1 | Page
CREST CPSA EXAM QUESTIONS WITH COMPLETE
SOLUTIONS GUARANTEED PASS 2025/2026
Computer Misuse Act 1990 Highlights - ANSWER ->Section 1:
Unauthorized access to computer material
Section 2: Unauthorized access with intent to commit or facilitate commission of
further offenses
Section 3: Unauthorized acts with intent to impair, or with recklessness as to
impairing the operation of a computer
Human Rights Act 1998 Highlights - ANSWER ->- The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
Consent Information for Penetration Test - ANSWER ->- Name &
Position of the individual who is providing consent
- Authorized testing period - both the date range and hours that testing is
permitted
- Contact information for members of technical staff, who may provide assistance
during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing
- Credentials that may be required as part of authenticated application testing
Data Protection Act 1998 Highlights - ANSWER ->- Personal data must be
processed fairly and lawfully
,2 | Page
- be obtained only for lawful purposes and not processed in any manner
incompatible with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than necessary
- be processed in accordance with the rights and freedoms of data subjects - Be
protected against unauthorized or unlawful processing and against accidental
loss, destruction or damage
Police and Justice Act 2006 Highlights - ANSWER ->- Make amendments to the
computer misuse act 1990
- increased penalties of computer misuse act (makes unauthorized computer
access serious enough to fall under extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits.
Issues Between Tester and Client - ANSWER ->- The tester is unknown to his client
- so, on what grounds, he should be given access of sensitive data - Who will take
the guarantee of security of lost data?
- The client may blame for the loss of data or confidentiality to tester.
Preventing Legal Issues in Penetration Testing - ANSWER ->- A statement of intent
should be duly signed by both parties
- The tester has the permission in writing, with clearly defined parameters - the
company has the details of its pen tester and an assurance that he would not
leak any confidential data
Scoping a Penetration Test - ANSWER ->- All relevant risk owners
- Technical staff knowledgeable about the target system
,3 | Page
- The penetration test team should identify what testing they believe will give a
full picture of the vulnerability status of the estate
- A representative of the penetration test team
- Risk owners should outline any areas of special concern
IP - ANSWER ->The IP (Internet Protocol) is the network layer communications
protocol in the Internet protocol suite used for relaying datagrams across
network boundaries.
TCP - ANSWER ->TCP (Transmission Control Protocol) is a main protocol from the
Internet protocol suite.
Task of TCP - ANSWER ->To create a connection between the client and server
before data can be sent.
User Datagram Protocol - ANSWER ->Applications that do not require a reliable
data stream use User Datagram Protocol.
Task of the Internet Protocol - ANSWER ->To deliver packets from the source host
to the destination host based on the IP addresses in the packet headers.
UDP - ANSWER ->Yes, UDP is part of the Internet protocol suite.
SYN in TCP handshake - ANSWER ->SYN is used to initiate and establish a
connection. It also helps you to synchronize sequence numbers between devices.
UDP handshakes - ANSWER ->No, UDP does not perform handshakes.
ACK in TCP handshake - ANSWER ->Helps to confirm to the other side that it has
received the SYN.
, 4 | Page
SYN-ACK in TCP handshake - ANSWER ->SYN-ACK is a SYN message from the local
device and ACK of the earlier packet.
FIN - ANSWER ->Used to terminate the connection.
Three way handshake - ANSWER ->TCP is known for performing a three way
handshake.
SYN - ANSWER ->SYN stands for Synchronize.
SYN-ACK phrase - ANSWER ->After the SYN and ACK phrases of a TCP handshake,
the next step is SYN-ACK.
ACK - ANSWER ->ACK stands for Acknowledgement.
SYN-ACK - ANSWER ->SYN-ACK stands for Synchronize Acknowledgement.
FIN in TCP - ANSWER ->FIN stands for Finish.
Port 9100 - ANSWER ->Jetdirect.
Port 567 - ANSWER ->DHCPv6 (servers).
Port 593 - ANSWER ->RPC over HTTPS.
Port 49 - ANSWER ->TACACS.
TACACS - ANSWER ->Terminal Access Control of Authentication and Control
Systems.
Port 514 - ANSWER ->Syslog.
CREST CPSA EXAM QUESTIONS WITH COMPLETE
SOLUTIONS GUARANTEED PASS 2025/2026
Computer Misuse Act 1990 Highlights - ANSWER ->Section 1:
Unauthorized access to computer material
Section 2: Unauthorized access with intent to commit or facilitate commission of
further offenses
Section 3: Unauthorized acts with intent to impair, or with recklessness as to
impairing the operation of a computer
Human Rights Act 1998 Highlights - ANSWER ->- The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
Consent Information for Penetration Test - ANSWER ->- Name &
Position of the individual who is providing consent
- Authorized testing period - both the date range and hours that testing is
permitted
- Contact information for members of technical staff, who may provide assistance
during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing
- Credentials that may be required as part of authenticated application testing
Data Protection Act 1998 Highlights - ANSWER ->- Personal data must be
processed fairly and lawfully
,2 | Page
- be obtained only for lawful purposes and not processed in any manner
incompatible with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than necessary
- be processed in accordance with the rights and freedoms of data subjects - Be
protected against unauthorized or unlawful processing and against accidental
loss, destruction or damage
Police and Justice Act 2006 Highlights - ANSWER ->- Make amendments to the
computer misuse act 1990
- increased penalties of computer misuse act (makes unauthorized computer
access serious enough to fall under extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits.
Issues Between Tester and Client - ANSWER ->- The tester is unknown to his client
- so, on what grounds, he should be given access of sensitive data - Who will take
the guarantee of security of lost data?
- The client may blame for the loss of data or confidentiality to tester.
Preventing Legal Issues in Penetration Testing - ANSWER ->- A statement of intent
should be duly signed by both parties
- The tester has the permission in writing, with clearly defined parameters - the
company has the details of its pen tester and an assurance that he would not
leak any confidential data
Scoping a Penetration Test - ANSWER ->- All relevant risk owners
- Technical staff knowledgeable about the target system
,3 | Page
- The penetration test team should identify what testing they believe will give a
full picture of the vulnerability status of the estate
- A representative of the penetration test team
- Risk owners should outline any areas of special concern
IP - ANSWER ->The IP (Internet Protocol) is the network layer communications
protocol in the Internet protocol suite used for relaying datagrams across
network boundaries.
TCP - ANSWER ->TCP (Transmission Control Protocol) is a main protocol from the
Internet protocol suite.
Task of TCP - ANSWER ->To create a connection between the client and server
before data can be sent.
User Datagram Protocol - ANSWER ->Applications that do not require a reliable
data stream use User Datagram Protocol.
Task of the Internet Protocol - ANSWER ->To deliver packets from the source host
to the destination host based on the IP addresses in the packet headers.
UDP - ANSWER ->Yes, UDP is part of the Internet protocol suite.
SYN in TCP handshake - ANSWER ->SYN is used to initiate and establish a
connection. It also helps you to synchronize sequence numbers between devices.
UDP handshakes - ANSWER ->No, UDP does not perform handshakes.
ACK in TCP handshake - ANSWER ->Helps to confirm to the other side that it has
received the SYN.
, 4 | Page
SYN-ACK in TCP handshake - ANSWER ->SYN-ACK is a SYN message from the local
device and ACK of the earlier packet.
FIN - ANSWER ->Used to terminate the connection.
Three way handshake - ANSWER ->TCP is known for performing a three way
handshake.
SYN - ANSWER ->SYN stands for Synchronize.
SYN-ACK phrase - ANSWER ->After the SYN and ACK phrases of a TCP handshake,
the next step is SYN-ACK.
ACK - ANSWER ->ACK stands for Acknowledgement.
SYN-ACK - ANSWER ->SYN-ACK stands for Synchronize Acknowledgement.
FIN in TCP - ANSWER ->FIN stands for Finish.
Port 9100 - ANSWER ->Jetdirect.
Port 567 - ANSWER ->DHCPv6 (servers).
Port 593 - ANSWER ->RPC over HTTPS.
Port 49 - ANSWER ->TACACS.
TACACS - ANSWER ->Terminal Access Control of Authentication and Control
Systems.
Port 514 - ANSWER ->Syslog.
