The CREST Certified Infrastructure Tester examination is a rigorous assessment of the candidate’s ability to assess a network for flaws and vulnerability at the network and operating system layer. This learning objectives and course details include:
- Public domain information sources
- Windows operating systems
- Unix operating systems
- Voice networking
- Wireless networking.
It is a penetrating test (also known as a pen test or pentesting) or vulnerability assessment of computer systems, network devices or IP address ranges to identify vulnerabilities that could be exploited. Testing should be conducted from outside the organisations and from inside the organisation.
Along with mitigation recommendations, the vulnerabilities identified are reported back to the system owner.
Infrastructure testing can also be used to test compliance of an organisation’s with security policies and how effectively it can respond to any security threats.
Benefits of doing this Course:-
CREST certification is widely regarded within the information security testing profession, with an examination and career path to suit your development and aspirations for promotion.
CREST certification lets us join a recognised community of testers, with opportunities to further our career through networking and information sharing.
The CREST Tester examination is the first in the CREST certification hierarchy followed by the CREST certified Infrastructure Tester and Application Certified Tester examinations, which set the benchmark for senior testers.
An infrastructure penetrating test or vulnerabilities assessment can provide assurance that the systems and security controls tested have been configured in accordance with best security practice and that there are not anyone common or publicly known vulnerabilities assessment in the target system at the time of the testing. If vulnerabilities are found during testing these can be rectified before an attack or security breach occurs.
Testing will enable us to:
- Manage vulnerabilities
- Avoid extra cost and reputation damage from a security breach
- Provide evidence of compliance with regulatory and certification standards
- Provide assurance to customers and suppliers that their data is secure.
Types of Infrastructure Testing:-
- External penetrating testing and vulnerability assessments: – This is typically remotely conducted and assesses our external security services exposed to the internet.
- Internal penetrating testing or vulnerability assessments: – This is conducted by plugging into our internal network and assessing the internal devices or network IP ranges for vulnerabilities.
Examination Format: –
The candidate will be expected to possess not only the technical ability in examination to find security weaknesses and vulnerabilities, but also the skills to ensure findings are presented in a clear, concise and understandable manner.
The examination consists of three levels:
- A multiple – choice written examination
- A hands – on practical examination ( in two parts)
To pass the exam, the candidate must pass all sections. The written element of the examination is taken at Pearson Vue test centres; the practical element is taken at a CREST examination centre. Candidates must hold their valid pass in the written element of this examination in order to sit in the practical element.