Free Practice Tests

CREST Certification
Practice Tests

Free practice tests for CREST CPSA, CRT, CCT INF, CCT APP, CCSAM, and CCRTS. The complete CREST pathway from entry-level analyst through expert red team specialist — all in one place. No sign-up required.

6Exams Covered

74Practice Tests

1,480Free Questions

100%Free Forever

The CREST Certification Pathway

CREST certifications form a defined career ladder from practitioner entry point through advanced and expert credentials — each building directly on the one below it.

CPSA

CREST CPSA Practice Test

Practitioner Security Analyst — entry-level written exam covering 10 syllabus areas: core technical skills, networking, Windows, Unix, web technologies, and databases. The mandatory prerequisite for CRT. 5 mixed-set + 10 domain-wise tests. Each test: 20 Qs, ~20 min.

15 Tests · 300 Qs · Pass 60% · 120 Qs · 2 hrsStart Test →

CRT

CREST CRT Practice Test

Registered Penetration Tester — practical exam with Infrastructure and Web Application stages. NCSC CHECK Team Member status. CPSA required. 5 mixed-set + 6 domain-wise tests covering all CRT assessment areas. Each test: 20 Qs, ~25 min.

11 Tests · 220 Qs · Pass 60% per stage · 2.5 hrsStart Test →

CCT INF

CREST CCT INF Practice Test

Certified Tester Infrastructure — advanced 3-component exam (written MCQ, written scenario, practical) for senior infrastructure pentesters with ~5–6 years experience. NCSC CHECK Team Leader status. 5 mixed-set + 5 domain-wise tests. Each test: 20 Qs, ~20 min.

10 Tests · 200 Qs · Pass 66% per componentStart Test →

CCT APP

CREST CCT APP Practice Test

Certified Tester Application — advanced 3-component exam for expert web application security testers with ~5–6 years experience. Covers APIs, cloud-hosted apps, containerisation, and mobile. NCSC CHECK Team Leader status. 5 mixed-set + 5 domain-wise tests. Each test: 20 Qs, ~20 min.

10 Tests · 200 Qs · Pass 66% per componentStart Test →

CCSAM

CREST CCSAM Practice Test

Certified Simulated Attack Manager — purely written expert exam (SAM 1 + SAM 2) for professionals who lead red team engagements. Covers all management and technical dimensions of simulated attacks. 5 mixed-set + 10 domain-wise tests. Each test: 20 Qs, ~30 min.

15 Tests · 300 Qs · Pass 70% per partStart Test →

CCRTS

CREST CCRTS Practice Test

Certified Red Team Specialist (formerly CCSAS) — 3-component exam including a Red Team Assault Course practical. Required for CBEST and TIBER-EU regulated red team engagements. Syllabus v2.1 (November 2024). 5 mixed-set + 8 domain-wise tests. Each test: 20 Qs, ~20 min.

13 Tests · 260 Qs · Pass 66% per componentStart Test →

CREST Certifications Compared

The CREST pathway runs from entry-level written exam to expert multi-component assessments. Each level has distinct requirements, formats, and career outcomes.

Cert	Level	Format	Pass Score	Prerequisites	CHECK Status	Validity
CPSA	Entry	120 MCQ, 2 hrs, closed-book	60% (72/120)	None	None (gateway to CRT)	3 years
CRT	Intermediate	Practical: Infra + Web App, 2.5 hrs	60% each stage	CPSA required	Team Member	3 years
CCT INF	Advanced	MCQ + Scenario + Practical, 3 components	66% each component	None (CRT recommended)	Team Leader	3 years
CCT APP	Advanced	MCQ + Scenario + Practical, 3 components	66% each component	None (CRT recommended)	Team Leader	3 years
CCSAM	Expert	SAM 1 + SAM 2, written only	70% each part	None (senior experience expected)	N/A (management)	3 years
CCRTS	Expert	MCQ + Scenario + Red Team Assault Course	66% each component	None (CCT INF recommended)	CBEST/TIBER-EU	3 years

About CREST Certifications

CREST is the international accreditation and certification body for the cybersecurity industry, with a particular focus on penetration testing and red teaming.

What is CREST?

CREST (Council of Registered Ethical Security Testers) is a not-for-profit international accreditation body that certifies individuals and organisations in penetration testing, red teaming, threat intelligence, and security operations. CREST certifications are recognized by the UK National Cyber Security Centre (NCSC) and are required for government CHECK scheme penetration testing engagements in the UK.

CREST credentials are widely recognized across the UK, Australia, Southeast Asia, Middle East, and internationally. The CCRTS is specifically required for regulated red team engagements under the Bank of England's CBEST framework and the ECB's TIBER-EU programme.

Which CREST Certification Should You Pursue?

Start with CPSA if you are entering penetration testing and need the gateway credential to CRT. 6–12 months of technical IT experience recommended.

Take CRT after CPSA to earn hands-on practitioner status and NCSC CHECK Team Member recognition. Requires ~3 years of experience in practice.

Pursue CCT INF or CCT APP to reach senior level. CCT INF is for infrastructure specialists; CCT APP for web application experts. Both require ~5–6 years of experience and confer CHECK Team Leader status.

Target CCSAM if you lead red team engagements and need to demonstrate management-level expertise across the full simulated attack lifecycle.

Target CCRTS if you are a red team specialist delivering adversary simulation engagements, particularly in regulated financial sector environments under CBEST or TIBER-EU.

Frequently Asked Questions

Common questions about CREST certifications and these free practice tests.

What is NCSC CHECK and which CREST certifications qualify?

The NCSC CHECK scheme is a UK government-recognised framework that mandates specific certification requirements for penetration testing on government and public sector systems. CRT holders qualify as CHECK Team Members, authorised to participate in CHECK engagements. CCT INF and CCT APP holders qualify as CHECK Team Leaders, authorised to lead CHECK engagements. The CCRTS is required for CBEST intelligence-led red team engagements on UK financial market infrastructure and TIBER-EU engagements on European financial institutions.

Is CPSA required before taking CRT?

Yes. A valid CREST CPSA is a mandatory prerequisite for booking the CRT exam — there are no exceptions for the standard exam route. Candidates who hold a valid OSCP (within 3 years) plus a valid CPSA may apply for CRT via CREST's equivalency programme, though this route is not accepted for NCSC CHECK purposes. All other CREST certifications — CCT INF, CCT APP, CCSAM, and CCRTS — have no formal prerequisites.

How many free practice tests are available for each CREST exam?

CPSA: 15 tests (300 questions). CRT: 11 tests (220 questions). CCT INF: 10 tests (200 questions). CCT APP: 10 tests (200 questions). CCSAM: 15 tests (300 questions). CCRTS: 13 tests (260 questions). All 74 tests are completely free — no account or sign-up required.

What is the difference between CCRTS and CCSAM?

The CCRTS (Certified Red Team Specialist) and CCSAM (Certified Simulated Attack Manager) are companion credentials in CREST's red team pathway. The CCRTS is a technical practitioner exam — it includes a Red Team Assault Course practical component and validates hands-on ability to execute adversary simulation engagements. The CCSAM is a management-focused exam — it is purely written (no practical) and validates the ability to plan, manage, and lead those engagements from a governance and operational oversight perspective. Many senior red team professionals pursue both credentials.

Start Practicing for Free — Right Now

No account. No payment. Pick your CREST exam and begin immediately.

CPSA → CRT → CCT INF → CCT APP → CCSAM → CCRTS →

Authors

Security Practice Test Editorial Team: Author

Security Practice Test Editorial Team is the expert content team at SecurityPracticeTest.com dedicated to producing authoritative cybersecurity certification exam-prep resources. We create comprehensive practice tests, study materials, and exam-focused content for top security certifications including CompTIA Security+, SecurityX, PenTest+, CISSP, CCSP, SSCP, Certified in Cybersecurity (CC), CGRC, CISM, SC-900, SC-200, AZ-500, AWS Certified Security - Specialty, Professional Cloud Security Engineer, OSCP+, GIAC certifications, CREST certifications, Check Point, Cisco, Fortinet, and Palo Alto Networks exams. Our content is developed through careful review of official exam objectives, cybersecurity knowledge domains, and practical job-relevant concepts to help learners build confidence, strengthen understanding, and prepare effectively for certification success.

Sudhanshu Thakur: Reviewer

Enterprise Technology and Digital Transformation Professional with 18+ years of experience in enterprise software, SaaS, industrial automation, and business consulting. Formerly associated with Rockwell Automation, Tech Mahindra, Emerson, ABB, L&T Infotech, and Hewlett Packard Enterprise.

CREST CertificationPractice Tests