You can find a list of upcoming examinations, dates, venues, and relevant assessors on our UK Examination Dates page.
It is recommended that candidates read ‘In-depth exam insights from a CREST Assessor’ to familiarise themselves with some common examination mistakes. On each individual examination page, there is also the examination syllabus, notes to candidates and recommended reading from past candidates.
As CREST is offering paperless examinations during the Covid-19 pandemic, a sample examination worksheet has been created to allow candidates to test the functionality of the software on their laptops in advance of sitting CREST examinations which are now paperless.
As part of the transition to paperless exams; question packs are made available to candidates via a Samba share on a Unix host. Samba shares emulate shared folders on Windows hosts.
Candidates will be provided with:
The host name of the Unix host
A valid username
A valid password
Using this information candidates must be able to connect to the host; identify the exposed share and then read/write to that share.
For example, if a candidate is provided with the following details for their exam:
Host: \\examanswers
Username: “candidate”
Password: “Pa55w0rd”
A candidate may consider the following commands from a Windows hosts: Create an authenticated connection to the host:
C:\Users\h4x0r>net use \\examanswers\ipc$ /user:candidate “Pa55w0rd” Determine the shares available: C:\Users\h4x0r>net view \\examanswers
Shared resources at \\examanswers
EXAMANSWERS Server Share name Type Used as Comment
——————————————————–
CRT Disk
The command completed successfully.
Mount the relevant network share (“CRT” in this example)
C:\Users\h4x0r> net use * \\examanswers\CRT
Drive Z: is now connected to \\examanswers\CRT.
The command completed successfully.
Then subsequently read and write share contents using the newly mounted drive (“Z:” in this example).
Note: The example assumes using a candidate is using a Windows client; CREST have validated that other operating systems can also access the Samba shares.
It is the candidate’s responsibility to ensure that their testing platform can be used to meet this requirement otherwise they will be unable to successfully complete their examination.
Candidates who plan to use Apple Mac devices for exams need to take some additional steps to ensure their devices can be returned to them after exams. These are documented below. The exam team will do our best to answer candidate questions, but it is it is expected that candidates familiarise themselves with the steps to do the below which may vary slightly depending on hardware and configuration of their device. Candidates should contact CREST before the exam day if they have questions regarding this. Candidates who are not able to follow these steps are advised not to bring Apple devices for the exam.
Before taking the exam, in addition to other steps for all devices (such as disabling WiFi and LTE cards) a candidate with an Apple Mac device will be required to:
1 – Disable the “Find My” feature
2 – Enable FileVault
3 – Disable all security controlling access to recovery mode
4 – Verify to the assessor that these steps have been taken, including rebooting to recovery mode
After the exam, the candidate will need to:
1 – Reboot to recovery mode
2 – Launch disk utility and select “show all devices”
3 – Select the top level disk and click “erase”, format as APFS
4 – Reboot and verify the laptop has no OS to boot to
The candidate will then be permitted to take the device home as no further disk wiping is required.
Further information
This section expands on the steps above.
Disable “Find My” feature
macOS Ventura: Choose Apple menu > System Settings, click [your name] at the top of the sidebar, click iCloud on the right, click Find My Mac, then click Turn Off next to Find My Mac. Screenshot below.
macOS 12 or earlier: Choose Apple menu > System Preferences, click Apple ID, click iCloud, then deselect Find My Mac.
Refer to Apple notes for more information: https://support.apple.com/en-au/guide/icloud/mmdc23b125f6/icloud
Enable FileVault
macOS Ventura: Choose Apple menu > System Settings, click Privacy & Security in the sidebar, click Turn On next to FileVault and follow the prompts (if it says Turn Off then it is already on). Screenshot below.
macOS 12 or earlier: Choose Apple menu > System Preferences, click Privacy & Security, then click FileVault and click Turn On FileVault. Follow the prompts (if it says Turn Off FileVault then it is already on. If the lock at the bottom left is locked , click it to unlock the preferences pane).
Disable all security controlling access to recovery mode
Start up from macOS Recovery. During start-up, you will be prompted to enter the firmware password.
When the utilities window appears, click Utilities in the menu bar, then choose Start-up Security Utility or Firmware Password Utility.
Click Turn Off Firmware Password.
Enter the firmware password again when prompted.
Quit the utility, then choose Apple menu > Restart.
Refer to Apple notes for more information: https://support.apple.com/en-us/HT210151
Verify to the assessor that these steps have been taken, including rebooting to recovery mode
To boot to Recovery Mode for newer Macs on Apple Silicon (M1/ M2), turn on the Mac and continue to press and hold the power button until you see the start-up options window. Select Options, and then select continue. If prompted, provide the login credentials.
Please consult the CREST Examination Terms and Conditions for full details. Please note Intel based MacBooks (pre Nov 2020) may be used as long as the exambookings team are informed in advance as the assessor must be made aware. “Find My” must also be disabled.
Apple Silicon MacBooks (post Nov 2020) cannot be used for a CREST examination.
The CC SAS examination does not assess the core infrastructure penetration testing skills that are assessed during the CCT Infrastructure examination. These core infrastructure testing skills are deemed essential for any Simulated Attack engagement, and therefore a current CCT Infrastructure qualification is deemed mandatory for any individual wishing to sit or retain the CC SAS exam and qualification.
Candidates should note that expiry of the CCT Inf qualification will result in the CC SAS qualification being suspended until such time as the Inf qualification has been re-certified.
Unlike some areas of academia, CREST exams are usually vocational; they are not designed to be achievable by a candidate whose sole focus is passing them through isolated study. They are designed to measure an individual’s capability to operate within the industry and identify those who can demonstrate the skills required.
The majority of successful candidates have gained real-world experience, augmented by training courses in certain disciplines, before attempting the examination.
This is quite a subjective question but there are certain pieces of advice that have been generally repeated by CREST members many times:
The content of the examinations depend on a number of criteria; this includes but is not limited to:
However, the exams are under constant review and the content is being changed and upgraded. Candidates will be expected to be aware of technologies and operating systems which are in use in the industry, regardless of age.
Credit cards can be accepted via PayPal for Business. We can also accept payment via BACS. Cheques may be accepted.
Yes, you can change the date of your examination once provided you give us 21 days’ written notice (please see our Terms and Conditions). If you need to reschedule your examination within the 21 day limit and there are extreme extenuating circumstances, please contact CREST and a decision will be taken on a case by case basis although no guarantees can be made.
NOTE: a rescheduling request due to changes in work or project commitments within the 21 day limit will not be accepted as extenuating circumstances and the standard 21 day policy will apply.
You can also substitute a candidate free of charge if you do not wish to cancel an examination. You may only offer a substitution once.
Any additional changes to those outlined above will incur another examination fee (based on the examination type).
Covid-19 During the current uncertainty caused by Covid-19, CREST will change examination dates without penalty if candidates display Covid-19 symptoms prior to their scheduled examination date.
You will receive confirmation by email with full details on the examination two weeks prior to your examination date.
Links to the technical syllabus, notes for candidates and location details are sent via email at the time of booking and are also available on the CREST Exams section.
If you have a medical condition that justifies or qualifies for additional time for you to take your examination, you will need to provide a letter from your doctor or medical specialist to support your request. CREST follows the British Dyslexia Association recommended provisions and our policy covering additional time can be found on our notes on exam preparation.
A number of candidates experience time pressure during CREST examinations, particularly the practical ones, but the time limits are deliberately enforced. The ability to obtain the deliverables required by each question in the time permitted is part of the assessed standard.
The exam timings are designed to allow sufficient time to investigate and derive the required answer, but a candidate who is not familiar with the techniques being examined and needs to repeatedly troubleshoot tool usage or laptop configuration is unlikely to be operating at the level required and consequently will struggle to achieve sufficient marks to pass.
Remember that the CREST practical exams are, as their name states, examinations; they are not primarily designed for training or personal development and, as such, only minimal time is allocated to troubleshooting, diagnostics or debugging tools and techniques. The exams are not simply assessing whether a candidate (given sufficient time) could obtain the answer required; they are assessing whether a candidate is familiar enough with the relevant discipline to be able to perform technical investigations and interventions quickly, accurately and efficiently. All of the tasks are reasonably achievable providing that the candidate is confident and competent.
Yes. It is recommended that you put music onto your laptop; Do not use a mobile ‘phone or MP3 player as it will be wiped at the end of your examination.
You must bring your own personal headphones/earphones to use.
If your music disturbs other candidates you will be asked to turn it down and/or turn it off completely.
Invoice Correspondence: CREST is aware that, particularly in larger companies, the accounts department may be based at a different location to the candidate. By supplying an address for billing correspondence, CREST can ensure that information reaches the appropriate destination.
Hard Drive: CREST is aware that candidates may prefer to have their computer hard drives returned directly to them, particularly if they do not attend their business address regularly. CREST makes every effort to return hard drives to candidates within 21 days of the date of the examination. Please also read the CREST Hard Drive Return policy at Clause 8 of our Terms and Conditions.
CREST makes every effort to email candidates with their result letter within 30 days of the examination being taken. Digitally signed certificates, where appropriate, will be emailed to candidates.
We encourage you to add your CREST certification to your LinkedIn profile. This is how you do it:
If you are unsure of any of the details to include please contact [email protected]
If you experience any difficulties adding your certification and would like to add it then please contact [email protected]
CREST do not disclose marks which are at or above the minimum mark for that section or exam. This is to avoid an unofficial hierarchy being formed. The purpose of the examinations is to measure every candidate against a fixed standard, not candidates against each other.
Unsuccessful candidates are provided with their marks because there is a clear benefit in giving them an overall understanding of areas of weakness. However, no further feedback will be provided.
As all certificates are now sent electronically, please contact [email protected] and let us know which email address you would like your certificate sent to.
• Read the questions, they actually give the mini breakdown of what’s expected. For example, for the issues where we expect to see a technical description, you should give a method to reproduce the issue along with some evidence and appropriate (not generic) recommendations for each issue.
• Answer all the questions. Again this might sound simple but people don’t always do this. It is impossible to give marks for empty sections/tasks. For example, where a question asks for two separate high risk vulnerabilities, make sure that there are two distinct vulnerabilities.
• When a section is worth 15 marks and you only give a couple of sentences, that answer isn’t going to get a lot of marks.
• Keep the target audience in mind, especially around the Technical Summary and Executive Summary. Too often for these sections we see a re-hash of other answers and they will not get any extra marks. Consider impact and risk and how a non-technical person would read this.
• Remember that this is a client report, so we would expect to see:
– A Table of Contents
– Name of consultant
– Name of client
– Date
– Scope
– Appropriate headings
– Etc
• Spelling and grammar are important; marks are removed for poor use of language.
• Don’t be too generic with recommendations.
There are a number of common reasons why candidates do not attract high marks on prose questions; these have been summarised below. If you were unsuccessful on a long form, scenario or prose examination, the reason will very likely be discussed here.
CREST do not provide additional feedback on an individual basis beyond the information provided in the results letter. There are a number of reasons for this:
• Consistency. It is obviously inconsistent for some candidates to be provided with additional details relating to their exam without that same courtesy being extended to all individuals.
• Resource. The Assessors’ panel do not have the bandwidth to provide individual feedback on every examination whilst ensuring that the results are provided in a timely manner.
• Exam Integrity. Although CREST’s aims include the promotion of security best practice within the industry, this needs to be balanced with the need to maintain the confidentiality and integrity of the exams. Providing answers or a detailed explanation of the mark scheme for any of the examinations would have an obvious negative effect on the integrity of the exam. Although this may be frustrating, it is also standard practice.
• Benefit. Feedback on the provided answers without context (or a reminder of the question) will be of limited value. Therefore, the maximum benefit will only be realised if the questions are also disclosed, which would have the effect of revealing the entire mark scheme.
The ultimate purpose of the CREST examinations is to compare the candidate’s ability to a moderated and consistent standard. The exams are neither intended nor designed to provide training opportunities, although CREST hope that candidates benefit from the process and experience of the examinations.
If a candidate has a genuine belief that marks have not been appropriately awarded or that any element of the examination process has been incorrectly applied to them, the above does not preclude the invocation of the Appeals Process. However, this process will not reveal the above information; it is in essence a formal review of the examination process as applied to the individual candidate.
This Process is regularly updated and is intended to provide as much detail as possible without affecting the integrity of the examinations.
At the end of their multiple-choice examination, candidates will be handed a results sheet by Pearson Vue. Some of these will show a breakdown by subject area and the percentage achieved by the candidate. The examination assesses several different subject areas. Each attempt of the examination will generate a different number of questions per subject area and these are not assessed using an equal number of questions for each area. Because of this, two attempts at the same examination can yield different subject area percentages but the same score for the examination as a whole.
CREST gives candidates their percentage score solely to help them understand which subject areas they need to work on the most. We also give candidates their percentage score for the examination as a whole.
Candidates should note that the results of multiple-choice examination components are final.
Please see our table for the re-sit criteria for each CREST examination.
Note:
a) If a candidate fails an examination that comprises two parts, both parts must be retaken.
b) In line with our Terms and Conditions, examinations being re-taken are charged at the standard, published rate.
c) For examinations marked with an *, if a candidate is unsuccessful on their fourth attempt, they must wait six
months before they can re-attempt the examination at which point they will have a further four attempts
available to them.
I.e.: 4 attempts, all fail = six-month break. Further 4 attempts, all fail = six-month break. And so on.
If there is an unenforced six-month break, candidates will have four attempts before this policy is applied.
CREST Chapters: In order to effectively manage certifications and re-certifications across our Chapters, CREST International may share your contact details and overall pass/fail result (not component scores) with our Chapters in line with our Examination Terms and Conditions.
NCSC: Because of the agreement that is in place between the NCSC and CREST, if it is appropriate based on the examination you sit, CREST will advise the NCSC of your status.
NOTE: Candidates wishing to apply for UK CHECK Team Member or UK CHECK Team Leader status must contact the NCSC directly as CREST’s involvement in the process is limited to the submission of examination results only. The NCSC can be contacted as follows:
Tel: 01242 709141 Email: [email protected]
Bank of England: Because of the agreement that is in place between the Bank of England and CREST around the CBEST scheme, if it is appropriate based on the examination you sit, CREST will advise the Bank of England of your status.
Civil Aviation Authority: Because of the agreement that is in place between the Civil Aviation Authority and CREST around the ASSURE programme, if it is appropriate based on the examination you sit, CREST will advise the Civil Aviation Authority of your status.
If you wish to raise a concern regarding a CREST examination, such as examination content, results delivery or your experience, please email [email protected] and mark your email for the attention of the Examination Co-Ordination Manager who will ensure that your query is addressed.
A copy of CREST’s Examination Appeals Handling Process is available here