Login to profile

CCT APP FAQs

General questions

What are the key differences from the previous and new version of the CCT APP exam?

The table below summarises key differences between the two exams:

 

CCT exam (pre 2024) New CCT exam (2024)
Full exam completed in two sittings and over two different days Full exam completed in two sittings which can be booked for the same day
Practical exam delivered in hotels at limited locationsWritten and practical exams delivered at selected Pearson VUE test centres globally
The written exam is a multiple-choice test. Total duration is 3 hoursThe written exam includes a multiple-choice test (60 minutes) and a written scenario (120 minutes). The total duration is 3 hours

The scenario tests report-writing skills and candidates are given an additional 15 minutes of reading time before the scenario component starts
The practical exam includes a scenario (150 minutes) and a practical (210 minutes hours) test that tests candidates’ hands-on penetration testing. Total duration is 6 hours

Candidates are given an additional 15 minutes reading time in each component

Candidates are allowed to use their own laptop and tools in the practical exam
The practical exam (180 minute) tests candidates’ hands-on penetration testing. The total duration is 3 hours

Candidates are given an additional 20 minutes of reading time before the practical exam starts

The practical exam includes a Virtual Kali box with pre-installed tools
Written exam – closed book

Practical exam – open book
Written exam remains closed book

Practical exam – candidates are able to pre-upload files ahead of their practical exam using CRESTDrive. These files will be accessible on the day of the exam. Find out more about CRESTDrive here.

Candidates should get familiar with the Virtual Kali box in advance and revise key commands for use in the exam
Candidates must use a SMB share at the beginning to access papersExam questions are integrated to the exam screen 
Assessor required to validate exam environment Non-technical invigilator present 
Smaller skillset tested  Wider skillset tested

 

The syllabus has been updated and restructured adding greater depth to the exam. 

The exam duration has been extensively assessed to ensure that the time allocated is appropriate to answer all questions.  

What is the CCT APP exam?

The CREST Certified Tester – Application (CCT APP)  is an advanced level exam that assesses the candidate’s ability to find known vulnerabilities across common networks, applications, infrastructure and databases as well as containerisation, cloud and macOS. The CCT APP examination also covers a common set of core skills and knowledge. 

 

The CCT APP has two distinct parts: 

– A written exam of two components: a multiple-choice test and a written scenario 

– A practical exam 

 

The successful completion of this examination will confer CREST Certified Tester – Application status to the individual. 

 

Visit our CCT APP page for more information.

How can I book the CCT APP exam?

The new CCT APP exam is exclusively available at over 1,000 Pearson VUE Test Centres across the globe. You can book your online exam now via the Pearson VUE website. 

How can I claim my promo code?

You can claim your promo code, available for a limited time, on this page.

Is there an expiry date for the promo code?

Promo code expires on the 30 October 2024. Please make sure you have booked your exam by then. You must sit your exam by 30 December 2024

I need to cancel my exam last minute due to extenuating circumstances.

Please see the following Pearson VUE link and select the correct region for Pearson VUE’s customer support.

How can I prepare for my CCT exam?

Candidates can access a candidate virtual machine ahead of the exam to familiarise themselves with the tooling available in the practical exam environment. The virtual machine host a version of Kali Linux that can be used to perform all required tasks within the exam. 

A version of Windows Server 2022 will be introduced in August 2024 to support candidates with a preference for this machine. 

You can also find some helpful resources in the ‘Exam Preparation’ section on our CCT APP page. This includes sample questions and scenarios as well as more information about the exam structure. 

Will my current CCT still be valid?

All current CCT certifications will be valid until their expiry date. 

What is the CHECK status of the CCT exams?

The CCT exams have been approved by the National Cyber Security Centre (NCSC) for CHECK Team Leader (UK only).  

CHECK is a UK Government programme under the NCSC which approves cyber security service providers to carry out authorised penetration tests of public sector and critical national infrastructure (CNI) systems and networks. 

What does the CCT APP exam assess?

Candidates will be expected to find known vulnerabilities across common networks, applications, infrastructure and databases as well as new syllabus areas which include Containerisation, Cloud and macOS. CCT APP validates a practitioner’s ability to conduct vulnerability scans using commonly available tools and to interpret the results.  

The CCT APP syllabus provides detailed information on the exam topic areas.

Successful CCT APP candidates will be able to demonstrate that they are qualified for Pen Test roles (indicative of 5-6+ years of experience). 

Is the CCT exam open or closed book?

Written exam

The written exam is closed book. Therefore, no books, written notes, internet access or other electronic devices will be allowed. This applies to both components of the written exam: the multiple choice test and the written scenario. 

Practical exam

Candidates are able to pre-upload files ahead of their practical exam via CRESTDrive. These files will be accessible on the day of the exam. No internet access will be available during the exam meaning that candidates can only access what has been uploaded to CRESTDrive. 

We encourage candidates to familiarise themselves with the exam preparation resources available on CREST website such as the exam syllabus, notes for candidates, candidate machine, top tips among others. 

Is there an expiry date for my CCT certification?

Yes. It remains valid for 3 years from the date you sat the exam. 

Will there be any training providers aligned to the CCT-level certifications?

CREST is constantly working to grow our Training Providers programme which has been relaunched in 2024. To find the latest list of providers and filter them by exam and region please visit our dedicated page.

Where can I take the new CCT APP exam?

The new CCT APP exam is exclusively available at over 1,000 Pearson VUE Test Centres across the globe. Book your exam online now via the Pearson VUE website.    

I have concerns about a training resource I’ve found online.

The quality and credibility of CREST exams depends on maintaining their integrity and security. We use various methods and tools to regularly scan the web for sites that claim to offer our exam materials and as a member of the CREST community, you play a vital role in helping us protect our exam content, their value, and in turn, your certifications.

If you have any doubts about the legitimacy of a resource, or have any information about fraudulent behaviour or misconduct, please report in confidence using our exam security reporting form. Alternatively, you can email us at [email protected].

Exam structure

How long is the exam?

Written exam

The written exam duration is 3 hours in total, split as follows: 

– Multiple-choice test (1 hour) 

– Written scenario (2 hours)  

Candidates will be given an additional 15 minutes for reading time prior to the start of written scenario component.  

Candidates must start with the multiple-choice test followed by the written scenario component. The questions can be answered in any order within each component. 

Practical exam

The practical exam duration is 3 hours and candidates will be given an additional 20 minutes for reading time prior to the start of the exam. 

What is the format of the CCT APP exam?

The new CCT APP exam is made of two parts as follows: 

– A written exam which is made of two components: a multiple-choice test and a written scenario 

– A practical exam  

The multiple choice component tests a candidates’ knowledge of the subject and the scenario assesses a candidates’ ability to assess risk and report  writing skills 

Candidates will be expected to find known vulnerabilities across common networks, applications, infrastructure and databases as well as containerisation, cloud and macOS. The CCT APP examination also covers a common set of core skills and knowledge. Candidates will not be able to use their own laptops and therefore will not able to access their own tooling. A version of Kali Linux will be available within the practical exam environment to address the practical assessment. 

Previously, candidates had to take and pass the written exam before being able to take the practical exam. In the new exam, candidates may take the exams in any order. 

When will I get results?

Written exam 

Candidates will receive their multiple choice test results at the end of the exam with a breakdown on the areas and on how they have performed. 

The results for the written scenario component and overall result of their written exam will be provided within 20 days from when the exam has been taken. 

Practical exam 

Candidates will receive an email from Pearson VUE once exam results are available in their Pearson VUE account. Results will usually be available within 24 hours but might take up to 48 hours in some cases due to additional verification checks. Candidates will receive their score in each section. 

If you have not received your results after 48 hours and/or if you have any queries, please contact us via [email protected].

Do I need to sit and pass the CCT APP written exam before I can sit the practical exam?

No. In the new CCT APP exam, candidates can book their written and practical exams in whichever order they prefer. 

Special Accommodations

Candidates must contact the CREST support team at least 2 weeks before the potential exam date with a formal medical report from a qualified medical practitioner in the particular condition. Candidates should register an account with Pearson VUE but not book an exam date until the accommodation request has been processed. For more information, please contact [email protected]

How will I sign the CREST Code of Conduct and NDA?

You will be required to sign both when booking the CCT APP exam at Pearson VUE. 

Pearson VUE test centres and exam day

What am I allowed to take into the Pearson VUE Test Centre?

Electronic items such as mobile phones, smart watches, ear buds etc will not be permitted to be taken into the exam. You will be required to surrender all electronic items and potentially other personal items. Lockers will be provided. Pearson VUE Comfort Aid List 

For more information about exam notes please review our ‘Notes for Candidates’ section on the CCT APP page.

I already have a Pearson VUE login, can I use that to book?

Yes. You can only book the CREST CCT APP exam through a Pearson VUE account. Please follow the link to set up an account if you have not already done so: Pearson VUE.

What if I run out of time in the exam?

If you do run out of time, or forget to save, then your exam will be auto submitted. 

You will be provided with a 5-minute warning notification.

What Identification Document (ID) do I need?

You need to bring two forms of government issued IDs one of which must have a picture. Most candidates bring their passport and the driver’s licence. No photocopies will be accepted. Please see the following link for more detailed information: English (pearsonvue.com) 

Are there any tips for the exam day?

Pearson VUE provides relevant information for candidates via their resource hub: helpful resources for test-takers

What can I expect on the day?

You will need to arrive at least 15 minutes before your exam starts to allow time to complete the sign in process. 

Don’t forget to bring your two forms of government issued IDs.  

Access to the Kali virtual machine desktop will be provided via the Pearson VUE secure browser.  

You need to use the provided virtual machines to perform the required testing. All required tooling is pre-installed into the virtual machines. 

The virtual machines have no access to the internet; therefore, you won’t be able to update, download any tools or notes outside those stored in CRESTDrive, search blogs etc.  

It might take a few moments to load the virtual machines into the Peason VUE secure browser and this is perfectly normal. Your exam time during this period will be paused until the virtual machines are fully loaded. 

You won’t be able to copy and paste between the candidate virtual machine and the examination answer window. 

Hotel-based CCT APP exam

What happens if I want to take or re-take the previous CCT APP?

The hotel-based CCT practical exams have had their last cohort taking place in July 2024. Unsuccessful candidates can retake their exams in Pearson VUE and candidates with a valid written exam are exempt from the multiple-choice component when taking the written exam. 

 

 

CRESTDrive

During the exam we will have the ability to upload files and/or access the Internet?

CRESTDrive allows candidates to upload files ahead of the exam to then access these files when taking their exam. No internet access will be available during the exam meaning that candidates can only access what has been uploaded to CRESTDrive. We encourage candidates to familiarise themselves with the exam preparation resources available on CREST website such as exam syllabus, notes for candidates, candidate machine, among others.  

Will CRESTDrive enable candidates to bring custom scripts / tools into the practical CCT-level exams?

This is possible, but as these tools and scripts cannot be tested, CREST has no way to ensure that they will work. Candidates can upload files up to a combined 100MB in size. Candidates utilising CRESTDrive are also subject to its terms and conditions. 

Please find all detailed information including guidelines on how to use it, retention periods and other relevant information on the dedicated CRESTDrive page.

How are the notes uploaded to the CRESTDrive secured, and are they deleted after the exam?

After the exam, files uploaded will be archived and candidates will no longer have access to them. Exam candidates’ files will be archived for three months and then securely deleted. More details available on the dedicated CRESTDrive page.