Login to profile

CREST Registered Penetration Tester (CRT)

Book your CRT exam today

Book now!


30% off exclusive to CREST members
Click here to claim your promotional code

Earn your CRT certification

The CREST Registered Penetration Tester (CRT) exam is recognised by Governments and regulators around the globe and is accepted by the UK National Cyber Security Centre (NCSC) for its CHECK scheme.

Have you taken CRT before or have you been studying for our previous hotel-based CRT exam? Click here for more guidance.

CHECK logo block Cyber Force DESC Dubai CSC logo block

CRT exam guidance

Syllabus

If you have booked the hotel-based CRT exam, only available until 30 November 2023, please refer to the appropriate syllabus on this page. 

 

The CREST Registered Penetration Tester (CRT) exam syllabus defines the areas that are assessed within the CRT exam. 

 

Candidates will be expected to find known vulnerabilities across common networks, applications, infrastructure and databases. CRT validates a practitioner’s ability to conduct vulnerability scans using commonly available tools and to interpret the results.  

 

Successful CRT candidates will be able to demonstrate that they are qualified for hands on Pen Test Roles (indicative of 3+ years of experience) with respect to: 

 

 

Core Technical Skills 

The candidate will demonstrate the use of prescribed tools to interpret output and be able to conduct fingerprinting. 

 

Internet Information Gathering and Reconnaissance 

The candidate will have a good understanding of DNS, including SOA, NS, MX, A, AAAA, CNAME, PTR, TXT, HINFO, SVT, as well as DNS queries, passive DNS monitoring and dangling DNS entries and their vulnerabilities. 

 

Networks 

The candidate will demonstrate a good understanding of network connections, VLAN Tagging, IPv4, network mapping, devices and filtering, traffic analysis (intercept and monitor (PCAP)), TCP, UDP, Service Identification and Host Discovery. 

 

Network Services 

The candidate will have a good understanding of the concepts of Unencrypted Services (Telnet, FTP, SNMP, HTTP), TLS/SSL, Name Resolution Services (DNS, NetBIOS/WINS, LLMNR, mDNS),  Management Services, (Telnet, Cisco Reverse Talent), SSH, HTTP, Remote Powershell, WMI, WinRM, RDP, VNC, X), Desktop Access, IPsec, FTP, TFTP. SNMP. SSH, NFS and its security attributes, SMB including Win File shares and Samba, LDAP, Berkely R* Services and trust relationships, Finger, RPC Services, NTP and SMTP and Mail Servers. 

 

Microsoft Windows Security 

The candidate will demonstrate a good understanding of Windows reconnaissance, network and active directory enumeration, Windows passwords, processes and file permissions, registry, Windows remote and local exploitation, post exploitation, patch management, Windows desktop lockdown and common Windows applications. 

 

Linux/UNIX Security Assessment 

The candidate will have a good understanding of Linux/Unix reconnaissance, Linux/Unix network enumeration, Linux/Unix passwords, Linux/Unix file permissions and Linux/Unix processes. 

 

Web Technologies 

The candidate will have a good understanding of web servers, web app frameworks (including .NET, J2EE, Coldfusion, Ruby on Rails, NodeJS, Django, Flask), common web applications, web protocols, mark up languages, web app reconnaissance, information gathering, web authentication and authorisation, input validation, XSS, SQL, mail and OS command injection, sessions, cookies, session hijacking, XS request forgery, web cryptography, parameter manipulation, directory traversal, file uploads and web app logic flaws.    

 

Databases 

The candidate will have a good understanding of SQL relational databases, MS SQL servers, Oracle RDBMS, MySQL and PostgreSQL, understand user enumeration of usernames, Unix vulnerabilities, FTP, SMTP, NFS, R* Services, X11, RPC services and SSH.

 

The full syllabus is available here.

Notes for candidates

CREST Registered Penetration Tester (CRT) Notes for Candidates

The notes for candidates gathers essential information about the CRT exam and intends to support CREST candidates on their preparation increasing their chances of success. It is split into 6 sections:

1. Exam overview: explains the new CRT exam and its general scope

2. Exam structure: information on format, duration, materials allowed

3. Exam preparation: list of resources to help you prepare and practice ahead of your exam

4. Exam content: details the content structure of the exam and what to expect

5. Exam grading: information on marking structure and pass mark

5. Exam booking and logistics: information on exam policies and logistics

 

1. Exam overview

CREST Registered Penetration Tester(CRT) exam

The CRT exam is an intermediate level examination that tests a candidate’s knowledge in assessing operating systems and common network services. It includes web app security testing and methods to identify common web app and infrastructure security vulnerabilities.

 

IMPORTANT: new CRT exam

This new CRT exam has been introduced in November 2023 including a revised syllabus. Please ensure you refer to the appropriate syllabus available on CREST website when preparing for the exam.

 

The new CRT exam will be exclusively available at selected Pearson VUE Test Centres globally.

 

The hotel-based CRT exam, only available in the UK, Australia and Singapore, will continue to run until 30 November 2023. From 1 December 2023, the CRT exam will be exclusively delivered via Pearson VUE Centres.

 

If you have any queries related to the hotel-based CRT exam and syllabus, please contact CREST on [email protected]


2. Exam structure

Exam format

The CRT exam remains a practical assessment consisting of multiple choice, flags and short form answers. The main difference is that candidates will not be able to use their own laptops and therefore will not able to access their own tooling. A version of Kali Linux will be available within the exam environment to address the practical assessment.

 

Exam duration

The exam duration is 2.5 hours and candidates will be given an additional 15 minutes for reading time prior to the start of the exam. The questions can be answered in any order.

 

Pre-requisites

A valid CREST Practitioner Security Analyst (CPSA) certification is required before you can book and sit the CRT exam.

 

Exam notes

The CRT is a closed book exam. Therefore, no books, written notes, internet access or other electronic devices will be allowed.

 

Although this might not be ideal for some candidates, CREST has set up a link where candidates can access the Kali Virtual Machine and familiarise themselves with the tools that will be available during the exam. We also recommend candidates to read the Exam Top Tips which provides guided suggestions on areas to focus when preparing for the CRT exam. 

 

The investigation phase has been completed and we are now working on the development of the notes/files functionality which will be incorporated to the CRT exam in the future. The next update on this matter will be provided in May and will include details on the timeframes.

 

3. Exam preparation and practice

In order to allow candidates to familiarise themselves with the tooling available in the exam environment, a virtual machine is available. The virtual machine will host a version of Kali Linux that can be used to perform all required tasks within the exam. This machine has a large number of tools installed, including licensed versions of Nessus Professional and BurpSuite Professional.

 

If you are taking your exam before 3 June 2024, please use this Kali Virtual Machine. If you are taking your exam after 3 June 2024, please use this Kali Virtual Machine.

 

The CRT Amazon image is the exact copy of the exam machine but Burp Suite and Nessus do not have licenses. These are fully licensed in the exam environment in Pearson VUE.

 

CRT candidate exam layout exampleImage of exam layout

 

Please note that:

  • It is not possible to copy and paste information from Kali to the answer sheet so care must be taken when typing answers.
  • You will be provided with full instructions on how to access Kali.
  • During the exam, the NEXT button will end the exam, but a warning message will appear.

 

Additional resources to help with your preparation: 

 

Sample questions 

Examples of questions that help candidates to understand what to expect from the examination environment. You’ll find our sample questions here.

 

Top tips 

This document offers some useful tips to help prepare for the exam. 

 

4. Exam content

New areas being covered in the CRT exam are Routing Manipulation and Networks.

 

This practical exam contains infrastructure that would typically be found in a real-world test of a medium to large-size organisation. Candidates will be expected to demonstrate their capabilities and competence in:

  • Assessing network devices such as switches and routers
  • Assessing hosts running Windows operating systems
  • Assessing hosts running Unix and Linux (both commercial and open source) operating systems
  • Assessing locked-down desktop environments.

 

Assessing IP networks

Candidates will need to demonstrate a good understanding of the technologies in use and their implications, as well as simply being able to run tools and scripts.

For further information on the skills being assessed, consult the exam Syllabus.

 

The subsections covered in the infrastructure stage are as follows:

 

Network awareness

Candidates will be required to identify hosts and services on an IP network, to enumerate basic information, and to interact with basic services.

 

Vulnerability assessment

Candidates will be required to find vulnerabilities that might typically be identified by vulnerability scanners and exploit them to extract related information.

 

Simple exploitation

Candidates will be required to exploit systems and services in order to obtain key pieces of data, such as emails, passwords, or data from a database.

 

Desktop lockdown

Candidates will be given access to a restricted desktop environment. They will be required to bypass the restrictions in order to collect specific data.

 

Routing manipulation

Candidates will be required to understand and interact with IP networks in order to access systems and services that would otherwise be inaccessible.

 

Web application assessment details

The application assessment consists of multiple simple web applications. The web applications will be based on common web application technologies hosted on Windows and Unix platforms.

Pages have been designed to provide the candidate with a series of generic vulnerabilities to find, assess and exploit.

 

5. Exam grading

Mark allocation

The exam breakdown consists of 160 marks split between Infrastructure (100 marks) and Applications (60 marks). The detailed breakdown is available on the following table:

ComponentsTotal Marks
Infrastructure
  • Desktop lockdown
  • Networks
  • Routing Manipulation
  • Simple Exploitation
  • Vulnerability Assessment

  • 100
    20
    20
    20
    20
    20
    Web Application
  • Elements of Applications will be assessed in accordance with Appendix G of the syllabus
  • 60
    60

     

    Pass mark

    Candidates must achieve at least 60% in both Infrastructure and Web Application to achieve a pass. Passing one of the sections but failing the other one will result in a failure overall.

     

    Feedback

    Unsuccessful candidates will be informed about their scores in the Infrastructure and Web Application components where they achieved a lower mark than 60%. The scores will not be disclosed for components where they were successful and have achieved 60% or more.

     

    6. Exam booking and logistics

    Exam location

    The new CRT exam is delivered at a wide number of Pearson VUE centres that meet the technical requirements for this examination. Please visit the Pearson VUE website and follow the on-screen instructions to schedule your examination.

     

    Retake policy

    Unsuccessful candidates may retake the CRT exam 8 weeks after the original exam date.

     

    Invigilation 

    A test centre administrator/invigilator will be present throughout the examination to answer any procedural questions that candidates may have and assist in troubleshooting. The invigilator will not provide any support or advice related to the exam content.

     

    If an issue does occur, a case will be filed. Every effort will be made to accommodate the continuation of your exam and all cases will be investigated and resolved within 3-5 business days. Pearson VUE should provide you with a case ID number. Please ensure you retain this information as this may be required at a later date.

     

    Communication of results

    Examination results will be emailed to the candidate within 5 working days of the examination. Digitally signed certificates, where appropriate, will be emailed to candidates

     

    Special accommodations

    Candidates must contact the CREST support team at least 2 weeks before the potential exam date with a formal medical report from a qualified medical practitioner specialising in the particular condition. Candidates should register an account with Pearson VUE but not book an exam date until the accommodation request has been processed. Please check CREST Special Accommodations policy for more information

    Preparing for your exam

    In order to allow candidates to familiarise themselves with the tooling available in the exam environment, a virtual machine is available. The virtual machine will host a version of Kali Linux that can be used to perform all required tasks within the exam. This machine has a large number of tools installed, including licensed versions of Nessus Professional and BurpSuite Professional.  

     

    If you are taking your exam before 3 June 2024, please use this Kali Virtual Machine. If you are taking your exam after 3 June 2024, please use this Kali Virtual Machine.

     

    The CRT Amazon image is the exact copy of the exam machine but Burp Suite and Nessus do not have licenses. These are fully licensed in the exam environment in Pearson VUE.

     

    CRT candidate exam layout exampleImage above shows exam layout.

     

    Additional resources to help with your preparation: 

     

    Sample questions 

    Examples of questions that help candidates to understand what to expect from the examination environment.

     

    Available training 

    There are a number of CREST Training Providers offering CRT training. Lab Based training is also available. Following the launch of our new CRT exam, CREST Training Providers are in the process of updating their course material.

     

    Top tips 

    This document offers some useful tips to help prepare for the exam. 

    Sample questions

    Below are some official sample questions and answers that will help familiarise you with the exam structure and wording as well as some of the key terms and definitions. 

     

    Example Network Awareness  

    • Question (2 Marks)   

    Find the box named jaguar and identify what domain it resides in. Provide the NetBIOS domain name.   

    • Answer  

    The correct answer is “bigcats”.   

     

    Example Vulnerability Assessment  

    • Question (2 Marks)  

    Identify a valid user on the host named monkey that is also in the /home/kali/Desktop/Candidate/wordlist.txt file.  

    • Answer  

    The correct answer is “janet”.   

     

    Example Simple Exploitation  

    • Question (5 Marks)   

    Exploit 10.0.1.27 and provide the trophy value from a file with ‘trophy’ or ‘secret’ in its name.  

    • Answer  

    The correct answer is “trophy-12345”.   

     

    Example Desktop Lockdown  

    • Question (10 Marks)   

    Find the ‘zenicarna’ file and provide the trophy value.   

    • Answer  

    The correct answer is “trophy-54321”.   

     

    Example Routing  

    • Question (10 Marks)   

    Attempt to access the telnet server on 172.20.31.10 via 172.17.89.254 and obtain the value in the service banner.  

    • Answer  

    The correct answer is “trophy-98765”.   

     

    Example Web Application  

    • Question (10 Marks)   

    Zenicarna has deployed a new authentication mechanism to replace the previously unsecured portal. Host: 10.0.1.180 Port: 8080   

    Attempt to gain access and provide the trophy value presented upon successful authentication.   

    • Answer  

    The correct answer is “trophy-11122”.  

     

    Download the sample questions here.

    Booking your exam

    The new CRT exam is available in selected Pearson VUE Test Centres across the globe. You can book your CRT exam now via the Pearson VUE website.

     

    Candidates must hold a valid CREST Practitioner Security Analyst (CPSA) certification to be able to book the CREST Registered Penetration Tester (CRT) exam.

     

    CREST Pearson VUE vouchers

    Pearson VUE exam vouchers are available from CREST for companies and individuals who either have an account with CREST or need an alternative payment method. These vouchers will be sent on receipt of a paid invoice. For more information please contact [email protected]

     

    Special accommodations 

    Candidates must contact the CREST support team at least 2 weeks before the potential exam date with a formal medical report from a qualified medical practitioner specialising in the particular condition. Candidates should register an account with Pearson VUE but not book an exam date until the accommodation request has been processed. For more information please contact [email protected]

     

    How to cancel, postpone or reschedule 

    This is done through your own Pearson VUE registration and exam booking page and must be done at least 24hrs before your exam date. 

    What's changed in the new CRT exam?

    The table below summarises key differences between the two exams:

     

    Hotel-based CRT examNew CRT exam (delivered via Pearson VUE)
    Candidate uses own laptop and tools Virtual Kali box with pre-installed tools
    Open bookClosed book – candidates should investigate the Virtual Kali box in advance and revise key commands for use in the exam

    CREST is working closely with Pearson VUE to potentially enable notes to be pre-uploaded and will provide an update on this matter in Q1 2024
    All multiple choice Single word answers and multiple-choice questions
    Candidates must use a SMB share at the beginning to access papersExam questions are integrated to the exam screen
    PDF fillable answer sheet Exam questions are answered on the same exam screen
    Heavily focused on InfrastructureMore evenly balanced across Infrastructure and Web Applications
    Assessor required to validate exam environmentNon-technical invigilator present
    Smaller skillset tested Larger skillset tested (desktop breakout, network routing, more web application, more exploitation variety)

    The new syllabus has been updated and restructured adding greater depth to the exam.

    The exam duration has been extensively assessed to ensure that the time allocated is appropriate to answer all questions.

    FAQs

    Looking for more info on our CRT exam? Check out our handy CRT FAQs page.

    Ready to book your CRT exam?

    Book now!
    YouTube logo

    Cyber Security Careers Advice

    Check out these handy resources to help you on your cyber security career pathway

    Watch on YouTube