A structured 8–12 week study path built around the 7 exam domains. Pick your pace, we'll give you everything you need to pass on your first attempt.
Study Timeline
Whether you have 6 weeks or 12, there's a structured path to exam day. All paths cover all 7 domains, you control the intensity.
Domain 1, CRE Cyber Risk Framework. CRE-specific threat actors, building system attack surfaces, the IT/OT convergence problem. Read CBK Chapters 1–3, complete practice scenarios.
~8 hrs / weekDomain 2, Building Automation & OT Security. BACnet/Modbus protocols, Niagara Framework vulnerabilities, network segmentation, OT incident response. Requires most study time: 20% of exam questions.
~10 hrs / weekDomain 3 (Physical Access & Surveillance) and Domain 4 (Tenant Data & Lease Risk). Physical-cyber convergence, NVR security, tenant data segregation, lease clause obligations.
~8 hrs / weekDomain 5 (Third-Party/Vendor Risk) and Domain 6 (Regulatory/Compliance). OT vendor management, REIT SEC disclosure obligations, cyber insurance for CRE, NIST CSF 2.0 mapping.
~8 hrs / weekDomain 7, CRE IR/DR. OT-aware incident response, building system recovery, chain of custody, post-incident communication to tenants and investors.
~8 hrsFull 80-question practice exam, timed. Review missed items by domain. Run through lab scenario exercise. Schedule your proctored exam for this week or the next.
~6 hrs + exam dayExam Blueprint
Each domain's weight is fixed in the exam blueprint. Click any domain to see the topic breakdown, study focus, and expected question types.
Study Resources
Core resources are included with your exam registration. Supplemental materials help you go deeper on specific domains.
The authoritative reference for all 7 exam domains. 300+ pages covering every topic in the exam blueprint, with CRE-specific case studies, diagrams, and real-world scenarios from commercial real estate environments.
Condensed, exam-focused companion to the CBK. Each domain summarized with key concepts, exam tips, and 30 practice questions with full explanations tied to the CBK. Built for active recall, not passive reading.
Full 80-question practice exam with the same domain weighting and question format as the real exam. Timed mode with a 120-minute limit, domain filter, and instant feedback with CBK references for every question.
The Cybersecurity Framework v2.0 from NIST. Domain 1 and Domain 6 of the CCP-CRE map directly to CSF. Understand the Govern, Identify, Protect, Detect, Respond, and Recover functions in a CRE context.
The ICS-specific ATT&CK matrix covers 15 techniques relevant to building automation system attacks. Domain 2 exam questions frequently reference ATT&CK ICS tactics. Essential supplemental reading for OT-domain readiness.
350 flashcards covering key terms, framework mappings, and protocol definitions across all 7 domains. Especially useful for memorizing BAS protocol characteristics and NIST CSF function definitions before exam day.
What to Expect
No surprises. Here's exactly how the CCP-CRE exam is structured and what you'll experience on test day.
Online proctored exam via secure browser. Government-issued photo ID required. Workspace check by proctor. 5-minute setup process.
Online · Anytime80 multiple-choice and scenario-based questions. Timer displayed. Flag for review. No reference materials permitted. Average candidate uses 90–100 minutes.
80 questions · 120 minOne practical scenario requiring analysis of an OT network diagram or building system configuration. Demonstrates applied competency beyond theoretical knowledge.
Scenario-based · 30 minPreliminary pass/fail at exam completion. Official scored results within 3 business days. Digital badge and certificate issued within 5 business days of passing.
Pass/fail same dayRegister for the CCP-CRE exam and get immediate access to the CBK, study guide, and practice exam simulator. Start studying today.
CBK + study guide + practice exam included · Online proctored · Schedule anytime