The Certified Cloud Penetration Tester (CCPT) Certification Guide (2024)

The CCPT is one of the best certified cloud penetration tester certifications and one of the top 10 penetration testing certifications for security professionals. The CCPT certification tests your knowledge of the tools and techniques used to exploit and defend cloud infrastructure.

  • Master the five domains of cloud penetration testing
  • Learn how to attack and defend AWS and Azure services
  • Boost your career with in-demand cloud skills

Key facts

Start your journey to becoming a Certified Cloud Penetration Tester with Infosec.

CCPT exam overview

CCPT means "Certified Cloud Penetration Tester," and the CCPT exam focuses on five domains related to cloud pentesting, outlined below:

Domain 1: Cloud pentesting process and requirements

This first domain of the CCPT certification, cloud pentesting process and requirements, validates your knowledge in those two areas, along with concepts like multi-tenancy considerations attack surfaces and different methodologies. It also includes pentesting tools and setting up a cloud pentesting environment.

Domain 2: Reconnaissance in the cloud

Next, you'll be tested on your knowledge of gathering information, mimicking the reconnaissance of cyberattackers. From OSINT techniques to tools for obtaining host and IP information to finding exposed buckets, you'll learn how cybercriminals formulate their attack plans.

Domain 3: Attacking AWS

This domain focuses on your ability to penetrate AWS systems, including exploiting remote access protocols, security misconfiguration and other vulnerabilities. You'll be tested on topics like abusing EC2 metadata, stealing IAM credentials, attacking different types of endpoints and maintaining persistence.

Domain 4: Attacking Azure

This domain focuses on your knowledge of attacking Azure systems. You'll be assessed on topics such as attacking Azure Virtual Machines and Azure Blob Storage misconfigurations, subdomain takeover, gaining shell access and extracting data.

Domain 5: Reporting

The final CCPT exam domain is reporting, which includes cloud security frameworks and best practices, collecting and reporting evidence, and developing and communicating follow-up items.

CCPT exam details

The CCPT exam is relatively new among penetration testing certifications and was created in response to the demand for professionals to help organizations secure cloud infrastructure. 

CCPT created:  2020 CCPT exam cost: $499
Number of questions:


Type of questions: Multiple-choice
Length of test: 60 minutes Passing score: 70% or above
Recommended experience: Familiarity with cloud and penetration testing concepts and at least one year in an information security role Validity duration:  Recommended to recertify every 3 years

Additional CCPT exam resources

Prepare for your CCPT exam and build your cloud security skills with practice exams and other training resources.

CCPT practice questions and exams

Practice exams are a great way to test your knowledge and gauge if you're ready to pass the actual certification exam. The best way to prepare for the CCPT exam is through Infosec's CCPT Boot Camp, which includes unlimited CCPT practice exam attempts.

Learn more about Infosec Skills custom practice exams.

Other free CCPT training resources 


CCPT jobs and careers

The penetration market is growing rapidly, with a projected 24.59% compound annual growth rate (CAGR) and an average Certified Cloud Penetration Tester certification salary of $112,700 in the U.S. However, earning your CCPT can assist with a variety of career paths.


Common CCPT job titles

Cloud computing is the second most important security skill and the second biggest skills gap for cybersecurity professionals, according to the State of Cybersecurity 2023 report. Common job title for CCPT holders include:

  • Penetration testers
  • Cloud and system administrators
  • Application developers
  • DevSecOps engineers
  • Security consultants
  • Security analysts


Paid CCPT training and exam prep

You have two primary options when exploring CCPT exam prep and cloud penetration courses: live, instructor-led boot camps and self-paced training courses.

CCPT certification comparisons and alternatives

While penetration testing is in high demand, the CCPT it is just one of the many credentials that fit this role. Below are some alternatives:


The Certified Ethical Hacking (CEH) exam slightly differs from the cloud penetration testing focus of the CCPT exam. As a more general ethical hacking certification, it covers the entire system and tests your broader hacking knowledge, whereas CCPT hones in on the cloud portion of penetration testing. 

CCPT vs PenTest+

Like the CEH, the PenTest+ certification is a much broader exam than the CCPT. The CCPT is a vendor-neutral exam that focuses on penetrating testing in different environments, even in on-premise locations. The CCPT certification focuses on cloud environments, specifically Azure and AWS. 

The CEH and PenTest+ are about 70% similar to each other, which is why Infosec offers an Ethical Hacking Boot Camp that prepares you for both certifications at the same time.


The Certified Mobile and Web Application Penetration Tester (CMWAPT) certification is similar to the CCPT, focusing on a slice of the penetration testing landscape. However, CMWAPT focuses on mobile and web application penetration testing. It is more specific to iOS, Android and web applications, whereas the CCPT focuses on cloud services like Azure and AWS.


The GIAC Cloud Penetration Tester (GCPN exam) is similar to CCPT in that they both focus on cloud penetration testing and cover areas of AWS and Azure. The GCPN may be more difficult, and it includes more details on web architecture, cloud technologies and cloud design. The GCPN exam is also more expensive than the CCPT.

For more information, read our article on the differences between CCPT and GCPN.

Explore Infosec certifications to find the best fit for your career goals.