Examination FAQs

As CREST is offering paperless examinations during the Covid-19 pandemic, a sample examination worksheet has been created to allow candidates to test the functionality of the software on their laptops in advance of sitting CREST examinations which are now paperless.

Sample Electronic Candidate Worksheet

Credit cards can be accepted via PayPal for Business. We can also accept payment via BACS. Cheques may be accepted.

Yes, you can change the date of your examination once provided you give us 21 days’ written notice (please see our Terms and Conditions).  If you need to reschedule your examination within the 21 day limit and there are extreme extenuating circumstances, please contact CREST and a decision will be taken on a case by case basis although no guarantees can be made.
NOTE:  a rescheduling request due to changes in work or project commitments within the 21 day limit will not be accepted as extenuating circumstances and the standard 21 day policy will apply.

You can also substitute a candidate free of charge if you do not wish to cancel an examination. You may only offer a substitution once.

Any additional changes to those outlined above will incur another examination fee (based on the examination type).

You will receive confirmation by email with full details on the examination four weeks prior to your examination date.

Links to the technical syllabus, notes for candidates and location details are sent via email at the time of booking and are also available on the CREST Exams section.

Please consult the CREST Examination Terms and Conditions for full details.
Examination Terms and Conditions

If you have a medical condition that justifies or qualifies for additional time for you to take your examination, you will need to provide a letter from your doctor or medical specialist to support your request. CREST follows the British Dyslexia Association recommended provisions and our policy covering additional time can be found on our notes on exam preparation.

The CC SAS examination does not assess the core infrastructure penetration testing skills that are assessed during the CCT Infrastructure examination. These core infrastructure testing skills are deemed essential for any Simulated Attack engagement, and therefore a current CCT Infrastructure qualification is deemed mandatory for any individual wishing to sit or retain the CC SAS exam and qualification.

Candidates should note that expiry of the CCT Inf qualification will result in the CC SAS qualification being suspended until such time as the Inf qualification has been re-certified.

Invoice Correspondence:    CREST is aware that, particularly in larger companies, the accounts department may be based at a different location to the candidate. By supplying an address for billing correspondence, CREST can ensure that information reaches the appropriate destination.

Hard Drive:   CREST is aware that candidates may prefer to have their computer hard drives returned directly to them, particularly if they do not attend their business address regularly. CREST makes every effort to return hard drives to candidates within 14 days of the date of the examination. Please also read the CREST Hard Drive Return policy at Clause 8 of our Terms and Conditions.

The CREST policy is to send all examination correspondence to your business address. However, if there is a valid business reason that your certificate should not be sent to your employer’s address, please provide the alternative address via email.

A number of candidates experience time pressure during CREST examinations, particularly the practical ones, but the time limits are deliberately enforced. The ability to obtain the deliverables required by each question in the time permitted is part of the assessed standard.

The exam timings are designed to allow sufficient time to investigate and derive the required answer, but a candidate who is not familiar with the techniques being examined and needs to repeatedly troubleshoot tool usage or laptop configuration is unlikely to be operating at the level required and consequently will struggle to achieve sufficient marks to pass.

Remember that the CREST practical exams are, as their name states, examinations; they are not primarily designed for training or personal development and, as such, only minimal time is allocated to troubleshooting, diagnostics or debugging tools and techniques. The exams are not simply assessing whether a candidate (given sufficient time) could obtain the answer required; they are assessing whether a candidate is familiar enough with the relevant discipline to be able to perform technical investigations and interventions quickly, accurately and efficiently.  All of the tasks are reasonably achievable providing that the candidate is confident and competent.

•   Read the questions, they actually give the mini breakdown of what’s expected.  For example, for the issues where we expect to see a technical description, you should give a method to reproduce the issue along with some evidence and appropriate (not generic) recommendations for each issue.

• Answer all the questions.  Again this might sound simple but people don’t always do this.  It is impossible to give marks for empty sections/tasks.  For example, where a question asks for two separate high risk vulnerabilities, make sure that there are two distinct vulnerabilities.

• When a section is worth 15 marks and you only give a couple of sentences, that answer isn’t going to get a lot of marks.

• Keep the target audience in mind, especially around the Technical Summary and Executive Summary.  Too often for these sections we see a re-hash of other answers and they will not get any extra marks.  Consider impact and risk and how a non-technical person would read this.

• Remember that this is a client report, so we would expect to see:
– A Table of Contents
– Name of consultant
– Name of client
– Date
– Scope
– Appropriate headings
– Etc

• Spelling and grammar are important;   marks are removed for poor use of language.

• Don’t be too generic with recommendations.


There are a number of common reasons why candidates do not attract high marks on prose questions; these have been summarised below.  If you were unsuccessful on a long form, scenario or prose examination, the reason will very likely be discussed here.

  1. Poor, unclear language or answer structure. Some marks are specifically allocated for clear language. Although allowances are made for the absence of spellchecking software to a degree, it is important that the answers are structured clearly and presented in a professional manner. Incorrect usage of technical terms, poor spelling or unclear phraseology will not attract full marks, and successful candidates ensure that their answers are all of a quality suitable for delivery to a client.
  2. Vague, non-committal and overly verbose language. It is very common for candidates to produce long paragraph answers which, although perhaps accurate, do not demonstrate any actual knowledge. A good example is answering a question related to risk with a sentence to the effect of “all applicable risks and local laws should be managed in line with the client expectations”; this is a true statement but does not demonstrate specific or detailed knowledge and consequently cannot attract high marks.   Another example is an assertion that “the environment should be secure” without further explanation;  this is probably true but does not demonstrate anything beyond basic intuitive reasoning.  Successful candidates will ensure that their answers do not contain unnecessary phrases and are specific and detailed enough to demonstrate their knowledge in this area.
  3. Answers being irrelevant to the question. Some candidates answer a different question to the one being asked; in some cases, those differences are subtle. It is important that the questions are read carefully to avoid misunderstandings.  Another reason is due to a common but flawed technique:  some candidates copy and paste an answer between questions because of the perceived similarity between questions.  This will often result in low marks because the questions will be subtly different in either content or perspective.  If two questions appear to be identical, the successful candidate will read both questions carefully and ensure that their answers are focused on the specific question.
  4. Repetition of answers. In a surprisingly high number of cases, the same point is made multiple times using slightly different terminology but with the same meaning.  This will not attract additional marks.
  5. Attempting to anticipate the mark scheme. The CREST examinations are not looking for perfection; they are looking to measure and assess competence at a given discipline and the mark schemes are devised and moderated by assessors who also deliver at that discipline. Successful candidates answer the questions based on real world knowledge, not by attempting to perfectly align with a perception of the mark scheme. An unrealistic answer will attract far fewer marks than a realistic but imperfect one.
  6. Consider the audience and context of the question.    Some questions will provide an indication of the context of the question: for example, the question may require candidates to author a management summary for the board or may involve a scenario in which specific facts are given.  Generic answers (which are not tailored to the specific circumstances in the scenario) or a management summary which contains overly technical information will not attract high marks, regardless of how technically accurate the information is.  This is because the question is looking to examine the ability to translate information for different audiences or apply general principles to a specific situation. Successful candidates will ensure that their answers are tailored to the given environment, scenario or question.
  7. Colloquialisms.  Answers should be written using professional English in a style commensurate with that of a formal report.  Colloquial statement, emoticons, “text speak” or other casual, informal language that would not be appropriate in a formal report will not attract significant marks.  All prose questions attract marks specifically for the overall quality of the deliverable and these marks can only be obtained by providing a professionally worded, formal answer.  It is impossible to obtain full marks based on technical accuracy alone.


CREST do not disclose marks which are at or above the minimum mark for that section or exam. This is to avoid an unofficial hierarchy being formed. The purpose of the examinations is to measure every candidate against a fixed standard, not candidates against each other.

Unsuccessful candidates are provided with their marks because there is a clear benefit in giving them an overall understanding of areas of weakness.  However, no further feedback will be provided.

CREST do not provide additional feedback on an individual basis beyond the information provided in the results letter. There are a number of reasons for this:

•  Consistency. It is obviously inconsistent for some candidates to be provided with additional details relating to their exam without that same courtesy being extended to all individuals.

•  Resource. The Assessors’ panel do not have the bandwidth to provide individual feedback on every examination whilst ensuring that the results are provided in a timely manner.

•  Exam Integrity. Although CREST’s aims include the promotion of security best practice within the industry, this needs to be balanced with the need to maintain the confidentiality and integrity of the exams. Providing answers or a detailed explanation of the mark scheme for any of the examinations would have an obvious negative effect on the integrity of the exam. Although this may be frustrating, it is also standard practice.

•  Benefit. Feedback on the provided answers without context (or a reminder of the question) will be of limited value. Therefore, the maximum benefit will only be realised if the questions are also disclosed, which would have the effect of revealing the entire mark scheme.

The ultimate purpose of the CREST examinations is to compare the candidate’s ability to a moderated and consistent standard.  The exams are neither intended nor designed to provide training opportunities, although CREST hope that candidates benefit from the process and experience of the examinations.

If a candidate has a genuine belief that marks have not been appropriately awarded or that any element of the examination process has been incorrectly applied to them, the above does not preclude the invocation of the Appeals Process.  However, this process will not reveal the above information; it is in essence a formal review of the examination process as applied to the individual candidate.

This Process is regularly updated and is intended to provide as much detail as possible without affecting the integrity of the examinations.

The content of the examinations depend on a number of criteria; this includes but is not limited to:

  • Representation of the technologies available across the security industry. Some old technologies are still prevalent in use;
  • Requirements from other bodies; some CREST exams entitle candidates to apply for other accreditations (for example CHECK). There are some requirements from these bodies that must be adhered to.

However, the exams are under constant review and the content is being changed and upgraded. Candidates will be
expected to be aware of technologies and operating systems which are in use in the industry, regardless of age.

Unlike some areas of academia, CREST exams are usually vocational; they are not designed to be achievable by a candidate whose sole focus is passing them through isolated study. They are designed to measure an individual’s capability to operate within the industry and identify those who can demonstrate the skills required.

The majority of successful candidates have gained real-world experience, augmented by training courses in certain disciplines, before attempting the examination.

This is quite a subjective question but there are certain pieces of advice that have been generally repeated by CREST
members many times:

  • Know how your tools work. You will not have time during the examination to learn how a tool works or debug it, so ensure that you are familiar with the operation and nuances of tooling that you use.  It is useful to be familiar with multiple methods of performing the same task so that, in the event of an unexpected problem with one tool suite, there is an immediate alternative available.
  • Keep your tools up to date, but do not do your first major update the day before the exam. The exams are designed to ensure currency of knowledge, so new techniques and technologies will likely be included. However, performing a major operating system upgrade the day before your exam may cause problems with dependencies and broken tooling.
  • Do not depend on the internet. Most CREST practical examinations are open book, in that any reference  material (including from the internet) can be used. However, it is faster to have local copies of notes available so that you can quickly refer to them. Having organised notes helps too.
  • Ensure you are familiar with your laptop build. A surprising number of candidates have had issues with  their operating system; regular examples include manually setting IP addresses or correctly configuring the networking between virtual machines and the base operating system. The exams are built on the assumption that all candidates will be confident in administering their own laptop, and any time spent debugging laptop problems will be at the expense of completing the questions or performing tasks during the exam.  Some candidates attempt practical examinations on unfamiliar laptops or platforms which is hugely disadvantageous to them.  This is also unrepresentative of the real world.  Candidates who are employed in the security industry would not usually deliver client work on a platform that they are completely unfamiliar with.
  • Time management. The exams are designed to assess efficiency and experience in addition to technical capability;  spending half an hour on a five-mark question will more than likely result in you running out of time. Unless the exam paper tells you otherwise, aim for roughly one minute per mark and avoid getting fixated on one question at the expense of others.
  • Read the full question.  A number of candidates answer a question which is slightly different to the one being asked. For example, no marks will be awarded if a candidate writes an IP address down when the question asks for a hostname. All practical exams include a period of time for candidates to familiarise themselves with the examination paper; this should be used wisely. Some candidates use a highlighter to draw their attention to the key elements of the more complex questions

Yes. It is recommended that you put music onto your laptop; Do not use a mobile ‘phone or MP3 player as it will be wiped at the end of your examination.

You must bring your own personal headphones/earphones to use.

If your music disturbs other candidates you will be asked to turn it down and/or turn it off completely.

CREST makes every effort to email candidates with their result letters (only) within 14 days of the examination being taken. Hard copies of the certificate, if appropriate, will be sent via first class.

Some examinations, however, require second marking for probity and therefore the results take longer to release. In these circumstances, every effort will be made to advise candidates within 30 working days. CREST will make every effort to reduce this period where possible.

Please note that CREST will not email certificates (where applicable) to candidates under any circumstances.

Please see the following table for the resit criteria for each CREST examination:

a) If a candidate fails an examination that comprises two parts, both parts must be retaken.
b) For examinations marked with an *, if a candidate is unsuccessful on their fourth attempt, they must wait six
months before they can re-attempt the examination at which point they will have a further four attempts
available to them.

I.e.: 4 attempts, all fail = six-month break. Further 4 attempts, all fail = six-month break. And so on.

If there is an unenforced six-month break, candidates will have four attempts before this policy is applied.

Exam Type Re-Sit period Exam Type Re-Sit period Validity
CPSA * Written 7 days CR TIA * Written 7 days  


All CREST qualifications are valid for three (3) years

CRT Practical 8 weeks (2 months) CCTIM Written 8 weeks (2 months)
CCT Inf * Written 7 days CRTSA Written 8 weeks (2 months)
CCT Inf Practical 8 weeks (2 months) CC WS Practical 8 weeks (2 months)
CCT App * Written 7 days CPIA * Written 7 days
CCT App Practical 8 weeks (2 months) CRIA Practical 8 weeks (2 months)
CCSAS * Written 7 days CCNIA Practical 8 weeks (2 months)
CCSAS Practical 8 weeks (2 months) CCHIA Practical 8 weeks (2 months)
CCSAM Written 8 weeks (2 months) CCMRE Practical 8 weeks (2 months)
CPTIA * Written 7 days CCIM Written 8 weeks (2 months)

CREST Chapters:  In order to effectively manage certifications and re-certifications across our Chapters, CREST International may share your contact details and overall pass/fail result (not component scores) with our Chapters in line with our Examination Terms and Conditions.

NCSC:    Because of the agreement that is in place between the NCSC and CREST, if it is appropriate based on the examination you sit, CREST will advise the NCSC of your status.

NOTE: Candidates wishing to apply for UK CHECK Team Member or UK CHECK Team Leader status must contact the NCSC directly as CREST’s involvement in the process is limited to the submission of examination results only. The NCSC can be contacted as follows:
Tel: 01242 709141                   Email: [email protected]

Bank of England:    Because of the agreement that is in place between the Bank of England and CREST around the CBEST scheme, if it is appropriate based on the examination you sit, CREST will advise the Bank of England of your status.

Civil Aviation Authority:    Because of the agreement that is in place between the Civil Aviation Authority and CREST around the ASSURE programme, if it is appropriate based on the examination you sit, CREST will advise the Civil Aviation Authority of your status.

CCP Scheme:    If it is appropriate based on the examination you sit, CREST will advise the IISP of your examination status. If you wish to pursue accreditation to the CCP Scheme and have been successful in your examination, you are recommended to contact the IISP directly (www.iisp.org).

If applicable, candidates will be handed a results sheet by Pearson Vue at the end of their multiple-choice examination. Some of these will show a breakdown by subject area and the percentage achieved by the candidate. The examinations assess a number of different subject areas. Each instance of the examination will generate a different number of questions per subject area. The subject areas are not assessed using an equal number of questions for each area. Because of this, two attempts at the same examination can yield different subject area percentage scores but the same percentage score for the examinations as a whole.

CREST give candidates their score as a percentage per subject area solely to help them understand which subject areas they need to work on the most. We also give candidates their percentage score for the examination as a whole. We do not give candidates their absolute scores in any given subject area nor for the examination as a whole under any circumstances.

Candidates should note that the results of multiple-choice examination components are final.

Candidates are strongly advised to read the Notes for Candidates for their specific examination available on the CREST Website as these contain additional information on the format of the examinations.

A copy of CREST’s Examination Appeals Handling Process is available here:
Certification Appeals Handling Process

Terms and Conditions for taking a CREST Examination are available here:
Terms and Conditions

Please note that to retain your CREST qualification, you will be required to resit the entire examination every three years.