Find your Exam:
CREST are pleased to offer the following examinations:
|Exam Type||Exam Code||Test Centre Session†||Exam Length††||Exam Questions||Pass Score|
|CPSA (CREST Practitioner)||CPSA||2 hrs 30 mins||2 hours||120 multiple choice questions||60%|
|CCT Infrastructure (CREST Certified)||CCTINF||3 hrs||2 hrs 30 mins||150 multiple choice questions|
|CCT Web Applications (CREST Certified)||CCTAPP||3 hrs||2 hrs 30 mins||150 multiple choice questions|
|Simulated Attack Specialist (CREST Certified)||CCSAS||3 hrs||2 hrs 30 mins||90 multiple choice questions + 3 written response questions|
|Simulated Attack Manager Part 1 (CREST Certified)||CCSAM1||3 hrs||2 hrs 30 mins||150 multiple choice questions + 1 written response question|
|Simulated Attack Manager Part 2 (CREST Certified)||CCSAM2||4 hrs||3 hrs 30 mins||3 written response questions|
|Threat Intelligence Manager Part 1 (CREST Certified)||CCTIM1||3 hrs||2 hrs 30 mins||150 written response questions + 1 written response question|
|Threat Intelligence Manager Part 2 (CREST Certified)||CCTIM2||4 hrs||3 hrs 30 mins||3 written response questions|
|Practitioner Intrusion Analyst||CPIA||2 hrs 30 mins||2 hrs||120 multiple choice questions|
NOTE 1: Candidates must score the minimum number of marks in each section where applicable. Candidates who score very well in one component but not the other will not pass.
NOTE 2: With a view to continuously improving our examinations, the written component of CCTINF and CCTAPP examinations is now multiple-choice only.
You are strongly advised to study both the Syllabus and the Notes for Candidates for your chosen examination available via the links above.
† Candidates should note that the test centre session time indicated above is the total time that you will be in the Pearson VUE test centre exam room. This includes an allocation of 15 minutes for a familiarisation tutorial on how to navigate the controls of the exam, and also another 15 minutes after the exam to allow you to complete a feedback survey.
††To be clear: this is the allocated length of time for the ACTUAL EXAM ITSELF.
CREST is a not for profit organisation that serves the needs of a technical information security marketplace that requires the services of a regulated professional services industry.
CREST represents the technical information security industry by:
- offering a demonstrable level of assurance of processes and procedures of member organisations
- validating the competence of their technical security staff
- providing guidance, standards and opportunities to share and enhance knowledge
- providing technical security staff with recognised professional qualifications and those entering or progressing in the industry with support with on-going professional development
Why a CREST Qualification
CREST provides a recognised career path right from your entry into the industry through to experienced senior tester level. We work with the largest number of technical information security providers who support and guide the development of our examination and career paths.
Key benefits of becoming CREST certified are:
- A structured and recognised career path
- CREST certifications are recognised by the buying community
- CREST is the gold standard, industry leading certification
- CREST Certified Tester also confers CHECK Team Leader status (subject to CESG approval and only for Candidates operating in the UK)
- Join a recognised community of testers, with opportunities to further your career development through networking and information sharing
- Employment opportunities with leading security consultancies and information security companies
- A training, examination and career path to suit your development and aspirations for promotion.
The CREST Practitioner examinations are the entry level exams and are aimed at individuals with around 1,800 hours relevant and frequent experience. The CREST Registered Tester examinations are the next step and by passing this you are demonstrating your commitment as an information security tester. Typically, candidates wishing to sit a Registered Tester examination should have at least 6,000 hours (three years or more) relevant and frequent experience. The CREST Certified Tester examinations are designed to set the benchmark for senior testers: These are the certifications to which all testers aspire. By gaining the CREST Certified Tester certification you are recognisably at the top of your game as an information security specialist.
The CREST website contains the Syllabus, Notes for Candidates (what to expect) and recommended preparation material for each examination.
Use the links at the top of the page to sign into your web account (or create a new account if you have not tested with Pearson VUE before) and schedule your appointment online.
Appointments may be booked up to 48 hours in advance (subject to availability).
Once you have passed the written component of the CCT examinations you will be required to attend the CREST Examination centre to take the practical component. Only once both of these sections have been passed will the CREST qualification be awarded. Please note that you will not be able to take the practical component of any examination until you have passed the written component of that examination.
As the CPSA examination is a written only examination, you will be awarded this qualification when you pass.
What if I fail?
The booking system will allow you take up to 4 attempts at each written exam. If you are not successful after the fourth attempt, you will need to contact CREST to gain approval to book another attempt. Once approval is given, the exam can be booked by calling Pearson VUE Customer Services.
Note, however, that the CCT qualification will not be awarded until you have passed both the written and practical assessment.
CREST offer a large number of other technical information security examinations at various certification levels covering intrusion analysis, simulated attack, incident management and technical security architecture. Please consult the CREST website for further details.