended.
Q: We don’t have enough students to field a team of 6. Can we still participate?
A: Yes. The minimum team size is 3 members.
Q: Is a coach really required and has to be a faculty member?
A: Yes. Every team must be sponsored by an academic institution. A faculty or staff coach affiliated with the academic institution must also accompany the team.
Q: If one of the members that we register gets sick or cannot make the event. Can we substitute another student?
A: Yes.
Q: Can we include a student from another school on our team?
A: No. All team members must be currently matriculated students from the same sponsoring academic institution.
Q: Are graduate students allowed on the team?
A: Yes.
Q: What if a team member is a part-time student? What if a team member is not taking courses this semester but has not graduated yet can they participate?
A: As long as they are currently matriculated in a program at your university.
Q: If a student is working at a co-op or internship position approved by their institution, are they eligible for the team?
A: Yes. If approved by their sponsoring institution.
During Competition FAQs
Q: Can our team (or some members) participate remotely?
A: No. Physical attendance by all members of your team at the event site is required to participate in the competition
Q: Will we have Internet access during the competition?
A: Yes and No. The system that we provide for you to conduct your pen test from will have internet access. The target company systems that you are pen testing may be isolated from the internet.
Q: Can we use our own laptops to perform the pen test?
A: No. All hardware you can use will be provided for you.
Q: Can we download data, logs, and results from the testing environment to construct our report and presentation?
A: Yes. You will have the capability to export resources for your analysis and report writing
Q: Can we work through the night between the first and second day to write our final report and presentation?
A: Yes. You can work all night if you wish, but remember that you need to be ready and prepared to present to the “C”-level folks in the morning.
Q: Our team (or some members) needs to leave early on the last day. Will that be a problem?
A: As long as someone from the team is in attendance at the awards ceremony.
Q: After we get the RFP, is there a way for us to ask questions before or after the online Q&A session if we do not understand something?
A: Yes. An email address will be provided for submitting questions. Submitted questions and answers will be distributed to all teams.
Other FAQs
Q: What is a “Scope”?
A: The pentest scope defines and details exactly what is to be tested. What targets are to be tested and which are not to be touched.
Q: What is a ROE?
A: Rules of Engagement. It is a document that describes how the tests are to be conducted. It can include limitations on times, tools, and techniques that can be employed. It can also detail any restrictions imposed by the client.
Q: So what does the pen test system look like?
A: You will be provided access to the hosting environment in advance to the event so that you and your team can become familiar. You will NOT get early access to the pen testing targets but you will get access to a representative target environment for practice.
Q: If our team or member gets disqualified, is there an appeals process?
A: No. During an actual engagement your company can be cut from a contact as a result of your behavior. This event will mirror real life as closely as possible.
Q: Will we get any feedback on what we did well or not so well besides the final score?
A: Yes. Feedback about potential vulnerabilities and other considerations is intended to be provided after the event.
Q: If we own legitimate licenses for commercial pen testing software, can we bring it with us to use in the competition?
A: No. Selected commercial packages will be provided for each team at the event.
Q: What things might disqualify members our team or members?
A: Unprofessional, rude or offensive behavior at or during the competition. Cheating, rule violations, or illegal activities.