CREST CPSA EXAM 300 QUESTIONS AND
CORRECT ANSWERS LATEST 2025-2026(VERIFIED
ANSWERS)
What are the advantages of white box penetration testing? - ---
ANSWER>>>- It ensures that all independent paths of a module
have been exercised
- It ensures that all logical decisions have been verified along with
their true and false value.
- It discovers the typographical errors and does syntax checking
- It finds the design errors that may have occurred because of the
difference between logical flow of the program and the actual
execution.
What are the important highlights of the computer misuse act
1990? - ---ANSWER>>>Section 1: Unauthorized access to
computer material
Section 2: Unauthorized access with intent to commit or facilitate
commission of further offenses
Section 3: Unauthorized acts with intent to impair, or with
recklessness as to impairing the operation of a computer
Unauthorized modification of computer material
What are the important highlights of the human rights act 1998? -
---ANSWER>>>- The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
when capturing the scope of a penetration test, what information
,requires consent to meet the UK laws? --- ANSWER>>>-Name &
Position of the individual who is providing consent
-Authorized testing period - both the date range and hours that
testing is permitted
, 6
- Contact information for members of technical staff, who may
provide assistance during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application
testing
Credentials that may be required as part of authenticated
application testing
What are the important highlights of the data protection act 1998?
- ---ANSWER>>>- Personal data must be processed fairly and
lawfully
- be obtained only for lawful purposes and not processed in any
manner incompatible with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than neccessary
- be processed in accordance with the rights and freedoms of
data subjects
- Be protected against unauthorized or unlawful processing and
against accidental loss, destruction or damage
What are the important highlights of the police and justice act
2006? - ---ANSWER>>>- Make amendments to the computer
misuse act 1990
- increased penalties of computer misuse act (makes
unauthorized computer access serious enough to fall under
extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits.
What issues may arise between a tester and his client? - ---
ANSWER>>>- The tester is unknown to his client - so, on what
grounds, he should be given access of sensitive data
-Who will take the guarantee of security of lost data?
, 7
- The client may blame for the loss of data or confidentiality to
tester.
How can you prevent legal issues when doing a penetration test?
- ---ANSWER>>>A statement of intent should be duly signed by
both parties
- The tester has the permission in writing, with clearly defined
parameters
- the company has the details of its pen tester and an assurance
that he would not leak any confidential data
What does scoping a penetration test involve? ------ANSWER>>>-
All relevant risk owners
- Technical staff knowledgeable about the target system
- A representative of the penetration test team
- Risk owners should outline any areas of special concern
- Technical staff should outline technical boundaries of the
organizations IT estate
- The penetration test team should identify what testing they
believe will give a full picture of the vulnerability status of the
estate
What is a IP protocol? - ---ANSWER>>>The IP (Internet Protocol)
is the network layer communications protocol in the Internet
protocol suite used for relaying datagrams across network
boundaries
What is the TCP protocol? - ---ANSWER>>>TCP (trANSmisson
control protocol) a main protocol from the Internet protocol suite.
What is the Task of TCP? - ---ANSWER>>>To create a
connection between the client and server before data can be sent.
CORRECT ANSWERS LATEST 2025-2026(VERIFIED
ANSWERS)
What are the advantages of white box penetration testing? - ---
ANSWER>>>- It ensures that all independent paths of a module
have been exercised
- It ensures that all logical decisions have been verified along with
their true and false value.
- It discovers the typographical errors and does syntax checking
- It finds the design errors that may have occurred because of the
difference between logical flow of the program and the actual
execution.
What are the important highlights of the computer misuse act
1990? - ---ANSWER>>>Section 1: Unauthorized access to
computer material
Section 2: Unauthorized access with intent to commit or facilitate
commission of further offenses
Section 3: Unauthorized acts with intent to impair, or with
recklessness as to impairing the operation of a computer
Unauthorized modification of computer material
What are the important highlights of the human rights act 1998? -
---ANSWER>>>- The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
when capturing the scope of a penetration test, what information
,requires consent to meet the UK laws? --- ANSWER>>>-Name &
Position of the individual who is providing consent
-Authorized testing period - both the date range and hours that
testing is permitted
, 6
- Contact information for members of technical staff, who may
provide assistance during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application
testing
Credentials that may be required as part of authenticated
application testing
What are the important highlights of the data protection act 1998?
- ---ANSWER>>>- Personal data must be processed fairly and
lawfully
- be obtained only for lawful purposes and not processed in any
manner incompatible with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than neccessary
- be processed in accordance with the rights and freedoms of
data subjects
- Be protected against unauthorized or unlawful processing and
against accidental loss, destruction or damage
What are the important highlights of the police and justice act
2006? - ---ANSWER>>>- Make amendments to the computer
misuse act 1990
- increased penalties of computer misuse act (makes
unauthorized computer access serious enough to fall under
extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits.
What issues may arise between a tester and his client? - ---
ANSWER>>>- The tester is unknown to his client - so, on what
grounds, he should be given access of sensitive data
-Who will take the guarantee of security of lost data?
, 7
- The client may blame for the loss of data or confidentiality to
tester.
How can you prevent legal issues when doing a penetration test?
- ---ANSWER>>>A statement of intent should be duly signed by
both parties
- The tester has the permission in writing, with clearly defined
parameters
- the company has the details of its pen tester and an assurance
that he would not leak any confidential data
What does scoping a penetration test involve? ------ANSWER>>>-
All relevant risk owners
- Technical staff knowledgeable about the target system
- A representative of the penetration test team
- Risk owners should outline any areas of special concern
- Technical staff should outline technical boundaries of the
organizations IT estate
- The penetration test team should identify what testing they
believe will give a full picture of the vulnerability status of the
estate
What is a IP protocol? - ---ANSWER>>>The IP (Internet Protocol)
is the network layer communications protocol in the Internet
protocol suite used for relaying datagrams across network
boundaries
What is the TCP protocol? - ---ANSWER>>>TCP (trANSmisson
control protocol) a main protocol from the Internet protocol suite.
What is the Task of TCP? - ---ANSWER>>>To create a
connection between the client and server before data can be sent.
