CREST Certification

CREST CCRTS Practice Test

Q: How long should I prepare for the CCRTS?

Most candidates need three to six months of structured preparation. Those with an active red team background may be ready in four to eight weeks. The practical component typically requires the most preparation time as it cannot be approached theoretically.

Q: Can I bring tools or notes into the CCRTS exam?

The written exam is closed book — no notes, internet, or devices permitted. For the practical exam, candidates can pre-upload files via CRESTDrive before the exam date. CREST provides virtual machines for candidates to familiarise themselves with the practical exam environment in advance.

Prepare for the CREST Certified Red Team Specialist exam with free practice tests aligned to the official CCRTS syllabus v2.1. Each test delivers 20 scenario-driven questions timed at 1 minute per question — matching the pace of the real CCRTS written multiple-choice component so you develop exam-ready speed and confidence.

13Practice Tests

260Total Questions

8Domains Covered

100%Free Forever

Mixed Set — CCRTS Practice Tests

Questions distributed across all 8 CCRTS syllabus domains according to their depth in the official CREST exam blueprint. Operationally heavy domains like Initial Access, Lateral Movement, and Evasion appear with greater frequency — closely mirroring the distribution of the real written multiple-choice exam.

CCRTS Practice Test 1

20 Qs · ~20 min

Start Test →

CCRTS Practice Test 2

20 Qs · ~20 min

Start Test →

CCRTS Practice Test 3

20 Qs · ~20 min

Start Test →

CCRTS Practice Test 4

20 Qs · ~20 min

Start Test →

CCRTS Practice Test 5

20 Qs · ~20 min

Start Test →

Domain Wise — CCRTS Mock Tests

Sharpen your knowledge across each of the eight CCRTS syllabus domains with targeted 20-question mock tests. Each test isolates a single knowledge group from the official CREST syllabus so you can identify and close gaps before sitting any component of the real exam.

Soft Skills and Assessment Management

Legal and ethical frameworks, client confidentiality, scoping and rules of engagement, CBEST and TIBER-EU regulatory awareness, engagement planning, and debrief reporting

Appendix A Start Test →

Core Technical Skills

TCP/IP and application layer protocols, operating system internals, Active Directory fundamentals, network architecture, audit data analysis, and foundational offensive tooling

Appendix B Start Test →

Reconnaissance

OSINT gathering, DNS enumeration, passive and active target profiling, threat intelligence integration, social engineering reconnaissance, and attack surface mapping

Appendix C Start Test →

Implants

Implant design and deployment, staged vs. stageless payloads, in-memory execution techniques, implant persistence mechanisms, and built-in OS functionality vs. custom tooling

Appendix D Start Test →

Initial Access

Phishing and spear-phishing, credential theft, exploitation of internet-facing services, watering hole attacks, supply chain compromise, and physical access vectors

Appendix E Start Test →

Lateral Movement & Privilege Escalation

Pass-the-hash, Kerberoasting, token impersonation, ACL abuse, service binary hijacking, internal network pivoting, registry ACL analysis, and domain privilege escalation paths

Appendix F Start Test →

Evasion

AV and EDR bypass techniques, obfuscation and encoding, AMSI evasion, living-off-the-land binaries (LOLBins), log tampering, timestomping, and defensive control circumvention

Appendix G Start Test →

Egress / Command and Control

C2 framework selection and configuration, covert channel establishment, HTTPS and DNS beaconing, firewall and proxy traversal, data exfiltration techniques, and operational security during C2

Appendix H Start Test →

About the CCRTS Certification Exam

Everything you need to know about the CREST Certified Red Team Specialist exam structure, eligibility, career value, and how it compares to other red team credentials.

What Is the CREST CCRTS?

The CREST Certified Red Team Specialist (CCRTS) is an advanced-level certification issued by CREST, the international not-for-profit accreditation and certification body for the cybersecurity industry. The CCRTS validates a professional's ability to plan, lead, and execute full-scope adversary simulation engagements — including intelligence-led red team operations informed by real threat actor TTPs (tactics, techniques, and procedures). The exam was previously known as the CREST Certified Simulated Attack Specialist (CCSAS) before being renamed to align with current industry terminology.

The CCRTS holds significant regulatory standing. It is a mandated requirement for red team operators delivering assessments under the Bank of England's CBEST framework, the ECB's TIBER-EU programme for European financial institutions, and several other government-recognised frameworks globally. Professionals holding the CCRTS work in roles such as Red Team Lead, Adversary Simulation Specialist, Offensive Security Consultant, and Principal Penetration Tester. Salaries for CCRTS-qualified professionals in the United Kingdom typically range from £75,000 to £130,000 depending on seniority, with consultants in regulated financial sector engagements often commanding premium rates.

Exam Format (2026)

Exam components: The CCRTS consists of three separate components — a written multiple-choice test, a written scenario section, and a practical exam.

Written MCQ: 60 multiple-choice questions with five answer options each, delivered in 60 minutes. Closed book — no notes, internet access, or electronic devices permitted.

Written scenario: Structured around engagement stages including scoping, risk management, and tradecraft. Candidates receive a Threat Intelligence pack as contextual input.

Practical exam: Two components — a Red Team Assault Course (targeting ≥120 of 180 marks) and a Red Team Tactics, Tradecraft and Operational Security section (targeting ≥60 marks). Candidates may pre-upload tools via CRESTDrive.

Passing requirement: All three components must be passed. Passing one but failing another results in overall failure.

Syllabus version: v2.1, issued November 2024 by the CREST Technical Committee and Assessors Panel.

Eligibility Requirements

Prerequisites: There are no formal prerequisites for the CCRTS exam. CREST recommends, but does not require, that candidates have passed the CREST Certified Tester (Infrastructure) — CCT Inf — examination beforehand.

Recommended experience: The CCRTS is an advanced-level exam. Candidates should have substantial hands-on experience leading red team or adversary simulation engagements, not just penetration testing. A background in post-exploitation, C2 operations, and evasion is essential for the practical components.

Regulatory frameworks: Candidates seeking CBEST or TIBER-EU delivery status through their employer will typically need to hold the CCRTS or an accepted equivalent qualification.

Certification validity: CREST certifications are valid for three years, after which recertification is required to maintain active status.

CCRTS Syllabus Domain Coverage — v2.1 Exam Outline

The CCRTS syllabus is divided into eight knowledge groups (Appendices A through H). Each domain is assessed across the written multiple-choice, written scenario, and practical components — though not every skill area appears in all three. The coverage estimates below reflect the relative depth and breadth of each domain within the official syllabus.

Domain	Knowledge Group	Coverage
Appendix A	Soft Skills and Assessment Management	10%
Appendix B	Core Technical Skills	12%
Appendix C	Reconnaissance	12%
Appendix D	Implants	12%
Appendix E	Initial Access	14%
Appendix F	Lateral Movement & Privilege Escalation	16%
Appendix G	Evasion	14%
Appendix H	Egress / Command and Control	10%

How Our Practice Tests Are Designed

Scenario-driven question style — The CCRTS written multiple-choice section tests your ability to make tactical decisions under realistic adversary simulation conditions, not just recall facts. Our questions present operational scenarios — a detection event, a misconfigured ACL, a C2 beaconing decision — and ask you to choose the most appropriate red team response, just as the real exam does.

Syllabus-aligned mixed sets — Mixed practice tests distribute questions across all eight CCRTS knowledge groups proportionally, with heavier coverage of the more operationally complex domains like Lateral Movement and Privilege Escalation, Evasion, and Initial Access — matching the depth of these domains in the official CREST syllabus v2.1.

Proportional timer — The real CCRTS written MCQ component allows 60 minutes for 60 questions — exactly 1 minute per question. Every 20-question test on this site is timed at 20 minutes to match that pace precisely and train you to make fast, confident decisions under time pressure.

Domain-specific mock tests — The eight domain-wise tests let you isolate and drill individual knowledge groups. Use these to reinforce weaker areas identified through your mixed-set results, or to build depth in domains that also appear in the written scenario and practical components.

CCRTS Exam Preparation Tips

Study Strategy

Read the official syllabus in full: The CREST CCRTS syllabus v2.1 maps every skill area to one or more exam components. Use this document as your preparation roadmap — identify which areas appear in the MCQ only vs. those that also appear in the scenario and practical components, and prioritise accordingly.

Think like a red team lead, not a pentester: The CCRTS assesses engagement leadership as much as technical execution. Be ready for questions on scoping, legal constraints, rules of engagement, risk decisions during live operations, and how to contextualise your work within CBEST or TIBER-EU frameworks.

Build genuine practical depth: The practical exam component — particularly the Red Team Assault Course — cannot be passed on theory alone. Invest time building, deploying, and operating real C2 infrastructure, developing custom implants, and practising evasion against modern EDR solutions in a lab environment.

Test-Taking Strategy

Budget exactly 1 minute per question: With 60 MCQ questions in 60 minutes and five answer options per question, there is no margin for extended deliberation. Our 20-minute timed tests build exactly this habit. Eliminate obviously wrong options first, then commit to the most operationally sound answer for the given scenario.

Use the TI pack in the written scenario: The written scenario section provides a Threat Intelligence pack for context. Take time to absorb the TI pack before answering — the scoping and risk management questions in particular require you to integrate the threat context into your decisions, not answer generically.

All three components must pass independently: Do not deprioritise the practical exam while focusing on the written components. The CCRTS requires all sections to pass simultaneously — excelling in the MCQ does not compensate for a failed practical. Allocate preparation time across all three components.

Frequently Asked Questions

How many questions are on the CCRTS written exam?+

The CCRTS written multiple-choice component contains 60 questions, each with five answer options where only one is correct. Candidates have 60 minutes to complete this section. The exam also includes a written scenario section and a practical exam — these are separate components with their own time allocations and passing requirements.

What is the passing score for the CCRTS exam?+

The passing threshold for the written multiple-choice section is 66%. For the practical exam, candidates must achieve at least two thirds of available marks (120 out of 180) in the Red Team Assault Course, and at least half of available marks (60 marks) in the Red Team Tactics, Tradecraft and Operational Security section. All components must be passed — failing one results in overall failure regardless of performance in other sections.

What are the prerequisites for the CCRTS exam?+

There are no formal prerequisites for the CCRTS. CREST recommends that candidates have passed the CREST Certified Tester (Infrastructure) examination as preparation, but this is not a mandatory requirement. In practice, the exam is pitched at an advanced level — candidates without significant hands-on red team experience will find the practical component particularly demanding.

Are these CCRTS practice tests free?+

Yes. All CCRTS practice tests on Security Practice Test are completely free with no account registration or sign-up required. Open any test and start practising immediately — no payment, no barriers.

Why is the CCRTS required for CBEST engagements?+

The CBEST framework, operated by the Bank of England, requires red team operators at CREST-accredited firms to hold the CCRTS (or its predecessor, the CCSAS) to participate in intelligence-led cyber security assessments of UK financial market infrastructure. Similar requirements apply under the ECB's TIBER-EU programme for European financial institutions. The CCRTS is the primary qualifying credential for these high-assurance regulated red team engagements globally.

What is the difference between CCRTS and CCSAS?+

The CCRTS (Certified Red Team Specialist) is the same certification as the former CCSAS (Certified Simulated Attack Specialist). CREST renamed the credential to align with current industry terminology around red teaming and adversary simulation. The exam content and structure were updated in tandem, with the current syllabus at version 2.1 issued in November 2024.

How long should I prepare for the CCRTS?+

Most candidates without prior red team leadership experience need three to six months of structured preparation across all three exam components. Those with an active red team background who already operate C2 infrastructure, develop custom tooling, and lead engagements may be ready in four to eight weeks. The practical component is typically what requires the most preparation time, as it cannot be approached theoretically.

Can I bring tools or notes into the CCRTS exam?+

The written exam is closed book — no books, notes, internet access, or electronic devices are permitted for either the multiple-choice or scenario sections. For the practical exam, candidates can pre-upload files via CRESTDrive before the exam date, which are then made accessible in the exam environment on the day. CREST provides two virtual machines for the practical component to allow candidates to familiarise themselves with the tooling environment in advance.

Ready to Test Your CCRTS Knowledge?

Start with a mixed set to benchmark your current level across all eight domains, then use the domain-specific tests to close gaps before your exam date.

Start CCRTS Practice Test 1 →

Authors

Security Practice Test Editorial Team: Author

Security Practice Test Editorial Team is the expert content team at SecurityPracticeTest.com dedicated to producing authoritative cybersecurity certification exam-prep resources. We create comprehensive practice tests, study materials, and exam-focused content for top security certifications including CompTIA Security+, SecurityX, PenTest+, CISSP, CCSP, SSCP, Certified in Cybersecurity (CC), CGRC, CISM, SC-900, SC-200, AZ-500, AWS Certified Security - Specialty, Professional Cloud Security Engineer, OSCP+, GIAC certifications, CREST certifications, Check Point, Cisco, Fortinet, and Palo Alto Networks exams. Our content is developed through careful review of official exam objectives, cybersecurity knowledge domains, and practical job-relevant concepts to help learners build confidence, strengthen understanding, and prepare effectively for certification success.

Sudhanshu Thakur: Reviewer

Enterprise Technology and Digital Transformation Professional with 18+ years of experience in enterprise software, SaaS, industrial automation, and business consulting. Formerly associated with Rockwell Automation, Tech Mahindra, Emerson, ABB, L&T Infotech, and Hewlett Packard Enterprise.