Login to profile

CREST Certified Tester - Infrastructure (CCT INF)

Following the recent update to the CREST Registered Penetration Tester (CRT) exam and our dedication to enhancing and updating our exams, we are excited to share that, in 2024, we will be implementing significant changes to this exam.

The upcoming changes will ultimately improve the overall exam experience. However, if you fall into one of the following categories, we encourage you to book and take the current exam as soon as possible to minimise the impact of the transition:

  • You’ve taken the exam before and are due to renew in the next 6 months or so; or
  • You’re planning a re-take, having attempted the exam before; or
  • You have been studying for the exam and are ready to take it

We will be keeping this webpage up to date and sharing detailed information on all the changes as and when they are ready.


Book now with Pearson Vue for the written element of this exam

The CREST Certified Infrastructure Tester examination is a rigorous assessment of the candidate’s ability to assess a network for flaws and vulnerabilities at the network and operating system layer.  The exam includes:

  • Public domain information sources
  • Networking
  • Windows operating systems
  • Unix operating systems
  • Desktops
  • Databases
  • Voice networking
  • Wireless networking.

Examination format
The format is the same for both the Infrastructure and Application Certified Tester exams.  The candidate will be expected to possess not only the technical ability to find security weaknesses and vulnerabilities, but also the skills to ensure findings are presented in a clear, concise and understandable manner.  The examination consists of three tasks:

  • A multiple-choice written examination
  • A hands-on practical examination in two sequential sections, six hours in duration. The first component will comprise a Scenario question demarcated from the practical component and designed to mimic the skills required to perform a build review and author a client report on the findings.  The second component will be a practical test (now referred to as an Assault Course)

To pass the exam, the candidate must pass all sections.  The written elements of the examination are delivered at Pearson Vue test centres;  the practical element is delivered at a CREST examination centre.  Candidates must hold a valid pass in the written element of this examination in order to sit the practical element.

You can download the following documents from the links below:

In-depth exam insights from a CREST Assessor.

Syllabus for the Certified Infrastructure tester examination. Applicable from 1 August.

Notes for Candidates to aid examination preparation.

Sample CCT-Inf Practical paper.

Sample CCT-Inf Scenario paper.

For costs and availability please refer to individual country booking.

Individuals undertaking this examination can request that their information be provided to the NCSC to be considered for CHECK Team Leader (Infrastructure) Status.

Recommended Preparation Material
The CREST Assessors panel regularly identifies common themes and consolidates common questions and answers from candidates and from the industry in relation to the CREST certification examinations. Candidates are advised to familiarise themselves with these, although they are free to disregard them if they wish.

CREST recommends that candidates familiarise themselves with the content in our FAQS which have been created specifically for those attempting a practical examination.

The following material and media have been cited as helpful preparation for this examination by previous candidates:

Reading Material:
Network Security Assessment (by O’Reilly/McNab)
The Art of Exploitation (by O’Reilly)
Unix in a Nutshell (by O’Reilly)
Red Team Field Manual (RTFM) (by Ben Clarke)
Hacking Exposed 7: Network Security Secrets and Solutions (bu Stuart McClure/Joel Scambray/George Kurtz)
The Oracle Hacker’s Handbook: Hacking and Defending Oracle (by David Litchfield)
Red Hat Linux Networking and System Administration (by Terry Collings)
TCP/IP Illustrated (vol.1, 2nd edition) (by Kevin Fall/W.Richard Stevens)
The Art of Software Security Assessment (by Mark Dowd/John McDonald/Justin Schuh)
Grey Hat Hacking (by Allen Harper/Shon Harris/Jonathan Ness)
Network Warrior (by Gary A. Donahue)
Hackers Playbook (by Peter Kim)
Metasploit – The Penetration Tester’s Guide (by David Kennedy)

http://vulnhub.com – free vulnerable images
www.owasp.org – various Goat projects

How to Book – Practical Element
The practical element of this exam is only available at a CREST Exam Centre. Please complete our online booking form.

Useful Information for Candidates
Details of the Logistics and Timings of CREST examinations can be found in the Examination Preparation pages for your country of choice
CREST’s Policy for Candidates requiring special arrangements including additional time to accommodate a medical condition (including examinations delivered via Pearson Vue.
Terms and Conditions for CREST Examinations (includes hard disk drive wiping policy)