Open in app

Sign in

Write

Sign in

CREST CPSA Exam Preparation Tips

Usama Azad
2 min readSep 20, 2021

Hi Everyone,

This post is about CREST CPSA (CREST Practitioner Security Analyst), I passed the exam at the beginning of this year. I was already OSCP certified, so I got CREST CRT - OSCP equivalency. I got busy after passing the exam and forgot to create a post. I get messages from my fellow InfoSec enthusiasts on LinkedIn asking for information & tips about the exam. When I was preparing, there wasn’t much material available out on the internet about this certification, so I hope this post will help people who are planning to take this exam.

Remember, its a theoretical exam so you’d need to read/memorize a lot of stuff including port numbers, acronyms, service versions and all other stuff, which you might not like but its a key to pass this certification.

Below I’ll share some FAQs and some preparation tips that can help you pass this exam.

The exam has a set of total 120 Multiple Choice Questions to be answered in 2 hours of time, and above 60% score is required to pass this certification.

Cost: as written on their website, one exam attempt costs around 275 UK Pounds + VAT. Depending upon your country, it might cost you 400–450 USD in total. Plus if you want CRT-OSCP equivalency, that will cost you around 100 Pounds extra.

Preparation:

The reading material given on CREST website is overwhelming. I’d recommend only skimming through RTFM and Nmap Guide if you are short on time. “Network Security Assessment” by O’Reilly is a good read though but it is very lengthy and won’t help you a lot in the exam.

I recommend memorizing flashcards for CPSA at https://quizlet.com/subject/cpsa/ , here’s a list of some key topics you need to focus on

  • Common Ports numbers (e.g, PostgreSQL default port, POP3s default port number etc)
  • Acronyms for common services/protocols (e.g, AES stands for what, IMAP stands for what etc.)
  • Basic Knowledge of Crypto/Ciphers/Hashes (e.g, ECB, CBC, CFB, Key size for DES, How much rounds are required for 192-bit AES key?, You’ll be given a hash and could be asked what type of hash is it? Salted SHA1, MD5 or some other)
  • IIS versions and their corresponding Windows OS versions https://serverfault.com/questions/10518/how-can-i-tell-what-version-of-iis-is-installed
  • Linux file permission bits vs umask bits (Remember, there’s a difference between these two)
  • R Services (rwho, rsh etc.)
  • VoIP Protocols (STP, RTP etc.)
  • Basic Knowledge of VPN Protocols (PPTP, IPSEC, IKE etc.)
  • Information about routing protocols (BGP, RIP etc.)
  • Common Network Services (SMB, Netbios, RPC, NFS, null sessions etc.)
  • Basic (Old) Network Attacks (TEARDROP, SMURF, MAC Flooding etc.)
  • Common Nmap flags and how do they work.
  • DNS related terms and commands
  • Basic Knowledge of MSSQL

There’s still a lot to learn but understanding/memorizing above mentioned topics will help you a lot. Before taking the exam, you can test your knowledge on this mock exam on Udemy https://www.udemy.com/course/crest-practitioner-security-analyst-cpsa-practice-tests/ .

So that is all, If you have any questions or suggestions, feel free to drop a comment below. Good luck!

Crest
Cpsa
Penetration Testing
Cyber Security
Security Analysis

--

--

Usama Azad

Written by Usama Azad

64 Followers

Ethical Hacker | Penetration Tester https://twitter.com/UsamaAzad14

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams