CREST CPSA Practice Test
Prepare for the CREST Practitioner Security Analyst exam with free practice tests modeled after the real CPSA format. Each test has 20 questions with a proportional timer matching the actual exam pace of 1 minute per question.
Mixed Set — CREST CPSA Practice Tests
Questions distributed across all 10 CPSA syllabus domains according to the official CREST exam blueprint. Technical areas like Core Technical Skills, Web Testing, and Networking Equipment feature prominently — just like the real exam.
Domain Wise — CREST CPSA Mock Tests
Target individual CPSA syllabus areas with focused practice. Each mock test covers 20 questions from a single domain to help you master the specific knowledge areas assessed in the CREST Practitioner Security Analyst exam.
About the CREST CPSA Certification Exam
Everything you need to know about the CREST Practitioner Security Analyst exam — what it covers, who should take it, and what to expect on exam day.
What Is the CREST CPSA?
The CREST Practitioner Security Analyst (CPSA) is an entry-level certification offered by CREST (Council of Registered Ethical Security Testers), a globally recognized accreditation body for the cybersecurity industry. The CPSA validates a candidate's foundational knowledge in penetration testing, covering the assessment of operating systems, common network services, and web application vulnerabilities using industry-standard tools.
The CPSA serves as the mandatory gateway to the CREST Registered Tester (CRT) qualification — the benchmark for hands-on penetration testers working on UK government CHECK-scheme engagements. CPSA-certified professionals are recognized as having the knowledge to perform basic infrastructure and web application vulnerability scans and interpret the results to locate security weaknesses. The certification is valid for 3 years and is widely recognized across the UK, Australia, Southeast Asia, and the Middle East. Entry-level penetration testers and junior security analysts holding the CPSA can typically expect salaries ranging from £30,000 to £55,000 in the UK, with significant increases as they progress toward CRT and CCT-level credentials.
Exam Format (2026)
Testing method: Multiple-choice written exam delivered at Pearson VUE test centres worldwide.
Questions: 120 multiple-choice questions, all of which must be completed.
Duration: 2 hours (120 minutes). Total session time at Pearson VUE is 2.5 hours including admin time.
Question types: Single-answer multiple-choice questions testing factual knowledge, port numbers, acronyms, protocols, and scenario-based analysis.
Passing score: 60% — candidates must score at least 72 out of 120 marks. No marks are deducted for incorrect answers.
Exam fee: Approximately £275 + VAT (around $400–$450 USD) via Pearson VUE voucher from CREST.
Open/closed book: Closed book — no reference materials, internet, or electronic devices permitted.
Eligibility Requirements
Prerequisites: None. The CPSA has no formal prerequisite — any candidate can book and sit the exam.
Recommended experience: CREST recommends candidates have at least 6–12 months of experience in technical security, networking, or system administration before attempting the exam.
Background knowledge: A level of knowledge equivalent to CompTIA Security+ is considered a useful baseline. Strong understanding of networking (TCP/IP, ports, protocols) is particularly important.
Career pathway: CPSA is the required prerequisite for the CREST Registered Tester (CRT) exam. CRT in turn qualifies professionals for NCSC CHECK Team Member status in the UK.
Retake policy: Unsuccessful candidates may retake the exam after a minimum 7-day waiting period.
Certification validity: 3 years from the date of passing.
CREST CPSA Syllabus Areas — Exam Coverage
The CREST CPSA syllabus is organized into 10 technical areas. The exam does not publish fixed percentage weights, but core technical, web, and Windows/Unix assessment areas are known to carry significant question density based on candidate experience.
| Area | Topic | Coverage |
|---|---|---|
| Area A | Soft Skills and Assessment Management | Foundational |
| Area B | Core Technical Skills | High |
| Area C | Background Information Gathering and Open Source | Moderate |
| Area D | Networking Equipment | Moderate |
| Area E | Microsoft Windows Security Assessment | High |
| Area F | Unix Security Assessment | High |
| Area G | Web Technologies | Moderate |
| Area H | Web Testing Methodologies | Moderate |
| Area I | Web Testing Techniques | High |
| Area J | Databases | Moderate |
How Our Practice Tests Are Designed
Syllabus-aligned question style — CPSA questions test factual recall of protocols, port numbers, cryptographic standards, tool flags, and OS-specific knowledge. Our practice tests follow the same direct, knowledge-verification style used in the real CREST exam — no unnecessary complexity, but no shortcuts either.
Broad domain coverage in mixed sets — Mixed practice tests sample questions from all 10 CPSA syllabus areas. Areas with denser content coverage in the official syllabus — such as Core Technical Skills, Windows Assessment, Unix Assessment, and Web Testing Techniques — appear proportionally more often, matching the real exam's distribution.
Proportional timer — The real CPSA exam allows 2 hours for 120 questions, approximately 1 minute per question. Each 20-question practice test is timed at 20 minutes to match this exact pace and develop the time discipline needed on exam day.
Targeted domain tests — Use individual domain tests to drill specific areas. This is especially effective for high-memorization topics like port numbers, common acronyms, hash types, and IIS-to-Windows version mappings — which candidates consistently identify as key to passing the CPSA.
CREST CPSA Exam Preparation Tips
Study Strategy
Prioritize memorization: Unlike scenario-heavy exams, the CPSA rewards factual recall. Port numbers, protocol acronyms, cryptographic algorithm key sizes, and hash formats need to be memorized — not just understood conceptually.
Master the syllabus document: The official CREST CPSA Technical Syllabus PDF is your primary guide. Every question comes from within its listed skill areas. Read it thoroughly and use it to structure your study plan across all 10 areas.
Build a broad knowledge base: The CPSA tests breadth across Windows, Unix, networking, and web topics. You cannot afford to skip any area — even the softer topics in Area A on legal compliance and engagement management contribute to your final score.
Test-Taking Strategy
Manage your 1-minute pace: With 120 questions in 120 minutes, you have exactly 1 minute per question. Flag uncertain answers and revisit them — the exam interface allows flagging and review before final submission.
Eliminate and decide: CPSA questions are generally straightforward — either you know the answer or you don't. Use elimination to remove clearly wrong choices, then commit to your best answer rather than spending excessive time on a single question.
Focus on high-frequency topics: Candidates consistently report that port numbers, protocol acronyms, cryptographic standards, Windows authentication mechanisms (NTLM, LM hashes), and Linux file permissions appear frequently. Practice these until they become automatic.
Frequently Asked Questions
Ready to Test Your CREST CPSA Knowledge?
Start with a mixed set to identify gaps across all 10 domains, then sharpen specific areas with targeted domain-wise mock tests.
Start CREST CPSA Practice Test 1 →
