CREST Certification

CREST CCT INF Practice Test

Prepare for the CREST Certified Tester — Infrastructure exam with free practice tests covering all five major syllabus areas. Each test has 20 questions timed at 1 minute per question to match the pace of the real CCT INF written exam.

10Practice Tests
200Total Questions
5Domains Covered
100%Free Forever

Mixed Set — CREST CCT INF Practice Tests

Questions distributed across all five CCT INF syllabus areas according to the official CREST exam blueprint. Advanced topics such as Infrastructure and Network Security, Modern Environments, and Reconnaissance feature heavily — reflecting the depth expected from candidates with 5 to 6 years of hands-on experience.

01
CREST CCT INF Practice Test 1
20 Qs · ~20 min
Start Test →
02
CREST CCT INF Practice Test 2
20 Qs · ~20 min
Start Test →
03
CREST CCT INF Practice Test 3
20 Qs · ~20 min
Start Test →
04
CREST CCT INF Practice Test 4
20 Qs · ~20 min
Start Test →
05
CREST CCT INF Practice Test 5
20 Qs · ~20 min
Start Test →

Domain Wise — CREST CCT INF Mock Tests

Target each CCT INF syllabus area with focused domain tests. The updated CCT INF syllabus includes expanded coverage of cloud, containerisation, macOS, social engineering, and global law and compliance — use these mock tests to build depth across the full breadth of the exam.

D1
Assessment Management, Methodology, and Core Skills
Engagement lifecycle, scoping, law and compliance (global and regional), managing risk, client communications, record keeping, reporting quality, cryptography, and pivoting techniques
Syllabus Areas A & B Start Test →
D2
Infrastructure, Network, and Platform Security
Network architecture, Windows and Linux security assessment, Active Directory, network intrusion detection bypass, routing protocols, VLAN attacks, credential attacks, and post-exploitation
Syllabus Areas C, D & E Start Test →
D3
Modern Environments and Enterprise Technologies
Cloud security (AWS, Azure, GCP), containerisation (Docker, Kubernetes), macOS security assessment, NoSQL injection, database security, and virtualisation platform vulnerabilities
Syllabus Areas F & G Start Test →
D4
Reconnaissance and Web Technologies
OSINT and passive reconnaissance, DNS analysis, web server fingerprinting, web application frameworks, SSL/TLS assessment, HTTP analysis, and web technology identification techniques
Syllabus Areas H & I Start Test →
D5
Human and Physical Security
Social engineering techniques, phishing and pretexting, physical security assessment, tailgating, hardware security, OSINT for social engineering, and countermeasures and defences
Syllabus Areas K & N Start Test →

About the CREST CCT INF Certification Exam

Everything you need to know about the CREST Certified Tester — Infrastructure exam, including its three-component structure, what distinguishes it from CRT, and why it matters for senior penetration testing careers.

What Is the CREST CCT INF?

The CREST Certified Tester — Infrastructure (CCT INF) is an advanced-level certification from CREST that validates a practitioner's ability to conduct comprehensive infrastructure penetration testing engagements at an expert level. It is positioned above the CRT in the CREST certification pathway and is aimed at professionals with approximately 5 to 6 years of hands-on infrastructure security experience. The CCT INF tests a much broader and deeper syllabus than the CRT, with updated coverage including cloud services (AWS, Azure, GCP), containerisation (Docker, Kubernetes), macOS security, social engineering, and expanded law and compliance requirements.

The CCT INF is recognised by the UK National Cyber Security Centre (NCSC) for its CHECK scheme, where CCT-level holders qualify for CHECK Team Leader status — a significant step above the Team Member status conferred by CRT. This makes the CCT INF essential for professionals who lead penetration testing engagements on UK government and critical national infrastructure systems. CCT INF-certified professionals typically earn between £65,000 and £100,000+ in the UK, with strong demand from government security teams, financial institutions, and specialist security consultancies. The certification has no formal prerequisites, though a valid CRT is the natural progression point.

Exam Format (2026)

Components: Three separate assessment stages — a multiple-choice written exam, a written scenario, and a practical assessment.

Written exam: 60 multiple-choice questions completed in 2.5 hours (1 minute per question) at a Pearson VUE test centre. Closed book — no notes, internet, or devices permitted.

Written scenario: A risk analysis and report-writing exercise where candidates document findings for a defined audience. Tests professional communication alongside technical depth.

Practical assessment: Hands-on penetration testing against reference networks using a provided Kali Linux environment (candidates cannot use their own laptops). Duration is 3 hours plus 20 minutes of reading time.

Passing score: At least 66% (two-thirds) must be achieved in each component independently. Passing one component but failing another results in an overall fail.

Exam fee: Approximately $400 USD (varies by region). Check Pearson VUE for current pricing.

Eligibility Requirements

Prerequisites: There are no formal prerequisites for the CCT INF exam — any candidate can book and sit it. However, the exam is calibrated to approximately 5 to 6 years of hands-on infrastructure penetration testing experience.

Recommended background: A strong foundation in Windows and Linux security assessment, Active Directory exploitation, network attack techniques, and web technology enumeration is essential. Familiarity with cloud environments and containerisation platforms is increasingly important given recent syllabus updates.

Natural progression: Most candidates hold CRT certification before attempting CCT INF. The CRT covers a subset of the CCT INF syllabus and provides the practical baseline expected at this level.

CHECK Team Leader: Passing CCT INF (subject to NCSC approval) confers CHECK Team Leader status, enabling professionals to lead government-mandated penetration testing engagements.

Certification validity: 3 years. Renewal requires re-examination.

CREST CCT INF Syllabus Areas — Exam Coverage

The revised CCT INF syllabus spans five broad domain groupings. All three exam components — the multiple-choice written exam, written scenario, and practical assessment — draw from these areas, with different components testing different depth levels.

DomainTopicCoverage
Areas A & BAssessment Management, Methodology, and Core SkillsHigh
Areas C, D & EInfrastructure, Network, and Platform SecurityVery High
Areas F & GModern Environments and Enterprise TechnologiesHigh
Areas H & IReconnaissance and Web TechnologiesModerate
Areas K & NHuman and Physical SecurityModerate

How Our Practice Tests Are Designed

Written exam focus with scenario-level depth — Our practice tests are built to prepare candidates for the CCT INF multiple-choice written component, where 60 scenario-based questions must be answered in 60 minutes. Questions require applied, analytical thinking — not just recall — reflecting the advanced level of knowledge expected at CCT grade.

Full syllabus breadth including new areas — The CCT INF syllabus was significantly updated to include cloud security, containerisation, macOS, social engineering, network intrusion protection bypass, Unix exploitation, NoSQL injection, and expanded global law and compliance. Our practice tests cover all five domain groupings including these newer additions that earlier study resources may not address.

Proportional timer — The real CCT INF multiple-choice exam gives exactly 1 minute per question across 60 questions (2.5 hours total). Each 20-question practice test is timed at 20 minutes, building the pace discipline required to answer under strict time pressure across a very broad and technically demanding syllabus.

Domain tests for the hardest areas — Modern Environments (cloud, containers, macOS) and Infrastructure/Network Security are the most technically dense domains in the updated syllabus. Use the domain-wise tests to build concentrated depth in these areas before moving to mixed-set practice.

CREST CCT INF Exam Preparation Tips

Study Strategy

Study the revised syllabus thoroughly: The updated CCT INF syllabus added meaningful new areas — cloud services, containerisation, macOS, social engineering, hardware security, and expanded law and compliance. Candidates using older study materials will have significant coverage gaps. Start with the current official CREST syllabus PDF as your definitive guide.

Prepare all three components simultaneously: The written exam, written scenario, and practical assessment all require different preparation modes. Passing the MCQ component without passing the scenario or practical still results in a fail. Dedicate dedicated study time to report writing and scenario analysis, not just technical depth.

Prioritise breadth over depth on the written exam: The 60-question MCQ tests the entire syllabus width in 60 minutes. A question on macOS exploitation may follow one on Kerberos delegation. Broad, consistent coverage across all five domain groups consistently outperforms deep specialisation in a subset of areas.

Test-Taking Strategy

Flag and move on: The CCT INF written exam officially recommends flagging uncertain questions and returning to them — do not spend more than 60 seconds on any single question. Banking marks from high-confidence questions before revisiting flagged ones is the most reliable pacing strategy.

Anchor scenario answers in evidence: The written scenario component rewards structured, evidence-based answers over volume. Read the scenario introductory section carefully, identify the intended audience, and communicate findings clearly to that audience — a technical report for a security team differs substantially from a management summary.

Use reading time in the practical: The 20 minutes of reading time before the practical clock starts is strategically critical at CCT level. Scan the full task list, identify high-value and high-confidence tasks, and sequence your work to build a mark buffer before tackling the more complex chains.

Frequently Asked Questions

How many components does the CREST CCT INF exam have?+
The CCT INF exam has three distinct components: a 60-question multiple-choice written exam (2.5 hours at Pearson VUE), a written scenario requiring risk analysis and report writing, and a hands-on practical assessment (3 hours plus 20 minutes reading time) conducted on a provided Kali Linux environment. Candidates must achieve at least 66% in each component independently — failing any single component results in an overall fail regardless of performance in the others.
What is the passing score for the CREST CCT INF exam?+
Candidates must achieve at least 66% (two-thirds) in every component of the CCT INF exam. For the multiple-choice written component, this means answering at least 40 of the 60 questions correctly. The same 66% threshold applies to the written scenario and the practical assessment. All three thresholds must be met simultaneously to pass overall.
Do I need CRT certification before taking the CCT INF?+
No — the CCT INF has no formal prerequisites. Any candidate can register and sit the exam. However, the exam is calibrated to the knowledge and experience level of someone with approximately 5 to 6 years of hands-on infrastructure penetration testing. In practice, the vast majority of successful CCT INF candidates hold CRT certification, as the CRT syllabus provides the practical baseline that the CCT INF exam builds upon significantly.
Are these CCT INF practice tests free?+
Yes. All CREST CCT INF practice tests on Security Practice Test are completely free with no sign-up or account required. Select any mixed set or domain-wise test above and start practicing immediately.
What new topics were added to the updated CCT INF syllabus?+
The revised CCT INF syllabus added several significant new areas: cloud security (with six new skills covering AWS, Azure, and GCP), containerisation (Docker and Kubernetes), macOS security assessment, Windows desktop lockdown, social engineering, hardware security, network intrusion protection bypass, Unix exploitation, and NoSQL injection. The law and compliance section was also expanded to include global and regional regulatory requirements. Candidates using older study guides may have substantial gaps in these areas.
What career level is the CREST CCT INF designed for?+
The CCT INF is calibrated to approximately 5 to 6 years of hands-on infrastructure penetration testing experience. It is designed for senior practitioners who lead engagements, scope and manage complex tests, and communicate findings at both technical and executive levels. CCT INF holders qualify for NCSC CHECK Team Leader status (subject to NCSC approval), enabling them to lead UK government penetration testing engagements — a role not available to CRT-level practitioners.
How long should I prepare for the CREST CCT INF?+
Preparation time varies significantly based on existing experience. Professionals with 5 or more years of active infrastructure penetration testing experience typically need 2 to 3 months of focused preparation covering all three exam components. Those with less hands-on experience or gaps in newer areas (cloud, containerisation, macOS) may require 4 to 6 months. The written scenario component is often underestimated — structured report writing under exam conditions requires dedicated practice beyond pure technical study.
How does the CCT INF differ from the CREST CRT?+
The CRT is an intermediate-level practical exam assessing hands-on pentest skills at a level indicative of 3 years of experience. It consists of two scored stages (Infrastructure and Web Application) with a 60% pass threshold. The CCT INF is an advanced-level exam with three components (written MCQ, written scenario, and practical), a higher 66% threshold across all components, a substantially broader and deeper syllabus including cloud, containers, and macOS, and a higher experience baseline. CCT INF holders qualify for CHECK Team Leader status; CRT holders qualify for CHECK Team Member status.

Ready to Test Your CREST CCT INF Knowledge?

Start with a mixed set to assess your readiness across all syllabus areas, then use domain-wise tests to build depth in the most technically demanding sections.

Start CREST CCT INF Practice Test 1 →

Authors

  • Security Practice Test Editorial Team
    : Author

    Security Practice Test Editorial Team is the expert content team at SecurityPracticeTest.com dedicated to producing authoritative cybersecurity certification exam-prep resources. We create comprehensive practice tests, study materials, and exam-focused content for top security certifications including CompTIA Security+, SecurityX, PenTest+, CISSP, CCSP, SSCP, Certified in Cybersecurity (CC), CGRC, CISM, SC-900, SC-200, AZ-500, AWS Certified Security - Specialty, Professional Cloud Security Engineer, OSCP+, GIAC certifications, CREST certifications, Check Point, Cisco, Fortinet, and Palo Alto Networks exams. Our content is developed through careful review of official exam objectives, cybersecurity knowledge domains, and practical job-relevant concepts to help learners build confidence, strengthen understanding, and prepare effectively for certification success.
  • Sudhanshu Thakur - Reviewer
    : Reviewer

    Enterprise Technology and Digital Transformation Professional with 18+ years of experience in enterprise software, SaaS, industrial automation, and business consulting. Formerly associated with Rockwell Automation, Tech Mahindra, Emerson, ABB, L&T Infotech, and Hewlett Packard Enterprise.