CRT FAQs

The table below summarises key differences between the two exams:

The new syllabus has been updated and restructured adding greater depth to the exam.

The exam duration has been extensively assessed to ensure that the time allocated is appropriate to answer all questions.

The new CREST Registered Penetration Tester (CRT) exam is recognised by the UK National Cyber Security Centre (NCSC) as the minimum standard for CHECK Team Member Status.  

It is an intermediate level exam that tests a candidate’s ability to carry out basic vulnerability assessment and penetration testing tasks. 

The new CRT is the exam available in selected Pearson VUE Test Centres across the globe. 

The new CRT exam is available in selected Pearson VUE Test Centres across the globe. You can book your online exam now via the Pearson VUE website.

Please see the following Pearson VUE link and select the correct region for Pearson VUE’s customer support.

In order to allow candidates to familiarise themselves with the tooling available in the exam environment, a virtual machine is available here. The virtual machine will host a version of Kali Linux that can be used to perform all required tasks within the exam. This machine has a large number of tools installed. Please note: both Nessus Professional and BurpSuite Professional are NOT licensed on the public AWS AMI. They ARE licensed in the exam.

Additional resources to help with your preparation include: 

 
Sample questions  

Examples of questions that help candidates to understand what to expect from the examination environment.  

Available training 

There are a number of CREST Training Providers offering CRT training. Lab Based training is also available.

Top tips 

This document offers some useful tips to help prepare for the exam. 

All current CRT certifications will be valid until their expiry date. 

The CRT exam has been approved by the National Cyber Security Centre (NCSC) for CHECK Team Member (UK Only). 

CHECK is a UK Government programme under the NCSC which approves cyber security service providers to carry out authorised penetration tests of public sector and critical national infrastructure (CNI) systems and networks. 

The new CRT is a practical assessment where the candidate will be expected to find known vulnerabilities across common network, application, infrastructure and database. CRT validates a practitioner’s ability to conduct vulnerability scans using commonly available tools and to interpret the results. 

The CRT is a closed book exam. Therefore, no books, written notes, internet access or other electronic devices will be allowed.

Although this might not be ideal for some candidates, CREST has set up a link where candidates can access the Kali Virtual Machine and familiarise themselves with the tools that will be available during the exam. We also recommend candidates to read the Exam Top Tips which provides guided suggestions on areas to focus when preparing for the CRT exam. 

We have been investigating functionality to pre-upload notes to use in the new CRT exam. The investigation phase has now been completed and we are now working on the development of the notes/files functionality which will be incorporated to the CRT exam in the future. The next update on this matter will be provided in May and will include details on the timeframes.

The image below reproduces the exam environment: 

Screenshot of exam layout in Pearson VUE 

Previously the options were all multiple-choice answers however, the new exam will feature short form, trophy answers and some multiple choice. Click here to view the new CRT syllabus.

The hotel-based CRT will run until 30th November 2023 and candidates intending to book or who have already booked should refer to this syllabus. 

Candidates who are planning to take the new CRT exam, available from 14 November 2023, should refer to this syllabus.

The syllabi are different, and candidates must ensure they are using the correct version to prepare for their exam. 

Yes. It remains valid for 3 years from the date you sat the exam. 

CREST Training Partners are in the process of updating their course material and will be added to the training webpage when ready. Lab based training is also available.

Then new CRT exam is available in selected Pearson VUE Test Centres across the globe. Book online your exam now via the Pearson VUE website. 

The exam duration is 2.5 hours and candidates will be given an additional 15 minutes for reading time. 

The exam remains a practical assessment consisting of multiple choice, short form and trophy answers. 

The exam will be auto-marked and the results sent within 5 working days. 

You will be required to sign both when booking the CRT exam at Pearson VUE. 

Yes, you must have a valid CPSA certification to sit the CRT. 

The CRSA certification was part of a pilot program and has been renamed as the new CRT exam.

Candidates must contact the CREST support team at least 2 weeks before the potential exam date with a formal medical report from a qualified medical practitioner specialising in the particular condition. Candidates should register an account with Pearson VUE but not book an exam date until the accommodation request has been processed. For more information please contact [email protected].

• The CRT is a closed book exam. Therefore, no books, written notes, internet access or other electronic devices will be allowed.  We are currently investigating functionality to pre-upload notes to use in the new CRT exam. We are working to provide an update on this matter in Q1 2024. 
• Electronic items such as mobile phones, smart watches, ear buds etc will not be permitted to be taken into the exam. You will be required to surrender all electronic items and potentially other personal items. Lockers will be provided. 
• However, in order to allow candidates to familiarize themselves with the tooling available in the exam environment, a virtual machine is available here. The virtual machine will host a version of Kali Linux that can be used to perform all required tasks within the exam. This machine has a large number of tools installed, including licensed versions of Nessus Professional and BurpSuite Professional. 
• Pearson VUE Comfort Aid List  

Yes. You can only book the CREST CRT exam through a Pearson VUE account. Please follow the link to set up an account if you have not already done so: Pearson VUE.

• If you do run out of time, or forget to save, then your exam will be auto submitted. 
• You will be provided with a 5-minute warning notification .

You need to bring two forms of government issued IDs one of which must have a picture. Most candidates bring their passport and the driver’s licence. No photocopies will be accepted. Please see the following link for more detailed information: English (pearsonvue.com) 

Pearson VUE provides relevant information for candidates via their resource hub: helpful resources for test-takers

• You will need to arrive at least 15 minutes before your exam starts to allow time to complete the sign in process.
• Don’t forget to bring your two forms of government issued IDs. 
• Access to the Kali virtual machine desktop will be provided via the Peason VUE secure browser. 
• You need to use this Kali virtual machines to perform the required testing. All required tooling is pre-installed into this virtual machine.
• The virtual machine has no access to the internet; therefore, you won’t be able to update, download any tools, download notes, search blogs etc. 
• It might take 30-60 seconds to load the virtual machine into the Peason VUE secure browser and this is perfectly normal. 
• You won’t be able to copy and paste between the Kali virtual machine and the examination answer window. 

You can view our dedicated page that explains the process: 

Moving from the hotel-based to the new Pearson Vue based CRT exam