CREST Practitioner Intrusion Analyst (CPIA) – Notes for Candidates
The Notes for Candidates gathers essential information about the CPIA exam and intends to support CREST candidates on their preparation, increasing their chances of success.
1. Exam overview
The CPIA exam is an entry-level exam that tests a candidate’s knowledge in assessing fundamental aspects of Incident Response below that of the CRIA qualification. This includes administration and incident management, the core technical skills required to deal with an incident, Information Gathering, Network and Host Intrusion knowledge and Malware Analysis to a basic level.
2. Exam structure
The exam covers a common set of core skills and knowledge. The candidate must demonstrate that they have the knowledge to perform basic Network and Host Intrusion and Malware Analysis.
Exam duration
The CPIA Examination is comprised of one hundred and twenty (120) multiple choice questions to be completed over a 2-hour period with a result of 60% or more required to achieve a pass. Details of the areas covered can be found in the Syllabus document. Note that your permitted maximum session time at Pearson VUE is 2.5 hours in total.
Pre-requisites
The CPIA has no prerequisite exam but is the prerequisite to the CRIA exam.
Exam notes
The CPIA is a closed book exam. Therefore, no books, written notes, internet access or other electronic devices will be allowed.
3. Exam preparation and practice
In order to aid in the preparation for your exam, we have compiled a list of recommended reading materials, found below:
- Hacking Exposed – Scanning and Enumeration
- The ART of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory (by Michael Hale Ligh/Andrew Case/Jamie Levy/Aaron Walters)
- Malware Forensic Field Guide for Windows Systems (by Syngress)
- Practical Malware Analysis
- Network Fundamentals: CCNA Exploration Companion Guide
- Real Digital Forensics (particularly Chapter 1, Windows Live Response)
- TCP/IP Illustrated
We have also partnered with a Training Provider to supplement your knowledge on the topic areas detailed in the syllabus. This training course can be found below:
Websites: OverAPI.com
Sample questions
Examples of questions that help candidates to understand what to expect from the examination environment. You’ll find our sample questions here.
4. Exam content
CPIA validates a practitioner’s knowledge of Incident Response beyond terminology. Successful CPIA candidates will be able to demonstrate that they are qualified for hands-on Incident Response roles (indicative of 2 years experience) with respect to:
– Soft Skills and Assessment Management
– Core Technical Skills
– Background Information Gathering and Open Source
– Network Intrusion Analysis
– Analysing Host Intrusions
– Malware Analysis/Reverse Engineering
– Exam Certification Objectives & Outcome Statements
For further information on the skills being assessed, consult the CPIA exam Syllabus.
5. Exam grading
Each multiple-choice answer is worth one (1) mark. No points are deducted for incorrect answers. The marking scheme is given in the table below:
| Component | Total Marks |
| Total marks written (multiple choice) | 120
|
Pass mark
Successful candidates must score 60% of the available marks. That is:
- at least 72 marks from the written component (possible total: 120 marks).
Feedback
Unsuccessful candidates will be told their final scores where they haven’t reached the required standard. The score will not be disclosed where candidates have achieved 60% or more.
6. Exam booking and logistics
Exam location
The CPIA exam is delivered at a Pearson VUE centre of your choice. Please visit the Pearson VUE website and follow the on-screen instructions to register and schedule your chosen examination.
Retake policy
Unsuccessful candidates may retake the CPIA exam 7 days after the original exam date.
Invigilation
A test centre administrator/invigilator will be present throughout the examination to answer any procedural questions that candidates may have and assist in troubleshooting. The invigilator will not provide any support or advice related to the exam content.
If an issue does occur, a case will be filed. Every effort will be made to accommodate the continuation of your exam and all cases will be investigated and resolved within 3-5 business days. Pearson VUE should provide you with a case ID number. Please ensure you retain this information as this may be required at a later date.
Communication of results
Examination results from the automated process are provided by Pearson VUE to the candidate at the end of the exam session and electronically sent from CREST within 5 working days. Digitally signed certificates, where appropriate, will be emailed to candidates.
Special accommodations
Candidates must contact the CREST Support team at least 2 weeks before the potential exam date with a formal medical report from a qualified medical practitioner specialising in the particular condition. Candidates should register an account with Pearson VUE but not book an exam until the accommodation request has been processed. For more information, please contact [email protected].
