🌟CREST Practitioner Security Analyst (CPSA) Tips 2025 Edition🌟

You are probably here because you are planning to take the CPSA. You are also probably here because you are confused on what is the best way to do so as there is not a lot of information on this exam(. You might also be here (just like me) because your company needs you to get CREST Registered Tester (CRT) where CPSA is a prerequisite and thus you just want a quick and dirty guide to just pass this exam and get it out of your system.

Just putting it up front, I personally am not a fan of these kind of exams where it is more memory work and regurgitating factual information rather than testing practical skills. I would not have taken this if I am not being sponsored/required for projects.

Executive Summary

CPSA is a two hour closed book 120 MCQs exam to be taken at a Pearson Vue centre. The exam will test on the information in the provided syllabus. The passing mark is 60%. Getting the CPSA qualifies you to apply for the CRT Equivalency Programme if you passed OSCP/OSCP+ within the last three years.

People with cybersecurity experience or educational background could pass this exam with a week or two of cramming (more on this below). What worked for me was doing a lot of Quizlet flash cards, practice questions and occasionally referencing one of the suggested reference material Network Security Assessment by O’Reilly 3rd Edition.

Oh I passed my CPSA with 75% after three straight days of cramming (and doing my OSWE prep). So definitely doable. Just don’t expect to score high unless you have photographic memory.

Background and Motivation for CPSA

I am a mid-careerist with zero technical education or professional background who made the transition to cybersecurity in mid 2024. In late 2024, I obtained the TCM Security Practical Security Analyst Associate (PSAA – Blue Team Cert), SANS GIAC Certified Incident Handler (GCIH), and in 2025, I obtained OSCP and OSEP, HackTheBox’s Certified Defensive Security Analyst (CDSA), ZeroPointSecurity’s Certified Red Team Operator (CRTO) and SANS GIAC Cyber Threat Intelligence (GCTI). That is to say, I do have a fair amount of theoretical and practical knowledge coming into CPSA. This just means that there are areas of the exam where I really didn’t have to study for since I am familiar with them such as port numbers for things like FTP, IMAP, POP3 and Web Technology such as Apache.

Which brings me to why I took the CPSA exam. I am required to have CRT for some of my company’s projects. Since I passed my OSCP within the last three years, I could obtain the CRT through for the CRT equivalency Programme. However as a prerequisite for this programme, you need to pass the CPSA. More information on this programme here > https://www.crest-approved.org/skills-certifications-careers/certification-equivalency-recognition-programmes/

I bought the exam voucher on 15 December 2025 and scheduled my exam for 26 December since I have a bit of lull time during the holiday period. If your company is a CREST member, you can qualify for a 30% discount code so do check for that.

The Exam Format

You have 120 minutes to tackle 120 MCQs. This is a minute per question. This is more than enough time because in most cases, you either know the answer or you do not. I completed the exam in 30 minutes. There are some questions that might require you to maybe think for like 15 seconds but for the most part, the correct answer is obvious. There is no negative marking so feel free to eliminate wrong choices and take an educated guess.

Once you completed the exam, you allegedly should see the exam score displayed on your screen (I only got a black screen so maybe i glitched out or something). If not, the testing centre should be able to provide you a printout right after the exam with your score. CREST will also send you a digital email confirming your results within a few working days (got mine the next day).

CREST has provided four sample questions which I find to be representative of the type of questions you can expect.

Preparing for the Exam

• Go through the syllabus, and google the topics.
• For protocols wise, at least memorize the Port Number and what the acronyms stand for. You should know the following: FTP, SSH, telnet, SMTP, whois,DNS, finger,http, Kerberos,POP3,RPC, nntp, NetBIOS Name, Datagram and Session Services, IMAP,BGP, LDAP,HTTPS, Kpassword, SMTPS, the rlogin, rwho, ldaps, imaps, FTPS, SFTP, the common ports for MSSQL, MySQL, Oracle DB. Postgres, VNC, X11, Cisco Ports
• Better find out what are IPSec, the ports that are related and the features of it
• Understand the difference between Asymmetric and Symmetric Encryption and what are the algorithms for both. For each of the algorithm, memorize the key size and block size. Also understand which one is the weakest one
• Same as the above but for hashes. Know how to identify what hash type if given a hash
• Know the OSI model inside out. Understand which protocol is at which layer
• Do you know what are the differences between frames, packets, sockets and datagram?
• VOIP – SIP
• CISCO SNMP MIB
• Common Windows and Linux commands to get patch status, enumerate users, groups, local and domain
• Commands for enumerating RPC, SMB. Commands for DNS lookup, DNS Zone Transfers
• Windows Password Policies not just for Modern Windows but also ancient Windows like Win 2000, Win 2008 etc; The hash types stored in older version of Windows and their (insecure) traits

Do lots and lots of flashcards and practice questions. Link below.

Useful References and Links

1. CREST CPSA Page
2. CPSA Syllabus
3. Best Github – his notes are fantastic. IF you only have time for one resource, this is it
4. https://quizlet.com/897061886/cpsa-study-notes-flash-cards/
5. Very Useful Review with a Key Resource – Many thanks to the person who developed the Mock Test. Do it three times and if you get a high score, Im pretty confident you will pass the actual one.

All the best to you and I hope you get your CPSA!