Download CREST CPSA EXAM 300 QUESTIONS AND CORRECT ANSWERS LATEST 2025(VERIFIED ANSWERS) and more Exams Nursing in PDF only on Docsity!
CREST CPSA EXAM 300 QUESTIONS AND
CORRECT ANSWERS LATEST
2025(VERIFIED ANSWERS)
What port does squid proxy use? ANSWER>>> What are the benefits of a penetration test? ANSWER>>>- Enhancement of the management system
- Avoid fines
- Protection from financial damage
- Customer protection What is the structure of a penetration test? - --- ANSWER>>>Planning and Preparation Reconnaissance Discovery Analyzing information and risks Active intrusion attempts Final analysis Report Preparation What is another structure of a penetration test? - --- ANSWER>>>Reconnaissan ce Vulnerability Scanning Investigation Exploitation
What does infrastructure testing include? - --- ANSWER>>>Includes all internal computer systems, associated external devices, internet networking, cloud and virtualization testing. What are the types of infrastructure testing? ----------------------------------------------------------ANSWER>>>- External Infrastructure Penetration Testing
- Internal Infrastructure Penetration Testing
- Cloud and Virtualization Penetration Testing
- Wireless Security Penetration Testing What does External Infrastructure Testing include? - --- ANSWER>>>Mapping flaws in the external infrastructure What are the benefits of External Infrastructure Testing? -
ANSWER>>>- Identifies flaws within the firewall configuration that could be misused.
- Finds how information could be leaked out from the system
- Suggests how these issues could be fixed
- Prepares a comprehensive report highlighting the security risk of the networks and suggests solutions
- Ensures overall efficiency and productivity of your business What are the benefits of Internal Infrastructure testing? -
ANSWER>>>-Identifies how an internal attacker could take advantage of even a minor security flaw
- Identifies the potential business risk and damage that an internal attacker can inflict
- Improves security systems of internal infrastructure
- Prepares a comprehensive report giving details of the security exposures of internal networks along with the detailed action plan on how to deal with it
virtual environment and suggests the methods and costs to fix the threats and flaws
- Provides guidelines and an action plan how to resolve the issues
- Improves the overall protection systems
- Prepares a comprehensive security system report of the cloud computing and virtualization, outline the security flaws, causes and possible solutions What are the benefits of wireless security penetration testing? - -- -ANSWER>>>- To find the potential risk caused by your wireless device
- To provide guidelines and an action plan on how to protect from the external threats
- For preparing a comprehensive security system report of the wireless networking, to outline the security flaw, causes, and possible solutions What is Black Box Testing? - ---ANSWER>>>Black-box testing is a method in which the tester is provided no information about the application being tested. What are the advantages of Black Box Testing? - --- ANSWER>>>- Test is generally conducted with the perspective of a user, not the designer
- Verifies contradictions in the actual system and the specifications What are the disadvantages of black box penetration testing? - --- ANSWER>>>- Particularly, these kinds of test cases are difficult to design
- Possibly, it is not worth, in-case designer has already conducted a test case
- It does not conduct everything
What is white box penetration testing? - --- ANSWER>>>A tester is provided a whole range of information about the systems and/or network such as schema, source code, os details, ip address, etc. What are the advantages of white box penetration testing? - --- ANSWER>>>- It ensures that all independent paths of a module have been exercised
- It ensures that all logical decisions have been verified along with their true and false value.
- It discovers the typographical errors and does syntax checking
- It finds the design errors that may have occurred because of the difference between logical flow of the program and the actual execution. What are the important highlights of the computer misuse act 1990? - ---ANSWER>>>Section 1: Unauthorized access to computer material Section 2: Unauthorized access with intent to commit or facilitate commission of further offenses Section 3: Unauthorized acts with intent to impair, or with recklessness as to impairing the operation of a computer Unauthorized modification of computer material What are the important highlights of the human rights act 1998? - ---ANSWER>>>- The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state when capturing the scope of a penetration test, what
- Contact information for members of technical staff, who may provide assistance during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing Credentials that may be required as part of authenticated application testing What are the important highlights of the data protection act 1998?
- ---ANSWER>>>- Personal data must be processed fairly and lawfully
- be obtained only for lawful purposes and not processed in any manner incompatible with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than neccessary
- be processed in accordance with the rights and freedoms of data subjects
- Be protected against unauthorized or unlawful processing and against accidental loss, destruction or damage What are the important highlights of the police and justice act 2006? - ---ANSWER>>>- Make amendments to the computer misuse act 1990
- increased penalties of computer misuse act (makes unauthorized computer access serious enough to fall under extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits. What issues may arise between a tester and his client? -
ANSWER>>>- The tester is unknown to his client - so, on what grounds, he should be given access of sensitive data -Who will take the guarantee of security of lost data?
What will applications that do not require a reliable data stream use? - ---ANSWER>>>User datagram protocol What is the task of the Internet Protocol? -------------------------------------------------------ANSWER>>>to deliver packets from the source host to the destination host based on the IP addresses in the packet headers. Is UDP part of the Internet protocol suite? -------------------------------------------------------ANSWER>>>Yes What does SYN do in a TCP handshake? ANSWER>>>SYN is used to initiate and establish a connection. It also helps you to synchronize sequence numbers between devices. Does UDP perform handshakes? ANSWER>>>No What does ACK do in TCP handshake? ANSWER>>>Helps to confirm to the other side that it has received the SYN. Which protocol is known for performing a three way handshake? - ---ANSWER>>>TCP What happens after the SYN and ACK phrases of a TCP handshake? ANSWER>>>SYN-ACK What does SYN-ACK do in TCP handshake? - --- ANSWER>>>SYN-ACK is a SYN message from local device and ACK of the earlier packet. What is FIN used for? - ---ANSWER>>>Used to terminate the connection What does SYN stand for in TCP?
ANSWER>>>Synchronize What does ACK stand for in TCP? - --- ANSWER>>>Acknowledgement
- What port is RIP?- -ANSWER>>>
What is port 587?--ANSWER>>>SMTP What UDP port does SMTP use?- ANSWER>>> What is port 1521 - ANSWER>>>Oracle What is port 6000 - ANSWER>>>X What port is FTP- -ANSWER>>> What does UDP stand for? - ---ANSWER>>>User Datagram Protocol What is port 389?--ANSWER>>>LDAP What port is 514 --ANSWER>>>Syslog What is port 587?--ANSWER>>>SMTP What port is for DHCPv6 (servers) ANSWER>>> What does DHCP stand for? - --- ANSWER>>>Dynamic Host Configuration Protocol What is the port of SSH- ANSWER>>> What port is Kerberos?- ANSWER>>> What port is POP3- -ANSWER>>> what port is RPC?- -ANSWER>>> What does SMB stand for? - ---ANSWER>>>Server Message Block
what port does MS-SQL (monitoring) use?
ANSWER>>> Whats on port 636 - ANSWER>>>LDAPS What port does MYSQL use?- ANSWER>>> What port does SMB use?- ANSWER>>> What on port 161 - ANSWER>>>SNMP Whats on port 137 - ---ANSWER>>>NETBIOS (name services) What service is on 67? - ---ANSWER>>>DHCP server What port does TFTP use- ANSWER>>> Whats port 25 - -ANSWER>>>SMTP What is the port for DNS?-ANSWER>>> Port 80?----ANSWER>>>HTTP Whats the port for NETBIOS (session services) - --- ANSWER>>> What port is MS-SQL on?--ANSWER>>> What port does SNMP use?- ANSWER>>> Port 2049? - ---ANSWER>>>NFS (Network File System) Port 5060? - ---ANSWER>>>(SIP) Session Initiation Protocol unencrypted signaling traffic (TCP/UDP)
Port 3389 - ---ANSWER>>>RDP (Remote Desktop Protocol) What port is 5222 - ANSWER>>>Jabber What port does Border Gateway protocol use? - --- ANSWER>>> Whats port 139? - ---ANSWER>>>NETBIOS (session services) What port does VMWARE use ?- ANSWER>>> Port 1080? - ---ANSWER>>>SOCKS Proxy Dameware uses which ports? ANSWER>>>6129, 1629 What is the port for IRC-ANSWER>>> Port 9001 is used by which services? - --- ANSWER>>>Tor and HSQL What port is on 9090 - ANSWER>>>Openfire Nagios uses which port ?- ANSWER>>> Which port does Postgres use? ANSWER>>> What service is most likely on 201 ----------------------------------------------ANSWER>>>AppleTalk What is Nagios? - ---ANSWER>>>An open source system monitoring service What is postgres? - ---ANSWER>>>A object relational database management system
Whats the difference between symmetric encryption and asymmetric encryption - ---ANSWER>>>In symmetric encryption only one key is used to both encrypt and decrypt electronic information
While with asymmetric encryption there is a public key for encryption and a private key for decryption What algorithm encrypts in blocks ANSWER>>>Block algorithm How does the block algorithm work? - --- ANSWER>>>It holds encrypted data in memory and waits for complete blocks How many keys does a block algorithm use ---------------------------------------------------------ANSWER>>>1, Symmetric encryption What is Yersinia? - ---ANSWER>>>A Layer 2 Testing Tool? What is layer 7 of the OSI model? ----------------------------------------------ANSWER>>>Application Layer What is layer 5 of the OSI model? ANSWER>>>Session Layer What is layer 3 of the OSI model? ANSWER>>>Network Layer What is layer 1 of the OSI model - ---ANSWER>>>Physical Layer What is layer 2 of the OSI model? - --- ANSWER>>>Data link layer What is layer 4 of the OSI model? ANSWER>>>Transport Layer What is layer 6 of the OSI model?
