CREST Certified Infrastructure Tester (CCT INF) Exam Details Required

Heavens_KingHeavens_King Registered Users Posts: 3 ■□□□□□□□□□
Hi All,

Very new to the forum and talking about myself I'm passionate about penetration testing and my work revolves around the same.

I'm currently preparing for CREST Certified Infrastructure Tester (CCT INF) certification but unclear about a lot of things which I could not find on internet as such. Can anyone please put some light on how are the exams and how to go about it, how to prepare and what to prepare and where to prepare from with few of my following questions.
1. What kind of questions are asked in written and practical exam, please give few examples of both.
2. What level of detail they expect in written and practical exam, if you could explain with a example.
3. I understand written has multiple choice and few long form questions, but what kind of questions are in practical and how do they judge that if you have actually cleared the task set in practical exam, if you could please give an example for the same.
4. As compared to OSCP, how tough is the practical exam of CCT INF, do they also expect you to exploit systems and generate modified exploits, or is general level of finding the vulnerability and exploiting it with known Metasploit framework exploits or public exploits.
5. Any pre-preparations to be kept in mind before attending the exams?
6. What kind of tools should i install on the laptop before going into the practical exam, or would they provide their own tools to use for the same.
7. Do we have to create a report of some-kind like in OSCP post practical examination.

Any other inputs and quick responses are highly appreciated.

Thanks in advance.

Comments

  • wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    Hello mate not sure you'll get any feedback from this forum as Crest is pretty much UK focussed and Australia and Singapore etc!

    I've not taken any crest exams but in regards to the practical tools etc i'd spin up some vm's as i believe they install stuff then wipe it so be prepared for that. Why are you not taking the CRT 1st and the CPSA Which is the written bit?
  • Heavens_KingHeavens_King Registered Users Posts: 3 ■□□□□□□□□□
    Thanks for the reply Wayne,

    CPSA + CRT is pretty basic for my level now I have almost 5 years of hands-on experince in VAPT and AppSec, I'm way past that stage. Currently working around OSCP and CCT INF. However, organisation requires CCT INF first and there is hardly any proper study material or guidance for the same. Thus, little confused about it and seeking answers.

    Hoping someone was able to provide more insights.

    Thanks
  • OctalDumpOctalDump Member Posts: 1,722
    Not sure if you've read up on their website, but it looks like you need CRT first. If you have the OSCP, then you can apply to be recognised for CRT without sitting their exam.

    CCT INF is a written exam, then if you pass, a practical. I think the written exams are now done at Pearson Vue test centres. The practical is open book, and a PC with internet access can be given, but you can't connect your test machines to the internet. It seems that you are required to take notes during the practical and create a report. More details here:

    https://www.crest-approved.org/wp-content/uploads/crest-notes-for-candidates-CCT-v1-8-release-1.pdf

    and the syllabus is here:

    https://www.crest-approved.org/wp-content/uploads/crest-cct-technical-syllabus-v2.1.pdf

    There's a list of suggest prep materials here

    https://www.crest-approved.org/uk/examinations/examination-preparation-material/index.html

    And a list of approved trainings

    https://www.crest-approved.org/uk/partners/crest-accredited-training-courses/index.html

    I would be contacting CREST directly for more information.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • Heavens_KingHeavens_King Registered Users Posts: 3 ■□□□□□□□□□
    Thanks for the reply OctalDump.

    I have been in contact with CREST, apparently only mandatory requirements are CPSA for CRT and CCT INF for CCSAS. Otherwise, there is not mandatory requirements for any course, neither professional experience. If you think you can clear it, then you can appear for the exams.

    Talking about details on the website, I have already gone through the same in detail. You have first give a written exam which has 120 multiple choice questions and 3 Long Form questions out of which 2 needs to be attempted which is of 15 marks each. Also, practical exam has no written element or report mechanism as they have already taken the written exam.

    I'm already aware about the details which are provided on the website. I'm awaiting any additional information or insights which a person who has cleared the exam can provide.

    Thanks for your time.
  • OctalDumpOctalDump Member Posts: 1,722
    Yeah, I almost didn't reply because I thought you probably had all this info already, but then I thought it might be useful to someone else searching in the future, or just out of curiosity.

    I got the CRT as required for CCT from CREST Australia, but it does look to be different in the UK as you say, and all that you need is the written and practical. CREST Australia isn't offering as many exams yet, and doesn't offer the CPSA, so this might be why they take a different approach.

    Good luck! And keep us updated with what you discover.
    2017 Goals - Something Cisco, Something Linux, Agile PM
Sign In or Register to comment.