CREST Certification

CREST CCSAM Practice Test

Prepare for the CREST Certified Simulated Attack Manager exam with free practice tests covering all ten CCSAM syllabus domains. Each test has 20 questions designed to match the analytical, scenario-based style of the real CCSAM written examination.

15Practice Tests
300Total Questions
10Domains Covered
100%Free Forever

Mixed Set — CREST CCSAM Practice Tests

Questions distributed across all ten CCSAM syllabus areas, blending management, strategy, and deep technical knowledge of simulated attack operations. The CCSAM requires both the managerial perspective of leading red team engagements and the technical breadth to understand every stage of the attack lifecycle.

01
CREST CCSAM Practice Test 1
20 Qs · ~30 min
Start Test →
02
CREST CCSAM Practice Test 2
20 Qs · ~30 min
Start Test →
03
CREST CCSAM Practice Test 3
20 Qs · ~30 min
Start Test →
04
CREST CCSAM Practice Test 4
20 Qs · ~30 min
Start Test →
05
CREST CCSAM Practice Test 5
20 Qs · ~30 min
Start Test →

Domain Wise — CREST CCSAM Mock Tests

Target each CCSAM syllabus domain with focused mock tests. The CCSAM spans the full simulated attack lifecycle from engagement scoping and open-source reconnaissance through to implant creation, evasion, and command-and-control infrastructure — use these domain tests to build expert command of every stage.

D1
Soft Skills and Assessment Management
Engagement scoping, rules of engagement, legal and compliance frameworks for simulated attacks, client communications, risk management, record keeping, incident reporting, and debrief delivery
Syllabus Area A Start Test →
D2
Core Technical Skills
IP protocols, cryptography applied to red team operations, network mapping, pivoting techniques, OS fingerprinting, traffic analysis, and understanding of security controls relevant to simulated attack planning
Syllabus Area B Start Test →
D3
Background Information Gathering and Open Source
OSINT methodology for simulated attack planning, DNS reconnaissance, WHOIS analysis, social media profiling, email harvesting, passive intelligence gathering, and using open-source data to model target organisations
Syllabus Area C Start Test →
D4
Enumeration / Reconnaissance
Active enumeration of target infrastructure, port scanning with IDS evasion, service fingerprinting, operating system defensive capability identification, perimeter controls enumeration, and SMTP and HTTP proxy analysis
Syllabus Area I Start Test →
D5
Trojan Delivery
Phishing campaign design and execution, spear-phishing techniques, trojanised document delivery, payload embedding in common file formats, delivery via business communication channels, and countermeasure awareness
Syllabus Area E Start Test →
D6
Client-Side Exploitation Skills
Browser exploitation techniques, Office macro-based attacks, client-side vulnerabilities in common applications, user interaction attack chains, social engineering enabling initial access, and peripheral device exploitation
Syllabus Area F Start Test →
D7
Embedded and Peripheral Devices
Hardware attack vectors including rogue USB devices, HID attacks, physical implants, removable media threats, printer and peripheral exploitation, and the use of embedded hardware in simulated attack scenarios
Syllabus Area G Start Test →
D8
Implant Creation
Win32 implant design and functionality, VBA macro creation and limitations, AV and anti-malware evasion during implant development, persistence mechanisms, safe data exfiltration from implants, and operating system defence bypass
Syllabus Area H Start Test →
D9
Evasion
IDS and IPS evasion during simulated attacks, bypassing application allowlisting (AppLocker, SRP), EDR and AV bypass techniques, anti-forensic measures, minimising attacker footprint, and OPSEC principles for red team operations
Syllabus Area I Start Test →
D10
Egress / Command and Control
Enumerating outbound firewall rules, establishing covert C2 channels through firewalls, tunnelling traffic within permitted protocols, masking C2 within business application traffic, maintaining persistence through network controls, and exfiltration security
Syllabus Area J Start Test →

About the CREST CCSAM Certification Exam

Everything you need to know about the CREST Certified Simulated Attack Manager exam — who it is designed for, what makes it unique among CREST credentials, and what the two-part written exam structure demands.

What Is the CREST CCSAM?

The CREST Certified Simulated Attack Manager (CCSAM) is an advanced certification that validates a professional's ability to plan, manage, and lead team-based simulated attack engagements — commonly known as red team operations. Unlike the CCT INF or CCT APP, which focus on hands-on technical execution, the CCSAM is specifically aimed at the management layer of simulated attacks: the individual responsible for ensuring the engagement is conducted legally, safely, and with actionable intelligence delivered to the client.

The CCSAM is a purely written examination — there is no practical assault course component. Candidates must demonstrate expert-level knowledge across the entire simulated attack lifecycle, from open-source intelligence gathering and engagement scoping through to implant design, evasion strategy, C2 infrastructure management, and post-engagement debrief. The certification is widely sought after by red team leads, security operations managers, and senior consultants at specialist adversarial simulation firms. CCSAM-certified professionals typically earn £75,000 to £110,000+ in the UK, reflecting the seniority and breadth of expertise the qualification demands. CREST has no formal prerequisites for the CCSAM, though significant red team management experience is expected.

Exam Format (2026)

Components: Two written parts, both delivered at Pearson VUE test centres. The exam is purely written — there is no practical assault course component for the CCSAM.

SAM 1: Multiple-choice questions combined with compulsory long-form written answers. Duration is 2.5 hours. Tests breadth of knowledge across all syllabus areas.

SAM 2: Long-form and scenario-based questions requiring detailed written answers. Duration is 3.5 hours. Assesses the candidate's ability to analyse complex simulated attack scenarios and communicate findings and recommendations at a senior level.

Scheduling: SAM 1 must be taken first. SAM 2 must be completed within three months of sitting SAM 1.

Passing score: Candidates must achieve at least 70% in each part independently. Failing either part requires the entire examination to be retaken.

Exam fee: Contact CREST or Pearson VUE for current regional pricing. CCSAM is priced at the Certified level.

Eligibility Requirements

Prerequisites: There are no formal prerequisites for the CCSAM exam. Any candidate may register and sit it. However, the exam is calibrated to professionals with substantial senior red team management experience — candidates without this background will find the depth and breadth of the scenarios extremely challenging.

Recommended background: Extensive experience leading simulated attack engagements, including scoping, legal and compliance management, team coordination, threat actor emulation, and post-engagement reporting. Strong technical knowledge across the entire attack lifecycle — from OSINT through implant design, evasion, and C2 — is essential to answer the technical components of both written parts.

Companion certification: The CCSAM is the management counterpart to the CREST Certified Simulated Attack Specialist (CCSAS). The CCSAS focuses on hands-on technical delivery; the CCSAM focuses on leading and managing those operations. Many senior red team professionals hold or pursue both.

Certification validity: 3 years from the date of passing.

CREST CCSAM Syllabus Domains — Exam Coverage

The CCSAM syllabus spans ten domains covering both the management and technical dimensions of simulated attack operations. Both SAM 1 (MCQ and long-form) and SAM 2 (scenario-based long-form) draw from these areas, with management and planning domains tested in depth alongside technical attack lifecycle knowledge.

DomainTopicCoverage
Area ASoft Skills and Assessment ManagementVery High
Area BCore Technical SkillsHigh
Area CBackground Information Gathering and Open SourceHigh
Area IEnumeration / ReconnaissanceHigh
Area ETrojan DeliveryModerate
Area FClient-Side Exploitation SkillsModerate
Area GEmbedded and Peripheral DevicesModerate
Area HImplant CreationHigh
Area IEvasionHigh
Area JEgress / Command and ControlHigh

How Our Practice Tests Are Designed

Management and technical questions in balance — The CCSAM is unique among CREST certifications in explicitly assessing both leadership skills (scoping, legal compliance, risk management, client communication) and deep technical knowledge (implant design, evasion, C2 infrastructure). Our practice tests reflect this dual requirement, mixing management scenario questions with technically precise questions on attack lifecycle stages.

Full coverage across all ten syllabus domains — Mixed practice tests draw from every CCSAM syllabus area, weighted to reflect the management-heavy focus of the CCSAM versus its technical sister certification CCSAS. Assessment Management and Core Technical Skills receive proportionally higher representation, while Embedded Devices and Client-Side Exploitation are sampled appropriately as supporting domains.

Timer calibration — The CCSAM SAM 1 written exam involves MCQ and long-form answers over 2.5 hours; SAM 2 involves deeper scenario-based long-form writing over 3.5 hours. Our 20-question practice tests are timed at 30 minutes, reflecting the more deliberate, analytical pace expected of CCSAM-level scenario reasoning compared to pure MCQ-style exams.

Domain tests for the most examined areas — Soft Skills and Assessment Management is the most heavily assessed domain in the CCSAM — the exam is fundamentally about managing simulated attacks, not just executing them. Egress/C2 and Evasion are the most technically demanding. Use the domain-wise tests to ensure both dimensions are covered before sitting the real exam.

CREST CCSAM Exam Preparation Tips

Study Strategy

Study the management layer as deeply as the technical: The CCSAM is distinguished from the CCSAS by its management focus. Candidates who approach it purely from a technical red team perspective will underperform on the engagement planning, legal compliance, rules of engagement, and risk management components that carry heavy weight in both SAM parts — especially the scenario section of SAM 2.

Master the full attack lifecycle at a planning level: Even domains that are more technically hands-on in the CCSAS — such as Implant Creation, Evasion, and C2 — must be understood at a strategic planning level for the CCSAM. You need to be able to specify, evaluate, and communicate decisions about these areas rather than execute them under exam conditions.

Prepare SAM 1 and SAM 2 as distinct challenges: SAM 1's MCQ and short long-form components test breadth. SAM 2's extended scenario questions test depth, reasoning, and professional communication. Allocate separate study blocks to each format — SAM 2 in particular requires practice writing structured, senior-level responses to complex adversarial scenario briefs.

Test-Taking Strategy

In SAM 1, manage your time across formats: SAM 1 combines multiple-choice questions with compulsory long-form answers in 2.5 hours. Pace yourself across both components — do not over-invest time in early MCQ questions at the expense of the long-form section, where partial marks can be earned even with incomplete answers.

In SAM 2, structure before you write: The scenario questions in SAM 2 are extended and demand detailed answers. Read the full scenario brief carefully, plan the structure of your response before writing, and ensure each answer directly addresses the criteria asked. Well-structured, concise answers consistently outperform verbose, unfocused ones at this level.

Complete SAM 2 within three months of SAM 1: CREST requires SAM 2 to be sat within three months of SAM 1. Plan both booking slots before starting SAM 1 preparation — the three-month window passes quickly when combined with work commitments, and failing to sit SAM 2 in time means restarting the process entirely.

Frequently Asked Questions

What type of exam is the CREST CCSAM?+
The CCSAM is a purely written examination with no practical assault course component. It consists of two parts delivered at Pearson VUE test centres: SAM 1 (multiple-choice questions and compulsory long-form written answers, 2.5 hours) and SAM 2 (long-form and scenario-based questions requiring detailed written answers, 3.5 hours). SAM 1 must be taken first, and SAM 2 must be completed within three months. This written-only format distinguishes the CCSAM from its technical counterpart, the CCSAS, which includes a practical component.
What is the passing score for the CREST CCSAM exam?+
Candidates must achieve at least 70% in each part of the CCSAM independently. This is the highest passing threshold of any CREST certification and reflects the seniority of the qualification. Failing either SAM 1 or SAM 2 requires the entire examination to be retaken — there is no option to carry forward a passing grade from one part while retaking only the failed component.
What is the difference between CCSAM and CCSAS?+
The CCSAM (Certified Simulated Attack Manager) and CCSAS (Certified Simulated Attack Specialist) are companion certifications in CREST's simulated attack pathway. The CCSAS focuses on the hands-on technical delivery of simulated attacks — implant deployment, exploitation, lateral movement — and includes a practical component. The CCSAM focuses on leading and managing simulated attack engagements: scoping, legal compliance, team coordination, threat intelligence interpretation, and post-engagement reporting. The CCSAM is a purely written exam; the CCSAS includes a practical assessment. Many senior red team professionals pursue both.
Are these CCSAM practice tests free?+
Yes. All CREST CCSAM practice tests on Security Practice Test are completely free with no account or sign-up required. Select any mixed set or domain-wise test above and begin practicing immediately.
Do I need any prerequisites to take the CCSAM exam?+
No. CREST does not mandate formal prerequisites for the CCSAM. However, the exam is calibrated to senior professionals with substantial experience leading simulated attack operations — candidates without this background will find the management scenario components and technical depth of both SAM parts extremely demanding. Most candidates have extensive prior experience in red team operations, often holding CCT-level or equivalent credentials alongside years of commercial engagement management experience.
How long should I prepare for the CREST CCSAM?+
Preparation time varies significantly based on existing experience. Professionals actively managing red team engagements with 5 or more years of relevant experience typically need 3 to 4 months of focused preparation covering all ten syllabus domains and both exam formats. Candidates newer to the management dimension of simulated attacks — even if technically strong — should allow 4 to 6 months, with significant study time dedicated to the engagement management, legal compliance, and scenario communication aspects that are uniquely tested in the CCSAM.
What career roles does the CREST CCSAM support?+
The CCSAM is designed for professionals who lead simulated attack engagements rather than solely execute them. Career roles supported include Red Team Lead, Head of Adversarial Security, Simulated Attack Manager, Principal Security Consultant, and Director of Offensive Security. CCSAM holders are recognised by clients in regulated sectors — banking, government, critical national infrastructure — where certification of the engagement manager as well as the technical team provides additional assurance of engagement quality and safety.
What topics are most important for the CCSAM exam?+
Soft Skills and Assessment Management is the highest-priority domain — the ability to scope engagements, manage legal risk, communicate with clients, and structure post-engagement reporting is central to both SAM 1 and SAM 2. Technically, Egress and Command-and-Control infrastructure, Evasion strategy, and Implant Creation are the most demanding areas, requiring managerial-level understanding of how these techniques are planned, documented, and communicated. Background Information Gathering and Enumeration are also heavily represented, as threat actor emulation begins with intelligence about the target.

Ready to Test Your CREST CCSAM Knowledge?

Start with a mixed set to assess your readiness across all ten simulated attack domains, then use domain-wise tests to sharpen both the management and technical areas the exam demands.

Start CREST CCSAM Practice Test 1 →

Authors

  • Security Practice Test Editorial Team
    : Author

    Security Practice Test Editorial Team is the expert content team at SecurityPracticeTest.com dedicated to producing authoritative cybersecurity certification exam-prep resources. We create comprehensive practice tests, study materials, and exam-focused content for top security certifications including CompTIA Security+, SecurityX, PenTest+, CISSP, CCSP, SSCP, Certified in Cybersecurity (CC), CGRC, CISM, SC-900, SC-200, AZ-500, AWS Certified Security - Specialty, Professional Cloud Security Engineer, OSCP+, GIAC certifications, CREST certifications, Check Point, Cisco, Fortinet, and Palo Alto Networks exams. Our content is developed through careful review of official exam objectives, cybersecurity knowledge domains, and practical job-relevant concepts to help learners build confidence, strengthen understanding, and prepare effectively for certification success.
  • Sudhanshu Thakur - Reviewer
    : Reviewer

    Enterprise Technology and Digital Transformation Professional with 18+ years of experience in enterprise software, SaaS, industrial automation, and business consulting. Formerly associated with Rockwell Automation, Tech Mahindra, Emerson, ABB, L&T Infotech, and Hewlett Packard Enterprise.