Compared to the OSCP or even the CISSP exam, there seems to be very little information online about CREST examinations. Hence, the reason why I want to share my thoughts on the CREST CPSA exam. That said, all candidates had to agree to an NDA, I will try to provide as much information as possible without breaching the NDA.
I took the exam recently and passed it on my first attempt. I took it under the new format, 120 MCQ questions in 2 hours, no reference materials allowed. I would say that 2 hours is enough time, as the questions are generally straightforward. If you don't know the answer, however much time is unlikely to help. I completed the questions in about 1 hour, flagging out questions which I was unsure about. I then spent about 30 minutes going through flagged questions and checking for careless mistakes. I ended the test early and immediately received a printout with my score. You will need 60% or 72 questions correct to pass. I passed with a rather comfortable score.
I obviously can't share the exam questions. What I can share is that the example question below provided freely by CREST themselves in the Notes for Candidates is representative of the questions in the exam. As you can see, you either know the answer or you don't, no extra amount of time is likely to help in figuring out the answer.
1 2 3 4 5 6 7 8
Which of the following is NOT a valid DNS record type? A. SOA – Start of Authority B. NWS – News Server C. CNAME – Canonical Name D. MX – Mail eXchange E. PTR - Domain Name Pointer The correct answer is (B).
2. Exam Centre
The test was conducted at a Pearson Vue exam centre using a computer based testing software. I took my CISSP in near exact same conditions. There will be other test takers taking different exams starting and ending at different times in the same exam room. That said, the exam room was very quiet and I was not interrupted at all. For both exams, I was also given a laminated sheet of paper and a marker to take any notes required.
One thing to note is that the moment you enter the examination centre, you will be asked to register and put away your belongings. It will take a few minutes to get the workstation ready and the exam will commence. Hence, if you arrive early and want to do some last minute revision, do not enter the exam centre. Do your revision outside.
Due to the wide breadth of knowledge tested, I do believe some amount of preparation is necessary. For preparation, I relied a lot on the syllables document provided by CREST. I found that the recommended reading materials were not that useful and mainly relied on googling the topics that I was unfamiliar with. I would say that the syllables document is very accurate and everything that was tested in the exam was indeed covered in the syllables document. If you go through the document religiously item by item and read up anything you are unfamiliar with, it should be sufficient to pass.
The challenge is knowing how deep to go. After all, you do not want to spent hours reading up on the intricacies of some obscure protocol. My advice is that CPSA is an entry level certification, the example question above is representative of the difficulty of the questions in the exam.