Login to profile

Examination FAQs

What are the next examination dates in the UK?

You can find a list of upcoming examinations, dates, venues, and relevant assessors on our UK Examination Dates page.

Is there any additional reading I can use for preperation?

It is recommended that candidates read ‘In-depth exam insights from a CREST Assessor’ to familiarise themselves with some common examination mistakes. On each individual examination page, there is also the examination syllabus, notes to candidates and recommended reading from past candidates.

Testing Form Fillable PDF functionality

As CREST is offering paperless examinations during the Covid-19 pandemic, a sample examination worksheet has been created to allow candidates to test the functionality of the software on their laptops in advance of sitting CREST examinations which are now paperless.

Sample Electronic Candidate Worksheet

What techniques do I need to be able to use the paperless examination system?

As part of the transition to paperless exams; question packs are made available to candidates via a Samba share on a Unix host. Samba shares emulate shared folders on Windows hosts.

Candidates will be provided with:

The host name of the Unix host
A valid username
A valid password

Using this information candidates must be able to connect to the host; identify the exposed share and then read/write to that share.

For example, if a candidate is provided with the following details for their exam:

Host: \\examanswers
Username: “candidate”
Password: “Pa55w0rd”

A candidate may consider the following commands from a Windows hosts: Create an authenticated connection to the host:

C:\Users\h4x0r>net use \\examanswers\ipc$ /user:candidate “Pa55w0rd” Determine the shares available: C:\Users\h4x0r>net view \\examanswers

Shared resources at \\examanswers

EXAMANSWERS Server Share name Type Used as Comment

——————————————————–

CRT Disk

The command completed successfully.

Mount the relevant network share (“CRT” in this example)

C:\Users\h4x0r> net use * \\examanswers\CRT

Drive Z: is now connected to \\examanswers\CRT.

The command completed successfully.

Then subsequently read and write share contents using the newly mounted drive (“Z:” in this example).

Note: The example assumes using a candidate is using a Windows client; CREST have validated that other operating systems can also access the Samba shares.

It is the candidate’s responsibility to ensure that their testing platform can be used to meet this requirement otherwise they will be unable to successfully complete their examination.

Use of Apple Mac devices by candidates – including newer Apple Silicon based Macs

Candidates who plan to use Apple Mac devices for exams need to take some additional steps to ensure their devices can be returned to them after exams. These are documented below. The exam team will do our best to answer candidate questions, but it is it is expected that candidates familiarise themselves with the steps to do the below which may vary slightly depending on hardware and configuration of their device. Candidates should contact CREST before the exam day if they have questions regarding this. Candidates who are not able to follow these steps are advised not to bring Apple devices for the exam.

Before taking the exam, in addition to other steps for all devices (such as disabling WiFi and LTE cards) a candidate with an Apple Mac device will be required to:

1 – Disable the “Find My” feature
2 – Enable FileVault
3 – Disable all security controlling access to recovery mode
4 – Verify to the assessor that these steps have been taken, including rebooting to recovery mode

After the exam, the candidate will need to:

1 – Reboot to recovery mode
2 – Launch disk utility and select “show all devices”
3 – Select the top level disk and click “erase”, format as APFS
4 – Reboot and verify the laptop has no OS to boot to

The candidate will then be permitted to take the device home as no further disk wiping is required.

Further information

This section expands on the steps above.

Disable “Find My” feature

macOS Ventura: Choose Apple menu > System Settings, click [your name] at the top of the sidebar, click iCloud on the right, click Find My Mac, then click Turn Off next to Find My Mac. Screenshot below.

AppleMac disable 'find my' feature screenshot

macOS 12 or earlier: Choose Apple menu > System Preferences, click Apple ID, click iCloud, then deselect Find My Mac.

Refer to Apple notes for more information: https://support.apple.com/en-au/guide/icloud/mmdc23b125f6/icloud

Enable FileVault

macOS Ventura: Choose Apple menu > System Settings, click Privacy & Security in the sidebar, click Turn On next to FileVault and follow the prompts (if it says Turn Off then it is already on). Screenshot below.

Apple MacBook 'enable filevault' screenshot

macOS 12 or earlier: Choose Apple menu > System Preferences, click Privacy & Security, then click FileVault and click Turn On FileVault. Follow the prompts (if it says Turn Off FileVault then it is already on. If the lock at the bottom left is locked , click it to unlock the preferences pane).

Disable all security controlling access to recovery mode

Start up from macOS Recovery. During start-up, you will be prompted to enter the firmware password.

When the utilities window appears, click Utilities in the menu bar, then choose Start-up Security Utility or Firmware Password Utility.

Click Turn Off Firmware Password.

Enter the firmware password again when prompted.

Quit the utility, then choose Apple menu  > Restart.

Refer to Apple notes for more information: https://support.apple.com/en-us/HT210151

Verify to the assessor that these steps have been taken, including rebooting to recovery mode

To boot to Recovery Mode for newer Macs on Apple Silicon (M1/ M2), turn on the Mac and continue to press and hold the power button until you see the start-up options window. Select Options, and then select continue. If prompted, provide the login credentials.

Hard Disk Drive Wiping Policy

Please consult the CREST Examination Terms and Conditions for full details. Please note Intel based MacBooks (pre Nov 2020) may be used as long as the exambookings team are informed in advance as the assessor must be made aware. “Find My” must also be disabled.

Apple Silicon MacBooks (post Nov 2020) cannot be used for a CREST examination.

Why must I hold a current CCT INF qualification to be able to sit the CC SAS examination?

The CC SAS examination does not assess the core infrastructure penetration testing skills that are assessed during the CCT Infrastructure examination. These core infrastructure testing skills are deemed essential for any Simulated Attack engagement, and therefore a current CCT Infrastructure qualification is deemed mandatory for any individual wishing to sit or retain the CC SAS exam and qualification.

Candidates should note that expiry of the CCT Inf qualification will result in the CC SAS qualification being suspended until such time as the Inf qualification has been re-certified.

What is the best way of revising for the examinations?

Unlike some areas of academia, CREST exams are usually vocational; they are not designed to be achievable by a candidate whose sole focus is passing them through isolated study. They are designed to measure an individual’s capability to operate within the industry and identify those who can demonstrate the skills required.

The majority of successful candidates have gained real-world experience, augmented by training courses in certain disciplines, before attempting the examination.

Do you have any technique advice for the practical examinations?

This is quite a subjective question but there are certain pieces of advice that have been generally repeated by CREST members many times:

  • Know how your tools work. You will not have time during the examination to learn how a tool works or debug it, so ensure that you are familiar with the operation and nuances of tooling that you use. It is useful to be familiar with multiple methods of performing the same task so that, in the event of an unexpected problem with one tool suite, there is an immediate alternative available.
  • Keep your tools up to date, but do not do your first major update the day before the exam. The exams are designed to ensure currency of knowledge, so new techniques and technologies will likely be included. However, performing a major operating system upgrade the day before your exam may cause problems with dependencies and broken tooling.
  • Do not depend on the internet. Most CREST practical examinations are open book, in that any reference material (including from the internet) can be used. However, it is faster to have local copies of notes available so that you can quickly refer to them. Having organised notes helps too.
  • Ensure you are familiar with your laptop build. A surprising number of candidates have had issues with their operating system; regular examples include manually setting IP addresses or correctly configuring the networking between virtual machines and the base operating system. The exams are built on the assumption that all candidates will be confident in administering their own laptop, and any time spent debugging laptop problems will be at the expense of completing the questions or performing tasks during the exam. Some candidates attempt practical examinations on unfamiliar laptops or platforms which is hugely disadvantageous to them. This is also unrepresentative of the real world. Candidates who are employed in the security industry would not usually deliver client work on a platform that they are completely unfamiliar with.
  • Time management. The exams are designed to assess efficiency and experience in addition to technical capability; spending half an hour on a five-mark question will more than likely result in you running out of time. Unless the exam paper tells you otherwise, aim for roughly one minute per mark and avoid getting fixated on one question at the expense of others.
  • Read the full question. A number of candidates answer a question which is slightly different to the one being asked. For example, no marks will be awarded if a candidate writes an IP address down when the question asks for a hostname. All practical exams include a period of time for candidates to familiarise themselves with the examination paper; this should be used wisely. Some candidates use a highlighter to draw their attention to the key elements of the more complex questions

Why do some practical examinations contain ‘old’ technologies?

The content of the examinations depend on a number of criteria; this includes but is not limited to:

  • Representation of the technologies available across the security industry. Some old technologies are still prevalent in use;
  • Requirements from other bodies; some CREST exams entitle candidates to apply for other accreditations (for example CHECK). There are some requirements from these bodies that must be adhered to.

However, the exams are under constant review and the content is being changed and upgraded. Candidates will be expected to be aware of technologies and operating systems which are in use in the industry, regardless of age.

Can I pay by credit card?

Credit cards can be accepted via PayPal for Business. We can also accept payment via BACS. Cheques may be accepted.

Can I change the date of my examination?

Yes, you can change the date of your examination once provided you give us 21 days’ written notice (please see our Terms and Conditions). If you need to reschedule your examination within the 21 day limit and there are extreme extenuating circumstances, please contact CREST and a decision will be taken on a case by case basis although no guarantees can be made.
NOTE: a rescheduling request due to changes in work or project commitments within the 21 day limit will not be accepted as extenuating circumstances and the standard 21 day policy will apply.

You can also substitute a candidate free of charge if you do not wish to cancel an examination. You may only offer a substitution once.

Any additional changes to those outlined above will incur another examination fee (based on the examination type).

Covid-19 During the current uncertainty caused by Covid-19, CREST will change examination dates without penalty if candidates display Covid-19 symptoms prior to their scheduled examination date.

When will I receive confirmation of my examination booking (joining instructions)?

You will receive confirmation by email with full details on the examination two weeks prior to your examination date.

Links to the technical syllabus, notes for candidates and location details are sent via email at the time of booking and are also available on the CREST Exams section.

What verification do CREST require if I want additional time for my examination because of a medical condition?

If you have a medical condition that justifies or qualifies for additional time for you to take your examination, you will need to provide a letter from your doctor or medical specialist to support your request. CREST follows the British Dyslexia Association recommended provisions and our policy covering additional time can be found on our notes on exam preparation.

Can you increase the time permitted during examinations?

A number of candidates experience time pressure during CREST examinations, particularly the practical ones, but the time limits are deliberately enforced. The ability to obtain the deliverables required by each question in the time permitted is part of the assessed standard.

The exam timings are designed to allow sufficient time to investigate and derive the required answer, but a candidate who is not familiar with the techniques being examined and needs to repeatedly troubleshoot tool usage or laptop configuration is unlikely to be operating at the level required and consequently will struggle to achieve sufficient marks to pass.

Remember that the CREST practical exams are, as their name states, examinations; they are not primarily designed for training or personal development and, as such, only minimal time is allocated to troubleshooting, diagnostics or debugging tools and techniques. The exams are not simply assessing whether a candidate (given sufficient time) could obtain the answer required; they are assessing whether a candidate is familiar enough with the relevant discipline to be able to perform technical investigations and interventions quickly, accurately and efficiently.  All of the tasks are reasonably achievable providing that the candidate is confident and competent.

Can I listen to music during my examination?

Yes. It is recommended that you put music onto your laptop; Do not use a mobile ‘phone or MP3 player as it will be wiped at the end of your examination.

You must bring your own personal headphones/earphones to use.

If your music disturbs other candidates you will be asked to turn it down and/or turn it off completely.

Why do I have to supply different addresses?

Invoice Correspondence:    CREST is aware that, particularly in larger companies, the accounts department may be based at a different location to the candidate. By supplying an address for billing correspondence, CREST can ensure that information reaches the appropriate destination.

Hard Drive:   CREST is aware that candidates may prefer to have their computer hard drives returned directly to them, particularly if they do not attend their business address regularly. CREST makes every effort to return hard drives to candidates within 21 days of the date of the examination. Please also read the CREST Hard Drive Return policy at Clause 8 of our Terms and Conditions.

When will I receive my examination results?

CREST makes every effort to email candidates with their result letter within 30 days of the examination being taken. Digitally signed certificates, where appropriate, will be emailed to candidates.

How can I promote my CREST Certification on my LinkedIn profile?

We encourage you to add your CREST certification to your LinkedIn profile. This is how you do it:

  1. Click on your icon on the right hand side of the menu bar and select View Profile.
  2. Select Add a section
  3. Select Add licence & certification
  4. Complete the prompted fields, including the full name of your certification and dates as they appear on your certificate. CREST’s LinkedIn page will appear as you start typing the name

If you are unsure of any of the details to include please contact [email protected]

If you experience any difficulties adding your certification and would like to add it then please contact [email protected]

I passed. Can I find out my marks?

CREST do not disclose marks which are at or above the minimum mark for that section or exam. This is to avoid an unofficial hierarchy being formed. The purpose of the examinations is to measure every candidate against a fixed standard, not candidates against each other.

Unsuccessful candidates are provided with their marks because there is a clear benefit in giving them an overall understanding of areas of weakness.  However, no further feedback will be provided.

What happens if I want my certificate sent to another address?

As all certificates are now sent electronically, please contact [email protected] and let us know which email address you would like your certificate sent to.

I failed the Scenario section of my Certified Infrastructure / Web Applications Tester examination. How can I improve?

•   Read the questions, they actually give the mini breakdown of what’s expected.  For example, for the issues where we expect to see a technical description, you should give a method to reproduce the issue along with some evidence and appropriate (not generic) recommendations for each issue.

• Answer all the questions.  Again this might sound simple but people don’t always do this.  It is impossible to give marks for empty sections/tasks.  For example, where a question asks for two separate high risk vulnerabilities, make sure that there are two distinct vulnerabilities.

• When a section is worth 15 marks and you only give a couple of sentences, that answer isn’t going to get a lot of marks.

• Keep the target audience in mind, especially around the Technical Summary and Executive Summary.  Too often for these sections we see a re-hash of other answers and they will not get any extra marks.  Consider impact and risk and how a non-technical person would read this.

• Remember that this is a client report, so we would expect to see:
– A Table of Contents
– Name of consultant
– Name of client
– Date
– Scope
– Appropriate headings
– Etc

• Spelling and grammar are important;   marks are removed for poor use of language.

• Don’t be too generic with recommendations.

Why did I receive low marks on a long form or prose style question?

There are a number of common reasons why candidates do not attract high marks on prose questions; these have been summarised below.  If you were unsuccessful on a long form, scenario or prose examination, the reason will very likely be discussed here.

  1. Poor, unclear language or answer structure. Some marks are specifically allocated for clear language. Although allowances are made for the absence of spellchecking software to a degree, it is important that the answers are structured clearly and presented in a professional manner. Incorrect usage of technical terms, poor spelling or unclear phraseology will not attract full marks, and successful candidates ensure that their answers are all of a quality suitable for delivery to a client.
  2. Vague, non-committal and overly verbose language. It is very common for candidates to produce long paragraph answers which, although perhaps accurate, do not demonstrate any actual knowledge. A good example is answering a question related to risk with a sentence to the effect of “all applicable risks and local laws should be managed in line with the client expectations”; this is a true statement but does not demonstrate specific or detailed knowledge and consequently cannot attract high marks.   Another example is an assertion that “the environment should be secure” without further explanation;  this is probably true but does not demonstrate anything beyond basic intuitive reasoning.  Successful candidates will ensure that their answers do not contain unnecessary phrases and are specific and detailed enough to demonstrate their knowledge in this area.
  3. Answers being irrelevant to the question. Some candidates answer a different question to the one being asked; in some cases, those differences are subtle. It is important that the questions are read carefully to avoid misunderstandings.  Another reason is due to a common but flawed technique:  some candidates copy and paste an answer between questions because of the perceived similarity between questions.  This will often result in low marks because the questions will be subtly different in either content or perspective.  If two questions appear to be identical, the successful candidate will read both questions carefully and ensure that their answers are focused on the specific question.
  4. Repetition of answers. In a surprisingly high number of cases, the same point is made multiple times using slightly different terminology but with the same meaning.  This will not attract additional marks.
  5. Attempting to anticipate the mark scheme. The CREST examinations are not looking for perfection; they are looking to measure and assess competence at a given discipline and the mark schemes are devised and moderated by assessors who also deliver at that discipline. Successful candidates answer the questions based on real world knowledge, not by attempting to perfectly align with a perception of the mark scheme. An unrealistic answer will attract far fewer marks than a realistic but imperfect one.
  6. Consider the audience and context of the question.    Some questions will provide an indication of the context of the question: for example, the question may require candidates to author a management summary for the board or may involve a scenario in which specific facts are given.  Generic answers (which are not tailored to the specific circumstances in the scenario) or a management summary which contains overly technical information will not attract high marks, regardless of how technically accurate the information is.  This is because the question is looking to examine the ability to translate information for different audiences or apply general principles to a specific situation. Successful candidates will ensure that their answers are tailored to the given environment, scenario or question.
  7. Colloquialisms.  Answers should be written using professional English in a style commensurate with that of a formal report.  Colloquial statement, emoticons, “text speak” or other casual, informal language that would not be appropriate in a formal report will not attract significant marks.  All prose questions attract marks specifically for the overall quality of the deliverable and these marks can only be obtained by providing a professionally worded, formal answer.  It is impossible to obtain full marks based on technical accuracy alone.

Can I have additional feedback on my examination?

CREST do not provide additional feedback on an individual basis beyond the information provided in the results letter. There are a number of reasons for this:

•  Consistency. It is obviously inconsistent for some candidates to be provided with additional details relating to their exam without that same courtesy being extended to all individuals.

•  Resource. The Assessors’ panel do not have the bandwidth to provide individual feedback on every examination whilst ensuring that the results are provided in a timely manner.

•  Exam Integrity. Although CREST’s aims include the promotion of security best practice within the industry, this needs to be balanced with the need to maintain the confidentiality and integrity of the exams. Providing answers or a detailed explanation of the mark scheme for any of the examinations would have an obvious negative effect on the integrity of the exam. Although this may be frustrating, it is also standard practice.

•  Benefit. Feedback on the provided answers without context (or a reminder of the question) will be of limited value. Therefore, the maximum benefit will only be realised if the questions are also disclosed, which would have the effect of revealing the entire mark scheme.

The ultimate purpose of the CREST examinations is to compare the candidate’s ability to a moderated and consistent standard.  The exams are neither intended nor designed to provide training opportunities, although CREST hope that candidates benefit from the process and experience of the examinations.

If a candidate has a genuine belief that marks have not been appropriately awarded or that any element of the examination process has been incorrectly applied to them, the above does not preclude the invocation of the Appeals Process.  However, this process will not reveal the above information; it is in essence a formal review of the examination process as applied to the individual candidate.

This Process is regularly updated and is intended to provide as much detail as possible without affecting the integrity of the examinations.

I am unhappy with my multiple-choice examination result

At the end of their multiple-choice examination, candidates will be handed a results sheet by Pearson Vue. Some of these will show a breakdown by subject area and the percentage achieved by the candidate. The examination assesses several different subject areas. Each attempt of the examination will generate a different number of questions per subject area and these are not assessed using an equal number of questions for each area. Because of this, two attempts at the same examination can yield different subject area percentages but the same score for the examination as a whole.

CREST gives candidates their percentage score solely to help them understand which subject areas they need to work on the most. We also give candidates their percentage score for the examination as a whole.

Candidates should note that the results of multiple-choice examination components are final.

How long must I wait before I can re-sit my examination?

Please see our table for the re-sit criteria for each CREST examination.

Note:
a) If a candidate fails an examination that comprises two parts, both parts must be retaken.
b) In line with our Terms and Conditions, examinations being re-taken are charged at the standard, published rate.
c) For examinations marked with an *, if a candidate is unsuccessful on their fourth attempt, they must wait six
months before they can re-attempt the examination at which point they will have a further four attempts
available to them.

I.e.: 4 attempts, all fail = six-month break. Further 4 attempts, all fail = six-month break. And so on.

If there is an unenforced six-month break, candidates will have four attempts before this policy is applied.

Is my examination status sent to third parties?

CREST Chapters:  In order to effectively manage certifications and re-certifications across our Chapters, CREST International may share your contact details and overall pass/fail result (not component scores) with our Chapters in line with our Examination Terms and Conditions.

NCSC:    Because of the agreement that is in place between the NCSC and CREST, if it is appropriate based on the examination you sit, CREST will advise the NCSC of your status.

NOTE: Candidates wishing to apply for UK CHECK Team Member or UK CHECK Team Leader status must contact the NCSC directly as CREST’s involvement in the process is limited to the submission of examination results only. The NCSC can be contacted as follows:
Tel: 01242 709141                   Email: [email protected]

Bank of England:    Because of the agreement that is in place between the Bank of England and CREST around the CBEST scheme, if it is appropriate based on the examination you sit, CREST will advise the Bank of England of your status.

Civil Aviation Authority:    Because of the agreement that is in place between the Civil Aviation Authority and CREST around the ASSURE programme, if it is appropriate based on the examination you sit, CREST will advise the Civil Aviation Authority of your status.

How do I raise a concern about CREST examinations?

If you wish to raise a concern regarding a CREST examination, such as examination content, results delivery or your experience, please email [email protected] and mark your email for the attention of the Examination Co-Ordination Manager who will ensure that your query is addressed.

Appeals Process

A copy of CREST’s Examination Appeals Handling Process is available here