CREST Practitioner Security Analyst (CPSA)

Syllabus

CPSA is an entry level exam that tests a candidate’s knowledge in assessing operating systems and common network services and includes an intermediate level of web app security testing and methods to identify common web app security vulnerabilities.

CPSA validates a practitioner’s knowledge of Pen Testing Principles beyond terminology. Successful CPSA candidates will be able to demonstrate that they are qualified for hands on Pen Test Roles (indicative of 2 years experience) with respect to:

– Soft Skills and Assessment Management

– Core Technical Skills

– Background Information Gathering and Open Source

– Networking Equipment

– Microsoft Windows Security Assessment

– Unix Security Assessment

– Web Testing Methodologies

– Web Testing Techniques

– Databases

Exam Certification Objectives & Outcome Statements

Soft Skills and Assessment Management

The candidate will understand the PT engagement lifecycle, Applicable Legislation, Scoping Requirements, risks of a PT and Record Keeping.

Core Technical Skills

The candidate will demonstrate an understanding of IP Protocols, Network Architectures, Network Mapping and Target Identification, the interpretation of Tooling Outputs, Filtering Avoidance Techniques, OS and Application Fingerprinting, Network Access Control Analysis, Files System Permissions and Audit Techniques.

Cryptography

The candidate will have a basic understanding of the concepts of Cryptography and its applications, including Encryption Algorithms, Hashes and Integrity Codes.

Background Information Gathering and Open Source

The candidate will demonstrate an understanding of Registry Records, DNS, Website Analysis, Search Engines and Enumeration, the exploitation of Newsgroups, how to secure Containers and understand security features provided in MacOS.

Networking Equipment

The candidate will have a basic understanding of Network Management Protocols, Traffic Analysis, Networking Protocols, IPSec, VoiP, Enumeration of Wireless Devices and Encryption Methods, and Configuration Analysis.

Microsoft Windows Security Assessment

The candidate will have a high-level understanding of Domain Reconnaissance, User Enumeration of Target Systems, Active Directory, Windows Passwords and Cracking, Windows Vulnerabilities, Patch Management Strategies, Desktop Lockdown, MS Exchange and common Windows Applications.

Unix Security Assessment

The candidate will understand User Enumeration of Usernames, Unix Vulnerabilities, FTP, SMTP, NFS, R* Services, X11, RPC Services and SSH.

Web Technologies

The candidate will understand Web Server Operations and their flaws, Web Enterprise Architectures, Web Protocols, Web Mark-up and Programming Languages, and Web App Servers, APIs and sub-components.

Web Testing Methodologies

The candidate will demonstrate a basic understanding of Web App Reconnaissance, Threat Modelling and Attack Vectors, information gathering from Web Mark-Up, Authentication and Authorisation, Input Validation for Defensive Coding, information disclosure in Error Messages, XSS and Injection Attacks, Session Handling and Source Code Review.

Web Testing Techniques

The candidate will demonstrate how to architect a network to be monitored and controlled to resist intrusion.

Databases

The candidate will have a high-level understanding of the features of Group Policy and working with INF Security Templates.

A full version of the CPSA syllabus is available here.

Notes for candidates

CREST Practitioner Security Analyst (CPSA) – Notes for Candidates

The Notes for Candidates gathers essential information about the CPSA exam and intends to support CREST candidates on their preparation, increasing their chances of success.

1. Exam overview

The CPSA exam tests candidates’ knowledge in assessing operating systems and common network services at a basic level below that of the main CRT and CCT qualifications. The CPSA exam also tests knowledge of web application security testing and methods to identify common web application security vulnerabilities.

2. Exam structure

The exam covers a common set of core skills and knowledge. The candidate must demonstrate that they have the knowledge to perform basic infrastructure and web application vulnerability scans using commonly available tools and interpret the results to locate security vulnerabilities. The examination has one component: a multiple-choice written question section.

Exam duration

The written component of the CPSA Examination will comprise one hundred and twenty (120) multiple choice questions, all of which the candidate must complete. Details of the areas covered can be found in the syllabus document. Your examination will last 2 hours. Note that your permitted maximum session time at Pearson VUE is 2.5 hours in total.

Pre-requisites

The CPSA has no pre-requisite but a valid CPSA certification is the pre-requisite for the CRT.

Exam notes

The CPSA is a closed book exam. Therefore, no books, written notes, internet access or other electronic devices will be allowed.

3. Exam preparation and practice

In order to aid in the preparation for your exam, we have compiled a list of recommended reading materials, found below:

Network Security Assessment (by O’Reilly, 3rd edition)
Hacking Exposed Linux
Red Team Field Manual (RTFM) (by Ben Clarke)
Nmap Network Scanning: The Official Nmap Project (by Gordon Lyon)
Grey Hat Hacking (by Allen Harper, Shon Harris & Jonathan Ness)

We have also partnered with numerous Training Providers to supplement your knowledge on the topic areas detailed in the syllabus. CREST Training Providers are in the process of updating their course material. These training courses can be found below:

Sample questions

Examples of questions that help candidates to understand what to expect from the examination environment. You’ll find our sample questions here.

4. Exam content

Successful CPSA candidates will be able to demonstrate that they are qualified for hands on Pen Test Roles (indicative of 2 years experience) with respect to:

– Soft Skills and Assessment Management

– Core Technical Skills

– Background Information Gathering and Open Source

– Networking Equipment

– Microsoft Windows Security Assessment

– Unix Security Assessment

– Web Testing Methodologies

– Web Testing Techniques

– Databases

For further information on the skills being assessed, consult the CPSA exam syllabus.

5. Exam grading

Each multiple-choice answer is worth one (1) mark. No points are deducted for incorrect answers. The marking scheme is given in the table below:

Component	Total Marks
Total marks written (multiple choice)	120

Pass mark

Successful candidates must score 60% of the available marks. That is:

– at least 72 marks from the written component (possible total: 120 marks).

Feedback

Unsuccessful candidates will be shown their final scores where they haven’t reached the required standard. The score will not be disclosed where candidates have achieved 60% or more.

6. Exam booking and logistics

Exam location

The CPSA exam is delivered at a Pearson VUE centre of your choice. Please visit the Pearson VUE website and follow the on-screen instructions to register and schedule your chosen examination.

Retake policy

Unsuccessful candidates may retake the CPSA exam 7 days after the original exam date.

Invigilation

A test centre administrator/invigilator will be present throughout the examination to answer any procedural questions that candidates may have and assist in troubleshooting. The invigilator will not provide any support or advice related to the exam content.

If an issue does occur, a case will be filed. Every effort will be made to accommodate the continuation of your exam and all cases will be investigated and resolved within 3-5 business days. Pearson VUE should provide you with a case ID number. Please ensure you retain this information as this may be required at a later date.

Communication of results

Examination results from the automated process are provided by Pearson VUE to the candidate at the end of the exam session and electronically sent from CREST within 5 working days. Digitally signed certificates, where appropriate, will be emailed to candidates.

Special accommodations

Candidates must contact the CREST Support team at least 2 weeks before the potential exam date with a formal medical report from a qualified medical practitioner specialising in the particular condition. Candidates should register an account with Pearson VUE but not book an exam until the accommodation request has been processed. For more information, please contact [email protected].

Preparing for your exam

The CREST Practitioner Security Analyst exam is a 120-mark, 2 hour long exam that can be taken globally in Pearson VUE centres. The exam is made up of multiple sections, which can be viewed above in our ‘Syllabus’ section.

We recommend that candidates also read and understand both the Notes for Candidates and CPSA FAQs sections, as these both provide useful information for your exam.

In order to aid in the preparation for your exam, we have compiled a list of recommended reading materials, found below:

Network Security Assessment (by O’Reilly, 3rd edition)
Hacking Exposed Linux
Red Team Field Manual (RTFM) (by Ben Clarke)
Nmap Network Scanning: The Official Nmap Project (by Gordon Lyon)
Guide to Network Discovery and Security Scanning
Grey Hat Hacking (by Allen Harper, Shon Harris & Jonathan Ness)

We have also partnered with numerous Training Providers to supplement your knowledge of the topic areas detailed in the syllabus. CREST Training Providers are in the process of updating their course material. These training courses can be found below:

Finally, we have compiled a list of sample questions that are designed to be similar to those you will see in the exam itself. Please take the time to go through these questions, found in the ‘Sample Questions’ section below.

Sample questions

Below are some official sample questions and answers that will help familiarise you with the exam structure and wording as well as some of the key terms and definitions.

Question 1 (1 Mark)

Which HTTP header would you modify to help perform an “HTTP request smuggling” attack?

A. Expires
B. Pragma
C. Cache-Control
D. Content-Length
E. Content-Language

Answer

D. Content-Length

Question 2 (1 Mark)

Your customer tells you they have a Class B network. How many IP addresses does this network include?

A. 65536

B. 16

C. 16777216

D. 8192

E. 256

Answer

A. 65536

Question 3 (1 Mark)

Which of the following PowerShell commands would help in determining the local machine’s patching status?

A. Get-HotFix

B. Get-SystemUpdates

C. Select-SystemUpdates -Machine localhost

D. Get-InstalledSoftware | Where-Object {$_.HotFixID -like ‘KB*’}

D. None of these

Answer

A. Get-HotFix

Question 4 (1 Mark)

A well-configured Checkpoint Firewall is running on your local network segment. Which of the following types of probe is it most likely to respond to?

A. A ICMP Echo request

B. An ARP ‘who has’ request

C. It will not respond to any type of probe

D. A TCP SYN packet to TCP port 264

E. An IKE probe to UDP port 500

Answer

B. An ARP ‘who has’ request

You can download a PDF version of these questions here.

Booking your exam

The CREST Practitioner Security Analyst (CPSA) exam is available in selected Pearson VUE Test Centres across the globe. You can book your CPSA exam now via the Pearson VUE website.

CREST Pearson VUE vouchers

Pearson VUE vouchers are available from CREST for companies and individuals who either have an account with CREST or need an alternative payment method. These vouchers will be sent on receipt of a paid invoice. For more information please contact [email protected].

Special accommodations

Candidates must contact the CREST Support team at least 2 weeks before the potential exam date with a formal medical report from a qualified medical practitioner specialising in the particular condition. Candidates should register an account with Pearson VUE but not book an exam until the accommodation request has been processed. For more information, please contact [email protected].

How to cancel, postpone or reschedule

This is done through your own Pearson VUE registration and exam booking page and must be done at least 24hrs before your exam date.