CREST Practitioner Security Analyst (CPSA): A Complete Study Guide, Resources, Tips & How I Passed

At CybaVerse, we are proud of the dedication and continuous development shown by our testing team. Most recently, one of our Penetration Testers, Maxwell Adams, successfully passed the CREST Practitioner Security Analyst (CPSA) exam. As part of his journey, Maxwell documented the study approach, resources, and techniques that helped him prepare effectively. 

In the blog below, he shares his experience first-hand, offering practical insights and tips for anyone looking to take the CPSA themselves. Whether you're just starting out in penetration testing or strengthening your foundational knowledge, Maxwell’s guidance provides a clear, honest look at what to expect and how to prepare. 

What Is CPSA?  

The CREST Practitioner Security Analyst (CPSA) certification is an entry-level qualification designed to assess a candidate’s knowledge of operating system security and common network services. 

It covers a defined set of core technical skills and is broadly indicative of around two years’ industry experience. Passing the CPSA demonstrates foundational competency for hands-on penetration testing roles.

Exam Overview: What to Expect 

The CPSA assessment is delivered in person as a computer-based exam consisting of:

1. 120 multiple-choice questions 

1. 2-hour duration 

1. 60% pass mark (72/120) 

The exam is structured around ten core knowledge groups; each containing specific skills and focus areas: 

1. Soft Skills and Assessment Management 

1. Core Technical Skills 

1. Background Information Gathering and Open Source 

1. Networking Equipment 

1. Microsoft Windows Security Assessment 

1. Unix Security Assessment 

1. Web Technologies 

1. Web Testing Methodologies 

1. Web Testing Techniques 

1. Databases

Recommended Study Resources

When searching online, CPSA resources can feel somewhat limited. Below is a breakdown of the resources I personally used to prepare and ultimately pass. 

1. Official CREST CPSA Syllabus. 

• It is essential to know the syllabus inside out. Work through each point and manually research every section within the knowledge groups. Pay particular attention to services, port numbers, common misconfigurations, and known vulnerabilities. 

1. Quizlet CPSA Flashcards. 

• There are numerous flashcard sets available on Quizlet. These are excellent for quickly memorising services, acronyms, and port numbers. 

1. HackTheBox – CPSA/CRT Pathway. 

• Although this didn’t suit my learning style, it is a great starting point for beginners or those lacking practical exposure. 

1. Udemy – CPSA Mock Exams. 

• These mock tests help you become familiar with the exam format and question style. They are also useful for identifying weaker knowledge areas. I recommend reading reviews and choosing the options that best match your preferred learning approach.  

My Study Strategy (What Worked for Me)

Due to my academic background and professional experience, I already had a reasonable foundation. I started by revisiting the basics and testing myself to ensure my understanding was solid. 

I then went through the syllabus line-by-line, identifying any areas I was unfamiliar with. For each one, I carried out deeper research to fully understand the topic within its relevant knowledge group. 

To reinforce my learning, I created written notes and flashcards covering essential details such as service acronyms, port numbers, and known vulnerabilities. Reviewing these for a short period each evening significantly improved recall.

Finally, I completed Udemy mock exams to practise under timed conditions, which helped me feel more prepared for the pace of the real exam. 

Exam Day Tips

Exam day can naturally feel stressful, but keeping the following points in mind can help: 

1. Have a proper breakfast 

• This will help you stay focused and energised during the exam. 

1. Arrive early. 

• Plan your route in advance to reduce stress. Arriving with plenty of time ensures you begin the exam calm and prepared. 

1. Answer every question. 

• There is no penalty for incorrect answers, so ensure every question is answered. Use the flag feature to return to ones you're unsure about. 

1. Use elimination. 

• Where possible, rule out obviously incorrect options first. Reducing choices increases your likelihood of selecting the correct answer.  

1. Time management. 

• While you shouldn’t rush, be mindful of the clock. With roughly one minute per question, ensure you are progressing steadily. 

If things don’t go as planned and you don’t pass, you will receive a breakdown of marks by knowledge group. This is extremely helpful for identifying where to focus further study. 

After CPSA - What’s Next?  

Once you’ve passed CPSA, the natural next step is to work towards the CREST Registered Tester (CRT) certification. CRT assesses practical, hands-on penetration testing skills and is widely recognised within the industry as a benchmark for professional testers. 

Final Thoughts

CPSA is very achievable with structured preparation. However, not everyone passes the first time - and that’s absolutely fine. Speaking from experience, the important thing is to learn from your results and strengthen the areas that need improvement. 

If you focus on the fundamentals, understand real-world behaviour of systems and services, and practise analysing technical output, CPSA becomes far more manageable -  and a valuable stepping stone in your security career.