CREST Certified Tester - Infrastructure (CCT INF)

The hotel-based CCT INF practical exam will run until April 2024. If you are planning to take this exam, please refer to the appropriate syllabus on this page.

The CCT INF exam syllabus defines the areas that are assessed within the CCT INF exam. 

Candidates will be expected to find known vulnerabilities across common networks, applications, infrastructure and databases as well as new syllabus areas which include Containerisation, Cloud and macOS. CCT INF validates a practitioner’s ability to conduct vulnerability scans using commonly available tools and to interpret the results.  

Successful CCT INF candidates will be able to demonstrate that they are qualified for Pen Test Roles (indicative of 5-6+ years experience) with respect to:

• Soft Skills and Assessment Management

The candidate will have a good understanding of the Engagement Lifecycle, Law and Compliance, Scoping, Managing Risk, Client Communications, Record Keeping, Reporting and Platform Preparation. 

• Core Technical Skills

The candidate will have a good understanding of Hardware Security. 

The candidate will demonstrate a deep understanding of the use of prescribed tools to interpret output, Pivoting, Cryptography, and be able to conduct OS fingerprinting. 

• Networks

The candidate will demonstrate a good understanding of Network routing protocols, Wi-Fi, Network Intrusion Protection, and SCTP. 

The candidate will demonstrate a deep understanding of network connections, Ethernet protocols, VLAN Tagging, IPv4, IPv6 Including packet manipulation, network architecture, mapping, Devices and filtering, traffic analysis (Intercept and monitor (PCAP), TCP, UDP, NAC, and Host Discovery. 

• Network Services

The candidate will have a good understanding of Network Redundancy Protocols, Berkely R* Services and trust relationships, and Finger. 

The candidate will demonstrate a deep understanding of the concepts of Unencrypted Services (Telnet, FTP, SNMP, HTTP), TLS/SSL, Network Configuration, Name Resolution Services (DNS, NetBIOS/WINS, LLMNR, mDNS), Management Services, (Telnet, Cisco Reverse Talent), SSH, HTTP, Remote Powershell, WMI, WinRM, RDP, VNC, X), Desktop Access, IPsec, FTP, TFTP. SNMP. SSH, NFS and its security attributes, SMB including Win File shares and Samba, LDAP, X, RPC Services, NTP, IMPI, VoIP, SMTP and Vulnerable Services. 

• Microsoft Windows Security Assessment 

The candidate will demonstrate a deep understanding of Windows Reconnaissance, Network and Active Directory Enumeration, Windows Passwords, Processes and File Permissions, Registry, Windows Remote and Local Exploitation, Post Exploitation, Patch Management and Common Windows Applications. 

• Linux/UNIX Security Assessment

The candidate will demonstrate a deep understanding of Linux/Unix reconnaissance, Linux/Unix Network Enumeration, Linux/Unix Passwords, Linux/Unix File Permissions, Linux/Unix Remote, Local and Post Exploitation and Linux/Unix Processes. 

• Windows Desktop Lockdown

The candidate will demonstrate a deep understanding of Lockdown solutions, Breakout techniques, Local File protections, PowerShell restrictions and User Account Control. 

• Databases

The candidate will demonstrate a deep understanding of SQL Relational Databases, MS SQL Servers, Oracle RDBMS, MySQL and PostgreSQL and NoSQL. 

• Containerisation 

The candidate will demonstrate a deep understanding of Containers and the differences between Virtualisation, Docker, Kubernetes and LXD. 

• Cloud Security 

The candidate will demonstrate a deep understanding of Pen Testing Authorisation, Virtual Private Clouds, Logging and Monitoring, IDAM, Denial of Service and Resource Exhaustion, General and AWS Cloud Reconnaissance, Host to Cloud Transition, Cloud Secrets Management and AWS Workspaces. 

• Internet Information Gathering and Reconnaissance

The candidate will have a good understanding of Website Analysis, Search Engines, News Groups and Mailing Lists, Information Leakage, Social Media and Document Metadata. 

The candidate will demonstrate a deep understanding of DNS. 

• Web Technologies

The candidate will demonstrate a deep understanding of Web Servers, Web App Frameworks, Mark up Languages, Web Languages, Web APIs, Web App Reconnaissance, Information Gathering, Web Authentication and Authorisation, Input Validation, Fuzzing, XSS, SQL, ORM, XML, SSI and LDAP Injections,  Mail and OS Command Injection, Sessions, Cookies, Session Hijacking, XS Request Forgery, Mass Assignment, Web Cryptography, Parameter Manipulation, Directory Traversal, File Uploads, CRLF Attacks, Web App Logic Flaws and Client Side Vulnerabilities. 

• Virtualisation

The candidate will demonstrate a deep understanding of Virtualisation Platforms (including VMware, MS HyperV, Citrix, Oracle VirtualBox and Linux KVM), VM Escape and Snapshots. 

• Physical Security

The candidate will demonstrate a deep understanding of Locks, Tamper Seals, Platform Integrity, Boot Sequence, Disk Encryption, Recovery Functionality and Authentication. 

• Secure Development Operations 

The candidate will demonstrate a deep understanding of Secure Code Practices, Security of the Development Lifecycle, Infrastructure as Code and Code Repository Security. 

• Social Engineering

The candidate will have a good understanding of Phishing and its variations and Vishing. 

• MacOS Security Assessment

The candidate will have a good understanding of macOS Local and Post exploitation, reconnaissance and passwords, macOS file permissions and remote exploitation. 

You can find the full CCT INF exam syllabus here.

CREST Certified Tester – Infrastructure (CCT INF) – Notes for Candidates

The notes for candidates gathers essential information about the CCT INF exam and intends to support CREST candidates on their preparation increasing their chances of success. It is split into 4 sections:

1. Exam Overview: explains the new CCT INF exam and its general scope

2. Exam Structure: information on format, duration, materials allowed

3. Exam Content: details the content structure of the exam and what to expect

4. Exam Grading: information on marking structure and pass mark

1. Exam overview

The CCT INF is an advanced level examination that tests a candidate’s knowledge and expertise in assessing operating systems, common network services and general network infrastructure security as well as Linux, cloud, databases and other web technologies. The CCT INF examination also covers a common set of core skills and knowledge, and is available to take in Pearson VUE Test Centres globally. 

IMPORTANT: new CCT INF exam

This new CCT INF exam, introduced in 2024, includes a revised syllabus issued in January 2024. Please ensure you refer to the appropriate syllabus when preparing for the exam. 

The hotel-based CCT INF practical exam, only available in the UK, will continue to run until April 2024. After this, the CCT INF exam, including its practical component, will be exclusively delivered via Pearson VUE Centres. 

If you have any queries related to the hotel-based exam and syllabus, please check the dedicated page or contact CREST on [email protected]

2. Exam structure

Exam format

The new CCT INF exam has two distinct parts:

– A written exam which is made of two components: a multiple-choice test and a written scenario

– A practical exam

The multiple–choice component tests a candidates’ knowledge of the subject areas and the scenario assesses a candidates’ risk analysis and report writing skills.

The practical component tests candidates’ hands-on penetration testing methodology and skills against reference networks, hosts and applications. Candidates will not be able to use their own laptops and therefore will not able to access their own tooling. A version of Kali Linux will be available within the practical exam environment to address the practical assessment. 

Previously, candidates had to take and pass the written exam before being able to take the practical exam. In the new exam, candidates may take the exams in any order. 

Exam duration

Written exam

The written exam duration is 3 hours in total, split as follows:

– Multiple choice test (1 hour)

– Written scenario (2 hours)

Candidates will be given an additional 15 minutes for reading time prior to the start of written scenario component.

Candidates must start with the multiple-choice test followed by the written scenario component. The questions can be answered in any order within each component.

Practical exam

The practical exam duration is 3 hours and candidates will be given an additional 15 minutes for reading time prior to the start of the exam.

Pre-requisites

There are no pre-requisites to the CCT INF exam.

Exam notes

Written exam

The written exam is closed book. Therefore, no books, written notes, internet access or other electronic devices will be allowed. This applies to both components of the written exam: the multiple choice test and the written scenario. 

Practical exam

Candidates are able to pre-upload files ahead of their practical exam. These files will be accessible on the day of the exam. 

More details on the size and types of files allowed, as well as on how to upload them, will be provided once the booking window for the practical exam is open. 

3. Exam content

The new CCT INF syllabus has been revised and updated to include and expand on relevant areas and skills. Areas such as macOS security, Windows desktop lockdown, and social engineering are now part of the exam. There is also more focus on cloud services and security where six new skills have been introduced. Network intrusion protection, Unix exploitation and NoSQL injection are also amongst the areas with new skills. The new exam also builds on the existing soft skills and assessment management section introducing global and regional law and compliance components and report quality assurance.  

4. Exam grading

Written exam (180 marks)

– Multiple choice test (60 marks)

– Written scenario (120 marks)

Practical exam

More details will be provided once the booking window for the practical exam is open.

Pass mark

Written exam

Candidates must achieve at least two thirds or 66% in each component (multiple choice test and written scenario) to achieve a pass. Passing one of the sections but failing the other one will result in a failure overall.

Practical exam

More details will be provided once the booking window for the practical exam is open.

Feedback

Written exam

Candidates will receive their multiple-choice test results at the end of the exam with a breakdown of the areas and how they have performed.

The results for the written scenario component and overall result of their written exam will be provided within 20 days from when the exam has been taken.

Practical exam

More details will be provided once the booking window for the practical exam is open.

Here you can find some useful resources to support in your exam preparation.

Written exam

Sample questions

Examples of questions that help candidates to understand what to expect from the examination environment. You will find our sample questions here.

Sample scenario

Please visit the ‘Sample scenario’ drop-down section below.

Practical exam

A virtual machine will be made available so candidates can familiarise themselves with the tooling available in the practical exam environment. The virtual machine will host a version of Kali Linux that can be used to perform all required tasks within the exam.

Here you can find some official sample questions and answers that will help you familiarise yourself with the exam structure and wording as well as some of the key terms and definitions. 

Question 1 

Which of the following is NOT a default authority in Active Directory? 

A. Backup Operator

B. Workstation Operator

C. Server Operator

D. Account Operator

E. Print Operator

Answer

B. Workstation Operator

Question 2

From this list, which protocol provides the highest level of security on a wireless network? 

A. WPA / TKIP

B. UMTS

C. WTLS.

D. WE

E. WPA / AES

Answer

E. WPA / AES

Question 3 

Which of the following is not a valid key length for the AES encryption algorithm? 

A. 192 bits

B. 128 bits

C. 256 bits

D. 168 bits

E. All of the above

Answer

D. 168 bits

You can download a PDF version here.

The written scenario component is part of the written CCT INF exam which also includes a multiple-choice test.

The scenario essentially assesses the candidate’s knowledge and ability to write reports. There are also elements related to scoping engagements, assessing risks inherent to their findings and composing an issues’ write up for a report. Candidates could also be expected to demonstrate an understanding of relevant legislation affecting penetration testing in their operating jurisdiction.

Format

The written component starts after candidates have submitted their answers to the multiple-choice component within their written exam. They will be given 15 minutes before the scenario examination starts to read through the requirements and no examination activities are permitted during this time.

Once the written scenario starts, candidates will need to answer long form questions and will be given 120 minutes to do so. There is no requirement to complete each question in the order that they are presented meaning that candidates are free to complete them as they wish, provided that they do so within the allotted time.

Reminder: candidates must achieve the minimum pass mark in both the multiple-choice and written scenario parts to pass their written exam.

Marking

The written scenario is manually marked by CREST Assessors. The total marks on this section is 120 marks.

Sample scenario

You can read our sample scenario document online, which contains useful and sample information related to the CREST Certified Tester (CCT) examination scenario component.

The new CCT INF written exam is now available in selected Pearson VUE Test Centres across the globe. You can book your exam now via CREST :: Pearson VUE.

Invigilation

A test centre administrator/invigilator will be present throughout the examination to answer any procedural questions that candidates may have and assist in troubleshooting. The invigilator will not provide any support or advice related to the exam content.

If an issue does occur, a case will be filed. Every effort will be made to accommodate the continuation of your exam and all cases will be investigated and resolved within 3-5 business days. Pearson VUE should provide you with a case ID number. Please ensure you retain this information as this may be required at a later date. 

Communication of results

Written exam

Examination results will be emailed to the candidate within 20 working days of the examination.

Practical exam

More details will be provided once the booking window for the practical exam is open.

Promo codes (for candidates) 

Claim your promo code and unlock up to 75%* discount on the new CCT exam. Click here to claim your promo code.

CREST Pearson VUE vouchers

Pearson VUE vouchers are available from CREST for companies and individuals who either have an account with CREST or need an alternative payment method. These vouchers will be sent on receipt of a paid invoice. For more information please contact [email protected].

Special accommodations

Candidates must contact the CREST Support team at least 2 weeks before the potential exam date with a formal medical report from a qualified medical practitioner specialising in the particular condition. Candidates should register an account with Pearson VUE but not book an exam until the accommodation request has been processed. For more information, please contact [email protected].

How to cancel, postpone or reschedule

This is done through your own Pearson VUE registration and exam booking page and must be done at least 24hrs before your exam date.

The table below summarises key differences between the two exams:

The new syllabus has been updated and restructured adding greater depth to the exam. 

The exam duration has been extensively assessed to ensure that the time allocated is appropriate to answer all questions.  

Looking for more info on our CCT INF exam? Check out our handy CCT INF FAQs.