CREST - CPSA MAIN Exam with accurate detailed || || || || || || || ||
solutions
3306? - ✔✔MySQL (structured Query Language) Database management system for web
|| || || || || || || || || || ||
database, data warehousing, e-commerce, and logging applications
|| || || || || ||
What port does squid proxy use? - ✔✔3128
|| || || || || || ||
What are the benefits of a penetration test? - ✔✔- Enhancement of the management system
|| || || || || || || || || || || || || ||
- Avoid fines
|| ||
- Protection from financial damage
|| || || ||
- Customer protection
|| ||
What is the structure of a penetration test? - ✔✔Planning and Preparation
|| || || || || || || || || || || ||
Reconnaissance
Discovery
Analyzing information and risks || || ||
Active intrusion attempts
|| ||
Final analysis
||
Report Preparation ||
What is another structure of a penetration test? - ✔✔Reconnaissance
|| || || || || || || || ||
Vulnerability Scanning || ||
Investigation ||
Exploitation
,What is does infrastructure testing include? - ✔✔Includes all internal computer systems,
|| || || || || || || || || || || ||
associated external devices, internet networking, cloud and virtualization testing.
|| || || || || || || ||
What are the types of infrastructure testing? - ✔✔- External Infrastructure Penetration
|| || || || || || || || || || || ||
Testing ||
- Internal Infrastructure Penetration Testing
|| || || || ||
- Cloud and Virtualization Penetration Testing
|| || || || ||
- Wireless Security Penetration Testing
|| || || ||
What does External Infrastructure Testing include? - ✔✔Mapping flaws in the external
|| || || || || || || || || || || ||
infrastructure
What are the benefits of External Infrastructure Testing ? - ✔✔- Identifies flaws within the
|| || || || || || || || || || || || || || ||
firewall configuration that could be misused.
|| || || || ||
- Finds how information could be leaked out from the system
|| || || || || || || || || ||
- Suggests how these issues could be fixed
|| || || || || || ||
- Prepares a comprehensive report highlighting the security risk of the networks and
|| || || || || || || || || || || || ||
suggests solutions || ||
- Ensures overall efficiency and productivity of your business
|| || || || || || || ||
What are the benefits of Internal Infrastructure testing? - ✔✔-Identifies how an internal
|| || || || || || || || || || || || ||
attacker could take advantage of even a minor security flaw
|| || || || || || || || ||
- Identifies the potential business risk and damage that an internal attacker can inflict
|| || || || || || || || || || || || || ||
- Improves security systems of internal infrastructure
|| || || || || || ||
- Prepares a comprehensive report giving details of the security exposures of internal
|| || || || || || || || || || || || ||
networks along with the detailed action plan on how to deal with it
|| || || || || || || || || || || ||
,What are the benefits of cloud and virtualization penetration testing? - ✔✔- Discover the
|| || || || || || || || || || || || || ||
real risks within the virtual environment and suggests the methods and costs to fix the
|| || || || || || || || || || || || || || ||
threats and flaws || ||
- Provides guidelines and an action plan how to resolve the issues
|| || || || || || || || || || || ||
- Improves the overall protection systems
|| || || || || ||
- Prepares a comprehensive security system report of the cloud computing and
|| || || || || || || || || || || ||
virtualization, outline the security flaws, causes and possible solutions || || || || || || || ||
What are the benefits of wireless security penetration testing ? - ✔✔- To find the potential
|| || || || || || || || || || || || || || || ||
risk caused by your wireless device
|| || || || ||
- To provide guidelines and an action plan on how to protect from the external threats
|| || || || || || || || || || || || || || || ||
- For preparing a comprehensive security system report of the wireless networking, to
|| || || || || || || || || || || || ||
outline the security flaw, causes, and possible solutions
|| || || || || || ||
What is Black Box Testing? - ✔✔Black-box testing is a method in which the tester is
|| || || || || || || || || || || || || || || ||
provided no information about the application being tested.
|| || || || || || ||
What are the advantages of Black Box Testing? - ✔✔- Test is generally conducted with the
|| || || || || || || || || || || || || || || ||
perspective of a user, not the designer || || || || || ||
- Verifies contradictions in the actual system and the specifications
|| || || || || || || || ||
What are the disadvantages of black box penetration testing? - ✔✔- Particularly, these kinds
|| || || || || || || || || || || || ||
of test cases are difficult to design
|| || || || || || ||
- Possibly, it is not worth, in-case designer has already conducted a test case
|| || || || || || || || || || || || ||
- It does not conduct everything
|| || || || ||
What is white box penetration testing ? - ✔✔A tester is provided a whole range of
|| || || || || || || || || || || || || || || ||
information about the systems and/or network such as schema, source code, os details, ip
|| || || || || || || || || || || || || ||
address, etc. ||
, What are the advantages of white box penetration testing? - ✔✔- It ensures that all
|| || || || || || || || || || || || || || ||
independent paths of a module have been exercised || || || || || || || ||
- It ensures that all logical decisions have been verified along with their true and false value.
|| || || || || || || || || || || || || || || ||
- It discovers the typographical errors and does syntax checking
|| || || || || || || || || ||
- It finds the design errors that may have occurred because of the difference between logical
|| || || || || || || || || || || || || || || ||
flow of the program and the actual execution.
|| || || || || || ||
What are the important highlights of the computer misuse act 1990? - ✔✔Section 1:
|| || || || || || || || || || || || || ||
Unauthorized access to computer material || || || || ||
Section 2: Unauthorized access with intent to commit or facilitate commission of further
|| || || || || || || || || || || || ||
offenses ||
Section 3: Unauthorized acts with intent to impair, or with recklessness as to impairing the
|| || || || || || || || || || || || || || ||
operation of a computer || || ||
Unauthorized modification of computer material || || || ||
What are the important highlights of the human rights act 1998? - ✔✔- The right to life
|| || || || || || || || || || || || || || || ||
- The right to respect for private and family life
|| || || || || || || || ||
- The right to freedom of religion and belief
|| || || || || || || ||
- Your right not to be mistreated or wrongly punished by the state
|| || || || || || || || || || || ||
when capturing the scope of a penetration test, what information requires consent to meet
|| || || || || || || || || || || || || ||
the UK laws? - ✔✔-Name & Position of the individual who is providing consent
|| || || || || || || || || || || || ||
-Authorized testing period - both the date range and hours that testing is permitted
|| || || || || || || || || || || || ||
- Contact information for members of technical staff, who may provide assistance during
|| || || || || || || || || || || || ||
the test
||
- IP addresses or URL that are in scope of testing
|| || || || || || || || || || ||
solutions
3306? - ✔✔MySQL (structured Query Language) Database management system for web
|| || || || || || || || || || ||
database, data warehousing, e-commerce, and logging applications
|| || || || || ||
What port does squid proxy use? - ✔✔3128
|| || || || || || ||
What are the benefits of a penetration test? - ✔✔- Enhancement of the management system
|| || || || || || || || || || || || || ||
- Avoid fines
|| ||
- Protection from financial damage
|| || || ||
- Customer protection
|| ||
What is the structure of a penetration test? - ✔✔Planning and Preparation
|| || || || || || || || || || || ||
Reconnaissance
Discovery
Analyzing information and risks || || ||
Active intrusion attempts
|| ||
Final analysis
||
Report Preparation ||
What is another structure of a penetration test? - ✔✔Reconnaissance
|| || || || || || || || ||
Vulnerability Scanning || ||
Investigation ||
Exploitation
,What is does infrastructure testing include? - ✔✔Includes all internal computer systems,
|| || || || || || || || || || || ||
associated external devices, internet networking, cloud and virtualization testing.
|| || || || || || || ||
What are the types of infrastructure testing? - ✔✔- External Infrastructure Penetration
|| || || || || || || || || || || ||
Testing ||
- Internal Infrastructure Penetration Testing
|| || || || ||
- Cloud and Virtualization Penetration Testing
|| || || || ||
- Wireless Security Penetration Testing
|| || || ||
What does External Infrastructure Testing include? - ✔✔Mapping flaws in the external
|| || || || || || || || || || || ||
infrastructure
What are the benefits of External Infrastructure Testing ? - ✔✔- Identifies flaws within the
|| || || || || || || || || || || || || || ||
firewall configuration that could be misused.
|| || || || ||
- Finds how information could be leaked out from the system
|| || || || || || || || || ||
- Suggests how these issues could be fixed
|| || || || || || ||
- Prepares a comprehensive report highlighting the security risk of the networks and
|| || || || || || || || || || || || ||
suggests solutions || ||
- Ensures overall efficiency and productivity of your business
|| || || || || || || ||
What are the benefits of Internal Infrastructure testing? - ✔✔-Identifies how an internal
|| || || || || || || || || || || || ||
attacker could take advantage of even a minor security flaw
|| || || || || || || || ||
- Identifies the potential business risk and damage that an internal attacker can inflict
|| || || || || || || || || || || || || ||
- Improves security systems of internal infrastructure
|| || || || || || ||
- Prepares a comprehensive report giving details of the security exposures of internal
|| || || || || || || || || || || || ||
networks along with the detailed action plan on how to deal with it
|| || || || || || || || || || || ||
,What are the benefits of cloud and virtualization penetration testing? - ✔✔- Discover the
|| || || || || || || || || || || || || ||
real risks within the virtual environment and suggests the methods and costs to fix the
|| || || || || || || || || || || || || || ||
threats and flaws || ||
- Provides guidelines and an action plan how to resolve the issues
|| || || || || || || || || || || ||
- Improves the overall protection systems
|| || || || || ||
- Prepares a comprehensive security system report of the cloud computing and
|| || || || || || || || || || || ||
virtualization, outline the security flaws, causes and possible solutions || || || || || || || ||
What are the benefits of wireless security penetration testing ? - ✔✔- To find the potential
|| || || || || || || || || || || || || || || ||
risk caused by your wireless device
|| || || || ||
- To provide guidelines and an action plan on how to protect from the external threats
|| || || || || || || || || || || || || || || ||
- For preparing a comprehensive security system report of the wireless networking, to
|| || || || || || || || || || || || ||
outline the security flaw, causes, and possible solutions
|| || || || || || ||
What is Black Box Testing? - ✔✔Black-box testing is a method in which the tester is
|| || || || || || || || || || || || || || || ||
provided no information about the application being tested.
|| || || || || || ||
What are the advantages of Black Box Testing? - ✔✔- Test is generally conducted with the
|| || || || || || || || || || || || || || || ||
perspective of a user, not the designer || || || || || ||
- Verifies contradictions in the actual system and the specifications
|| || || || || || || || ||
What are the disadvantages of black box penetration testing? - ✔✔- Particularly, these kinds
|| || || || || || || || || || || || ||
of test cases are difficult to design
|| || || || || || ||
- Possibly, it is not worth, in-case designer has already conducted a test case
|| || || || || || || || || || || || ||
- It does not conduct everything
|| || || || ||
What is white box penetration testing ? - ✔✔A tester is provided a whole range of
|| || || || || || || || || || || || || || || ||
information about the systems and/or network such as schema, source code, os details, ip
|| || || || || || || || || || || || || ||
address, etc. ||
, What are the advantages of white box penetration testing? - ✔✔- It ensures that all
|| || || || || || || || || || || || || || ||
independent paths of a module have been exercised || || || || || || || ||
- It ensures that all logical decisions have been verified along with their true and false value.
|| || || || || || || || || || || || || || || ||
- It discovers the typographical errors and does syntax checking
|| || || || || || || || || ||
- It finds the design errors that may have occurred because of the difference between logical
|| || || || || || || || || || || || || || || ||
flow of the program and the actual execution.
|| || || || || || ||
What are the important highlights of the computer misuse act 1990? - ✔✔Section 1:
|| || || || || || || || || || || || || ||
Unauthorized access to computer material || || || || ||
Section 2: Unauthorized access with intent to commit or facilitate commission of further
|| || || || || || || || || || || || ||
offenses ||
Section 3: Unauthorized acts with intent to impair, or with recklessness as to impairing the
|| || || || || || || || || || || || || || ||
operation of a computer || || ||
Unauthorized modification of computer material || || || ||
What are the important highlights of the human rights act 1998? - ✔✔- The right to life
|| || || || || || || || || || || || || || || ||
- The right to respect for private and family life
|| || || || || || || || ||
- The right to freedom of religion and belief
|| || || || || || || ||
- Your right not to be mistreated or wrongly punished by the state
|| || || || || || || || || || || ||
when capturing the scope of a penetration test, what information requires consent to meet
|| || || || || || || || || || || || || ||
the UK laws? - ✔✔-Name & Position of the individual who is providing consent
|| || || || || || || || || || || || ||
-Authorized testing period - both the date range and hours that testing is permitted
|| || || || || || || || || || || || ||
- Contact information for members of technical staff, who may provide assistance during
|| || || || || || || || || || || || ||
the test
||
- IP addresses or URL that are in scope of testing
|| || || || || || || || || || ||
