Examination FAQs

Credit cards can be accepted via PayPal for Business. We can also accept payment via BACS. Cheques may be accepted.

Yes, you can change the date of your examination once provided you give us 21 days’ written notice (please see our Terms and Conditions).

You can also substitute a candidate free of charge if you do not wish to cancel an examination. You may only offer a substitution once.

Any additional changes to those outlined above will incur another examination fee (based on the examination type).

You will receive confirmation by email with full details on the examination four weeks prior to your examination date.

Links to the technical syllabus, notes for candidates and location details are sent via email at the time of booking and are also available on the CREST Exams section.

If you have a medical condition that justifies or qualifies for additional time for you to take your examination, you will need to provide a letter from your doctor or medical specialist to support your request. CREST follows the British Dyslexia Association recommended provisions and our policy covering additional time can be found on our notes on exam preparation.

The CC SAS examination does not assess the core infrastructure penetration testing skills that are assessed during the CCT Infrastructure examination. These core infrastructure testing skills are deemed essential for any Simulated Attack engagement, and therefore a current CCT Infrastructure qualification is deemed mandatory for any individual wishing to sit or retain the CC SAS exam and qualification.

Candidates should note that expiry of the CCT Inf qualification will result in the CC SAS qualification being suspended until such time as the Inf qualification has been re-certified.

Invoice Correspondence:    CREST is aware that, particularly in larger companies, the accounts department may be based at a different location to the candidate. By supplying an address for billing correspondence, CREST can ensure that information reaches the appropriate destination.

Hard Drive:   CREST is aware that candidates may prefer to have their computer hard drives returned directly to them, particularly if they do not attend their business address regularly. CREST makes every effort to return hard drives to candidates within 14 days of the date of the examination. Please also read the CREST Hard Drive Return policy at Clause 8 of our Terms and Conditions.

The CREST policy is to send all examination correspondence to your business address. However, if there is a valid business reason that your certificate should not be sent to your employer’s address, please provide the alternative address via email.

A number of candidates experience time pressure during CREST examinations, particularly the practical ones, but the time limits are deliberately enforced. The ability to obtain the deliverables required by each question in the time permitted is part of the assessed standard.

The exam timings are designed to allow sufficient time to investigate and derive the required answer, but a candidate who is not familiar with the techniques being examined and needs to troubleshoot tool usage or laptop configuration is unlikely to be operating at the CREST Certified level and consequently will struggle to achieve sufficient marks to pass.

Remember that the CREST exams are, as their name states, examinations; they are not designed for training or personal development and, as such, only minimal time is allocated to troubleshooting, diagnostics or debugging tools and techniques. The exams are not simply assessing whether a candidate (given sufficient time) could obtain the answer required; they are assessing whether a candidate is familiar enough with the relevant discipline to be able to perform technical investigations and interventions quickly, accurately and efficiently.  All of the tasks are reasonably achievable providing that the candidate is confident and competent.

There are a number of common reasons why candidates do not attract high marks on prose questions; these have been summarised below.

  1. Poor, unclear language or answer structure. Some marks are specifically allocated for clear language. Although allowances are made for the absence of spellchecking software to a degree, it is important that the answers are structured clearly and presented in a professional manner. Incorrect usage of technical terms, poor spelling or unclear phraseology will not attract full marks, and successful candidates ensure that their answers are all of a quality suitable for delivery to a client.
  2. Vague, non-committal and overly verbose language. It is very common for candidates to produce long paragraph answers which, although perhaps accurate, do not demonstrate any actual knowledge. A good example is answering a question related to risk with a sentence to the effect of “all applicable risks and local laws should be managed in line with the client expectations”; this is a true statement but does not demonstrate specific or detailed knowledge and consequently cannot attract high marks. Successful candidates will ensure that their answers do not contain unnecessary phrases and are specific enough to demonstrate their knowledge in this area.
  3. Answers being irrelevant to the question. Some candidates answer a different question to the one being asked; in some cases, those differences are subtle. It is important that the questions are read carefully to ensure that every answer.
  4. Repetition of answers. In a surprisingly high number of cases, the same point is made multiple times using slightly different terminology. This will not attract additional marks.
  5. Attempting to anticipate the mark scheme. The CREST examinations are not looking for perfection; they are looking to measure and assess competence at a given discipline and the mark schemes are devised and moderated by assessors who also deliver at that discipline. Successful candidates answer the questions based on real world knowledge, not by attempting to perfectly align with a perception of the mark scheme. An unrealistic answer will attract far fewer marks than a realistic but imperfect one.
  6. Consider the audience and context of the question.    Some questions will provide a level of background of context: for example, the question may require candidates to author a management summary for the board or may involve a scenario in which specific facts are given.  Generic answers (which are not tailored to the specific circumstances in the scenario) or a management summary which contains overly technical information will not attract high marks, regardless of how technically accurate the information is.  This is because the question is looking to examine the ability to translate information for different audiences or apply general principles to a specific situation. Successful candidates will ensure that their answers are tailored to the given environment, scenario or question; generic answers will not receive high marks.

 

CREST do not give out marks which are at or above the minimum mark for that section or exam. This is to avoid an unofficial hierarchy being formed. The purpose of the examinations is to measure every candidate against a fixed standard, not candidates against each other.

Unsuccessful candidates are provided with their marks because there is a clear benefit in giving them an understanding of areas of weakness.

The content of the examinations depend on a number of criteria; this includes but is not limited to:

  • Representation of the technologies available across the security industry. Some old technologies are still prevalent in use;
  • Requirements from other bodies; some CREST exams entitle candidates to apply for other accreditations (for example CHECK). There are some requirements from these bodies that must be adhered to.

However, the exams are under constant review and the content is being changed and upgraded. Candidates will be
expected to be aware of technologies and operating systems which are in use in the industry, regardless of age.

This is quite a subjective question but there are certain pieces of advice that have been generally repeated by CREST
members many times:

  • Know how your tools work. You will not have time during the examination to learn how a tool works or debug it, so ensure that you are familiar with the operation and nuances of tooling that you use.
  • Keep your tools up to date, but do not do your first major update the day before the exam. The exams are designed to ensure currency of knowledge, so new techniques and technologies will likely be included. However, performing a major operating system upgrade the day before your exam may cause problems with dependencies and broken tooling.
  • Do not depend on the internet. Most CREST practical examinations are open book, in that any reference  material (including from the internet) can be used. However, it is faster to have local copies of notes available so that you can quickly refer to them. Having organised notes helps too.
  • Ensure you are familiar with your laptop build. A surprising number of candidates have had issues with  their operating system; regular examples include manually setting IP addresses or correctly configuring the networking between virtual machines and the base operating system. The exams are built on the assumption that all candidates will be confident in administering their own laptop, and any time spent debugging laptop problems will be at the expense of completing the questions or performing tasks during the exam.
  • Time management. The exams are designed to assess efficiency in addition to technical capability;  spending half an hour on a five-mark question will more than likely result in you running out of time. Unless the exam paper tells you otherwise, aim for roughly one minute per mark and avoid getting fixated on one question at the expense of others.

Yes. It is recommended that you put music onto your laptop; Do not use a mobile ‘phone or MP3 player as it will be wiped at the end of your examination.

You must bring your own personal headphones/earphones to use.

If your music disturbs other candidates you will be asked to turn it down and/or turn it off completely.

CREST makes every effort to email candidates with their result letters (only) within 14 days of the examination being taken. Hard copies of the result letter and, if appropriate, the certificate will be sent via first class.

Some examinations, however, require second marking for probity and therefore the results take longer to release. In these circumstances, every effort will be made to advise candidates within 30 working days. CREST will make every effort to reduce this period where possible.

Please note that CREST will not email certificates (where applicable) to candidates under any circumstances.

Please see the following table for the resit criteria for each CREST examination:

Note:
a) If a candidate fails an examination that comprises two parts, both parts must be retaken.
b) For examinations marked with an *, if a candidate is unsuccessful on their fourth attempt, they must wait six
months before they can re-attempt the examination at which point they will have a further four attempts
available to them.

I.e.: 4 attempts, all fail = six-month break. Further 4 attempts, all fail = six-month break. And so on.

If there is an unenforced six-month break, candidates will have four attempts before this policy is applied.

Exam

Type

Re-Sit period

 

Exam

Type

Re-Sit period

Validity
Period

CPSA *

Written

7 days

 

CR TIA *

Written

7 days

 

 

All CREST qualifications are valid for three (3) years

CRT

Practical

8 weeks (2 months)

 

CCTIM

Written

8 weeks (2 months)

CCT Inf *

Written

7 days

 

CRTSA

Written

8 weeks (2 months)

CCT Inf

Practical

8 weeks (2 months)

 

CC WS

Practical

8 weeks (2 months)

CCT App *

Written

7 days

 

CPIA *

Written

7 days

CCT App

Practical

8 weeks (2 months)

 

CRIA

Practical

8 weeks (2 months)

CCSAS *

Written

7 days

 

CCNIA

Practical

8 weeks (2 months)

CCSAS

Practical

8 weeks (2 months)

 

CCHIA

Practical

8 weeks (2 months)

CCSAM

Written

8 weeks (2 months)

 

CCMRE

Practical

8 weeks (2 months)

 

 

 

 

CCIM

Written

8 weeks (2 months)

NCSC:    Because of the agreement that is in place between the NCSC and CREST, if it is appropriate based on the examination you sit, CREST will advise the NCSC of your status.

NOTE: Candidates wishing to apply for UK CHECK Team Member or UK CHECK Team Leader status must contact the NCSC directly as CREST’s involvement in the process is limited to the submission of examination results only. The NCSC can be contacted as follows:

Tel: 01242 709141                   Email: [email protected]

Bank of England:    Because of the agreement that is in place between the Bank of England and CREST around the CBEST scheme, if it is appropriate based on the examination you sit, CREST will advise the Bank of England of your status

CCP Scheme:    If it is appropriate based on the examination you sit, CREST will advise the IISP of your examination status. If you wish to pursue accreditation to the CCP Scheme and have been successful in your examination, you are recommended to contact the IISP directly (www.iisp.org).

If applicable, candidates will be handed a results sheet by Pearson Vue at the end of their multiple-choice examination. Some of these will show a breakdown by subject area and the percentage achieved by the candidate. The examinations assess a number of different subject areas. Each instance of the examination will generate a different number of questions per subject area. The subject areas are not assessed using an equal number of questions for each area. Because of this, two attempts at the same examination can yield different subject area percentage scores but the same percentage score for the examinations as a whole.

CREST give candidates their score as a percentage per subject area solely to help them understand which subject areas they need to work on the most. We also give candidates their percentage score for the examination as a whole. We do not give candidates their absolute scores in any given subject area nor for the examination as a whole under any circumstances.

Candidates should note that the results of multiple-choice examination components are final.

Candidates are strongly advised to read the Notes for Candidates for their specific examination available on the CREST Website as these contain additional information on the format of the examinations.