The Certified Cloud Penetration Tester (CCPT) Certification Guide (2024)
Key facts
- Average penetration tester salary: $112,700
- Estimated market growth: 24.59% compound annual growth rate (CAGR)
- Recommended experience: 1-3 years in cybersecurity
Start your journey to becoming a Certified Cloud Penetration Tester with Infosec.
CCPT exam overview
CCPT means "Certified Cloud Penetration Tester," and the CCPT exam focuses on five domains related to cloud pentesting, outlined below:
Domain 1: Cloud pentesting process and requirements
This first domain of the CCPT certification, cloud pentesting process and requirements, validates your knowledge in those two areas, along with concepts like multi-tenancy considerations attack surfaces and different methodologies. It also includes pentesting tools and setting up a cloud pentesting environment.
Domain 2: Reconnaissance in the cloud
Next, you'll be tested on your knowledge of gathering information, mimicking the reconnaissance of cyberattackers. From OSINT techniques to tools for obtaining host and IP information to finding exposed buckets, you'll learn how cybercriminals formulate their attack plans.
Domain 3: Attacking AWS
This domain focuses on your ability to penetrate AWS systems, including exploiting remote access protocols, security misconfiguration and other vulnerabilities. You'll be tested on topics like abusing EC2 metadata, stealing IAM credentials, attacking different types of endpoints and maintaining persistence.
Domain 4: Attacking Azure
This domain focuses on your knowledge of attacking Azure systems. You'll be assessed on topics such as attacking Azure Virtual Machines and Azure Blob Storage misconfigurations, subdomain takeover, gaining shell access and extracting data.
Domain 5: Reporting
The final CCPT exam domain is reporting, which includes cloud security frameworks and best practices, collecting and reporting evidence, and developing and communicating follow-up items.
CCPT exam details
The CCPT exam is relatively new among penetration testing certifications and was created in response to the demand for professionals to help organizations secure cloud infrastructure.
| CCPT created: | 2020 | CCPT exam cost: | $499 |
| Number of questions: |
50 |
Type of questions: | Multiple-choice |
| Length of test: | 60 minutes | Passing score: | 70% or above |
| Recommended experience: | Familiarity with cloud and penetration testing concepts and at least one year in an information security role | Validity duration: | Recommended to recertify every 3 years |
Additional CCPT exam resources
Prepare for your CCPT exam and build your cloud security skills with practice exams and other training resources.
CCPT practice questions and exams
Practice exams are a great way to test your knowledge and gauge if you're ready to pass the actual certification exam. The best way to prepare for the CCPT exam is through Infosec's CCPT Boot Camp, which includes unlimited CCPT practice exam attempts.
Learn more about Infosec Skills custom practice exams.
Other free CCPT training resources
- Build your cloud skills: Learn about cloud security careers and see live cloud training demos on Infosec's YouTube channel.
- Build your penetration testing skills: Infosec has a variety of free hacking videos and webinars, such as Learn how to hack and conduct a penetration test.
- Podcasts: Stay connected with the cybersecurity community and learn about the latest skills and career trends with the weekly Cyber Work Podcast.
CCPT jobs and careers
The penetration market is growing rapidly, with a projected 24.59% compound annual growth rate (CAGR) and an average Certified Cloud Penetration Tester certification salary of $112,700 in the U.S. However, earning your CCPT can assist with a variety of career paths.
Common CCPT job titles
Cloud computing is the second most important security skill and the second biggest skills gap for cybersecurity professionals, according to the State of Cybersecurity 2023 report. Common job title for CCPT holders include:
- Penetration testers
- Cloud and system administrators
- Application developers
- DevSecOps engineers
- Security consultants
- Security analysts
Paid CCPT training and exam prep
You have two primary options when exploring CCPT exam prep and cloud penetration courses: live, instructor-led boot camps and self-paced training courses.
Live CCPT Boot Camps
Infosec offers a 5-day, live Cloud Pentesting Certification Boot Camp that includes everything you need to prepare for and pass your CCPT exam.
-
Live training and Q&A: Penetration testing is a broad field requiring a variety of technical skills. A live instructor can help you master best practices and answer your questions so you can get up to speed sooner.
-
Hands-on cyber ranges: Build your hands-on experience with labs that replicate real-world environments and scenarios.
-
Improved pass rates: Infosec stands by its training with an Exam Pass Guarantee. That means if you fail your exam on your first attempt, you get a second attempt to pass — for free.
Learn more about the Cloud Pentesting Certification Boot Camp.
Self-paced cloud pentesting training
If you're looking to build your cloud security and penetration testing skills at your own pace, there are a variety of training courses available:
-
Cloud Pentesting Project: Build your Azure and AWS penetration testing skills in this hands-on project available in Infosec Skills.
-
Securing Cloud-based Applications Learning Path: Learn how to protect cloud-based apps from cyber threats by building security into them from the start.
-
Browse the Infosec Skills course library: Explore dozens of cloud-security-focused courses, learning paths and hands-on exercises.
Learn more about cloud security training.
CCPT certification comparisons and alternatives
While penetration testing is in high demand, the CCPT it is just one of the many credentials that fit this role. Below are some alternatives:
CCPT vs CEH
The Certified Ethical Hacking (CEH) exam slightly differs from the cloud penetration testing focus of the CCPT exam. As a more general ethical hacking certification, it covers the entire system and tests your broader hacking knowledge, whereas CCPT hones in on the cloud portion of penetration testing.
CCPT vs PenTest+
Like the CEH, the PenTest+ certification is a much broader exam than the CCPT. The CCPT is a vendor-neutral exam that focuses on penetrating testing in different environments, even in on-premise locations. The CCPT certification focuses on cloud environments, specifically Azure and AWS.
The CEH and PenTest+ are about 70% similar to each other, which is why Infosec offers an Ethical Hacking Boot Camp that prepares you for both certifications at the same time.
CCPT vs CMWAPT
The Certified Mobile and Web Application Penetration Tester (CMWAPT) certification is similar to the CCPT, focusing on a slice of the penetration testing landscape. However, CMWAPT focuses on mobile and web application penetration testing. It is more specific to iOS, Android and web applications, whereas the CCPT focuses on cloud services like Azure and AWS.
CCPT vs GCPN
The GIAC Cloud Penetration Tester (GCPN exam) is similar to CCPT in that they both focus on cloud penetration testing and cover areas of AWS and Azure. The GCPN may be more difficult, and it includes more details on web architecture, cloud technologies and cloud design. The GCPN exam is also more expensive than the CCPT.
For more information, read our article on the differences between CCPT and GCPN.
Explore Infosec certifications to find the best fit for your career goals.
Popular cloud penetration testing articles
Stay up on the latest trends and insights with Infosec's blog.