Get more info about setting up a new chapter in your area.
All skills will be assessed by a practical assault course.
During the exam candidates will be provided with desktop access to a virtual machine running Kali Linux that can be used to perform the required tasks. This machine has a large number of tools installed including licensed versions of Nessus Professional and BurpSuite Professional.
A version of this virtual machine without the commercial licenses can be downloaded by candidates so they can familiarise themselves with the platform prior to the exam. This can be downloaded here.
You can download the following documents from the links below:
In order to book to take the examination, the candidate must hold a valid CPSA pass. Success, combined with valid CPSA certification, will confer CREST Registered Security Analyst (CRSA) status to the individual.
Due to the additional technical requirements of the practical exams, only a subset of Pearson Vue centres are able to run them. While this subset is more restrictive it still includes over 300 locations worldwide. When booking an exam through the Pearson Vue website, candidates will be presented with a choice of suitable locations nearest to them.
For costs and availability please refer to individual country booking. The examination is delivered at Pearson Vue test centres.
Recommended Preparation Material
The CREST Assessors panel regularly identifies common themes and consolidates common questions and answers from candidates and from the industry in relation to the CREST certification examinations. Candidates are advised to familiarise themselves with these, although they are free to disregard them if they wish.
CREST recommends that candidates familiarise themselves with the content on our FAQS page which has been created specifically for those attempting a practical examination.
The following material and media have been cited as helpful preparation for this examination by previous candidates:
Network Security Assessment (by O’Reilly, 2nd edition)
Hacking Exposed Linux
Red Team Field Manual (RTFM) (by Ben Clarke)
Nmap Network Scanning: The Official Nmap Project (by Gordon Lyon)
Guide to Network Discovery and Security Scanning
Grey Hat Hacking (by Allen Harper, Shon Harris & Jonathan Ness)
6point6 – CREST Approved Training Provider
Cyberskills Training – CREST Approved Training Provider
ICSI Ltd – CREST Approved Training Provider
Immersive Labs – CREST Approved Training Provider
PGI Cyber Academy – CREST Approved Training Provider
QA – CREST Approved Training Provider
Telefonica Cybersecurity & Cloud Tech SL – CREST Approved Training Provider
Certified Ethical Hacker Passport
Useful Information for Candidates
Details of the Logistics and Timings of CREST examinations can be found in the Examination Preparation pages for your country of choice
CREST’s Policy for Candidates requiring special arrangements, including additional time to accommodate a medical condition (including examinations delivered at Pearson Vue centres)
Terms and Conditions for CREST Examinations (includes hard disk drive wiping policy)