CREST Certification

CREST CRT Practice Test

Q: How long should I prepare for the CREST CRT?

Candidates already working in penetration testing roles typically need 4 to 8 weeks of focused lab practice. Those coming from a knowledge-only background may need 3 to 4 months of intensive hands-on preparation. Building a home lab with vulnerable virtual machines and practicing complete pentest workflows is essential.

Prepare for the CREST Registered Penetration Tester exam with free practice tests covering the full CRT syllabus. Each test has 20 questions built around the practical skills and knowledge assessed in both the Infrastructure and Web Application stages of the real CRT exam.

11Practice Tests

220Total Questions

6Domains Covered

100%Free Forever

Mixed Set — CREST CRT Practice Tests

Questions distributed across all CRT practical assessment areas — Networks, Desktop Lockdown, Vulnerability Assessment, Simple Exploitation, Routing Manipulation, and Web Application testing. Each test mirrors the technical knowledge and methodology expected in the real CREST CRT exam.

CREST CRT Practice Test 1

20 Qs · ~25 min

Start Test →

CREST CRT Practice Test 2

20 Qs · ~25 min

Start Test →

CREST CRT Practice Test 3

20 Qs · ~25 min

Start Test →

CREST CRT Practice Test 4

20 Qs · ~25 min

Start Test →

CREST CRT Practice Test 5

20 Qs · ~25 min

Start Test →

Domain Wise — CREST CRT Mock Tests

Target each practical assessment area of the CRT exam with focused domain tests. The CRT is divided into an Infrastructure stage and a Web Application stage — use these mock tests to build depth in the specific areas the exam will assess hands-on.

Desktop Lockdown

Breaking out of locked-down Windows desktop and Citrix environments, identifying misconfigurations, escalating privileges, and exploiting restricted desktop controls

Infrastructure Stage Start Test →

Networks

Host and service discovery on IP networks, DNS enumeration, service interaction, network fingerprinting, and identifying network topology and architecture security issues

Infrastructure Stage Start Test →

Routing Manipulation

Assessing routers and switches for routing protocol weaknesses, ARP and VLAN attacks, traffic interception techniques, and exploiting network device misconfigurations

Infrastructure Stage Start Test →

Simple Exploitation

Exploiting known vulnerabilities in common infrastructure targets, using Nessus and Metasploit, credential attacks, password cracking, and post-exploitation techniques

Infrastructure Stage Start Test →

Vulnerability Assessment

Running and interpreting vulnerability scanner output, identifying exploitable findings, prioritizing risks, and differentiating true positives from false positives in scan results

Infrastructure Stage Start Test →

Web Application

Web app reconnaissance, authentication bypass, input validation, XSS, SQL injection, CSRF, session attacks, file upload vulnerabilities, directory traversal, and web logic flaws

Web Application Stage Start Test →

About the CREST CRT Certification Exam

Everything you need to know about the CREST Registered Penetration Tester exam — what it tests, who it's designed for, and why it matters for your penetration testing career.

What Is the CREST CRT?

The CREST Registered Penetration Tester (CRT) is an intermediate-level practical certification from CREST (Council of Registered Ethical Security Testers) that validates a candidate's hands-on ability to conduct real-world penetration testing engagements. Unlike the theory-based CPSA, the CRT is a fully practical exam — candidates work against a live network environment using professional tools to identify, exploit, and document vulnerabilities across infrastructure and web applications.

The CRT is formally recognized by the UK National Cyber Security Centre (NCSC) for its CHECK scheme, meaning CRT holders meet the minimum standard required to serve as a CHECK Team Member on UK government penetration testing engagements. It is widely considered the benchmark entry point for professional pentesters in the UK, Australia, the Middle East, and Southeast Asia. CRT-certified professionals are positioned for roles such as Penetration Tester, Security Consultant, and Vulnerability Analyst, with typical salaries ranging from £45,000 to £75,000 in the UK and comparable rates internationally. The certification is valid for 3 years and serves as a prerequisite for advanced CREST credentials including the CCT Infrastructure and CCT Web Application certifications.

Exam Format (2026)

Testing method: Practical assessment delivered at Pearson VUE test centres. Candidates work on a provided Kali Linux virtual machine — personal laptops and devices are not permitted.

Duration: 2.5 hours plus 15 minutes of reading time before the exam begins.

Question types: Mix of flags (retrieved values from target systems), short-form answers, and multiple-choice questions. Copy and paste from Kali into the answer sheet is disabled — answers must be typed manually.

Scoring: 160 total marks split across two stages — Infrastructure (100 marks) and Web Application (60 marks). Candidates must achieve at least 60% in each stage independently to pass.

Tools available: Burp Suite Professional and Nessus Professional are fully licensed within the Pearson VUE exam environment.

Exam fee: Approximately £275 + VAT (around $400–$450 USD) via Pearson VUE.

Eligibility Requirements

Prerequisite: A valid CREST Practitioner Security Analyst (CPSA) certification is mandatory before booking the CRT exam. There are no exceptions to this requirement for the standard exam route.

Equivalency route: Candidates holding a valid OSCP (within the last 3 years) plus a valid CPSA may apply for CRT by equivalency without sitting the practical exam. Note: this route is not accepted for NCSC CHECK Team Member or UK Cyber Security Council purposes — the full exam must be sat for those pathways.

Recommended experience: CREST positions CRT as indicative of approximately 3 years of hands-on penetration testing experience. Candidates should have practical familiarity with Kali Linux, Burp Suite, Nessus, and common pentest workflows.

Retake policy: Unsuccessful candidates must wait a minimum of 8 weeks before retaking the CRT exam.

Certification validity: 3 years from the date of passing.

CREST CRT Exam Stages — Assessment Coverage

The CRT practical exam is divided into two scored stages. You must achieve at least 60% in each stage independently — a strong web application performance cannot compensate for a weak infrastructure score, or vice versa.

Stage	Assessment Area	Marks
Infrastructure	Networks — Host/service discovery, enumeration, DNS analysis	~20 pts
Infrastructure	Routing Manipulation — Routers, switches, ARP/VLAN attacks	~20 pts
Infrastructure	Vulnerability Assessment — Scanner use, output interpretation	~20 pts
Infrastructure	Simple Exploitation — Known CVEs, credential attacks, post-exploitation	~20 pts
Infrastructure	Desktop Lockdown — Locked Windows/Citrix breakout, privilege escalation	~20 pts
Web Application	Web Application — Recon, auth, injection, sessions, logic flaws, Burp Suite	60 pts

How Our Practice Tests Are Designed

Knowledge-first approach to a practical exam — The CRT is a hands-on exam, but passing it requires deep conceptual knowledge of what tools do, how exploits work, and why vulnerabilities exist. Our practice tests target this foundational knowledge layer — the understanding that makes the difference between running a scan and actually interpreting its output under exam conditions.

Coverage mapped to both exam stages — Mixed practice tests draw questions proportionally from both the Infrastructure stage areas (Networks, Routing Manipulation, Vulnerability Assessment, Simple Exploitation, Desktop Lockdown) and the Web Application stage. This reflects the CRT's 100/60 mark split, giving infrastructure topics slightly more representation across the test set.

Proportional timer — The real CRT exam provides 2.5 hours (150 minutes) plus 15 minutes of reading time for a 160-mark practical. Our 20-question practice tests run at 25 minutes — calibrated to develop the methodical, time-aware mindset essential in the actual exam environment.

Targeted domain tests for weak spots — Use the individual domain tests to identify and strengthen specific areas. Routing Manipulation and Networks are newer additions to the CRT syllabus flagged by CREST itself — domain-wise tests let you give these areas dedicated attention before exam day.

CREST CRT Exam Preparation Tips

Study Strategy

Build a lab environment: The CRT is practical — reading alone is not enough. Set up local virtual machines with vulnerable targets (Metasploitable, DVWA, Windows Server VMs) and practice running full pentest workflows. Simulate a no-internet, no-copy-paste environment as early as possible.

Master your tools thoroughly: Burp Suite Professional and Nessus Professional are provided in the exam environment and are central to passing. Practice their core workflows — Burp's interceptor, Repeater, Intruder, and Decoder; Nessus scan configuration and output analysis — until they are second nature.

Study both stages equally: Many candidates over-prepare for web application testing and underestimate infrastructure. Both stages have independent 60% pass thresholds. Neglecting Routing Manipulation or Vulnerability Assessment can cause a fail even with a strong web application performance.

Test-Taking Strategy

Use the reading time wisely: The 15 minutes of reading time before the exam clock starts is valuable. Scan the full task list, identify quick wins, and plan your sequencing before touching the keyboard. Starting with high-confidence sections builds a mark buffer early.

Score per minute — not perfection: If you stall on a task, set a mental 5-minute limit and move on. Returning with fresh eyes is more productive than sinking time into a single blocked step. Partial marks across more tasks often outperform full marks on a smaller number.

Type carefully, capture evidence early: Copy and paste from Kali to the answer sheet is disabled in the CRT exam. Transcribe flags and short answers slowly and accurately — a typo on a correct flag scores zero. When you find a vulnerability or gain access, capture your evidence immediately rather than relying on memory.

Frequently Asked Questions

What type of exam is the CREST CRT?+

The CREST CRT is a practical, hands-on assessment — not a multiple-choice written exam. Candidates work against a live network environment on a provided Kali Linux virtual machine at a Pearson VUE test centre. The exam consists of flags (values retrieved from target systems), short-form answers, and some multiple-choice elements. Personal laptops and external tools are not permitted. Burp Suite Professional and Nessus Professional are fully licensed and available within the exam environment.

What is the passing score for the CREST CRT exam?+

The CRT has 160 total marks split across two stages: Infrastructure (100 marks) and Web Application (60 marks). Candidates must achieve at least 60% in each stage independently to pass — meaning at least 60 marks from Infrastructure and at least 36 marks from Web Application. A strong performance in one stage cannot compensate for failing the other. Unsuccessful candidates are only told their scores for stages where they did not meet the 60% threshold.

Do I need CPSA before I can take the CRT exam?+

Yes. A valid CREST Practitioner Security Analyst (CPSA) certification is a mandatory prerequisite for booking and sitting the CRT exam. There is no way to bypass this requirement for the standard exam route. Candidates who already hold a valid OSCP (within 3 years) plus a valid CPSA may apply for CRT certification via CREST's equivalency programme, though this route is not accepted for NCSC CHECK Team Member or UK Cyber Security Council professional title purposes.

Are these CRT practice tests free?+

Yes. All CREST CRT practice tests on Security Practice Test are completely free with no sign-up or account required. Choose any mixed set or domain-wise test above and start practicing immediately.

How long is the CREST CRT exam?+

The CRT exam runs for 2.5 hours (150 minutes) of active exam time, plus an additional 15 minutes of reading time provided before the clock starts. The reading period should be used to scan all tasks, identify quick wins, and plan your approach before beginning any hands-on work.

How long should I prepare for the CREST CRT?+

Preparation time varies significantly based on hands-on experience. Candidates already working in penetration testing roles with 2 to 3 years of experience typically need 4 to 8 weeks of focused lab practice. Those transitioning from a knowledge-only background or coming straight from CPSA may need 3 to 4 months of intensive hands-on preparation. Building a home lab with vulnerable virtual machines and practicing complete pentest workflows from enumeration through to exploitation and reporting is essential.

How soon can I retake the CRT if I fail?+

Unsuccessful candidates must wait at least 8 weeks before retaking the CRT exam. This is significantly longer than the CPSA's 7-day wait and reflects the practical, hands-on nature of the assessment. CREST provides score feedback only for the stages where the 60% threshold was not met, helping candidates focus their retake preparation on specific weak areas.

What career opportunities does the CREST CRT open?+

The CRT qualifies professionals for NCSC CHECK Team Member status, enabling them to conduct penetration testing on UK government and public sector systems. It is also a recognized credential for private sector roles at security consultancies, financial institutions, and technology firms. Career paths for CRT holders include Penetration Tester, Security Consultant, and Vulnerability Analyst. The CRT is the prerequisite for advanced CREST certifications including the CREST Certified Tester — Infrastructure (CCT INF) and CREST Certified Tester — Web Application (CCT APP).

Ready to Test Your CREST CRT Knowledge?

Start with a mixed set to assess your coverage across all practical exam areas, then use domain tests to sharpen the specific stages where you need the most work.

Start CREST CRT Practice Test 1 →

Authors

Security Practice Test Editorial Team: Author

Security Practice Test Editorial Team is the expert content team at SecurityPracticeTest.com dedicated to producing authoritative cybersecurity certification exam-prep resources. We create comprehensive practice tests, study materials, and exam-focused content for top security certifications including CompTIA Security+, SecurityX, PenTest+, CISSP, CCSP, SSCP, Certified in Cybersecurity (CC), CGRC, CISM, SC-900, SC-200, AZ-500, AWS Certified Security - Specialty, Professional Cloud Security Engineer, OSCP+, GIAC certifications, CREST certifications, Check Point, Cisco, Fortinet, and Palo Alto Networks exams. Our content is developed through careful review of official exam objectives, cybersecurity knowledge domains, and practical job-relevant concepts to help learners build confidence, strengthen understanding, and prepare effectively for certification success.

Sudhanshu Thakur: Reviewer

Enterprise Technology and Digital Transformation Professional with 18+ years of experience in enterprise software, SaaS, industrial automation, and business consulting. Formerly associated with Rockwell Automation, Tech Mahindra, Emerson, ABB, L&T Infotech, and Hewlett Packard Enterprise.