CREST CPSA EXAM (NEWEST EXAM 2025) | ALL QUESTIONS AND
CORRECT ANSWERS | GRADED A+ | VERIFIED ANSWERS | LATEST
VERSION (JUST RELEASED)
Squid Proxy -
Answer-3128
Benefits of a Penetration Test -
Answer-- Enhancement of the management system
- Avoid fines
- Protection from financial damage
- Customer protection
Structure of a Penetration Test -
Answer-Planning and Preparation Reconnaissance
Discovery
Analyzing information and risks
Active intrusion attempts
Final analysis Report
Preparation
Another Structure of a Penetration Test -
Answer-Reconnaissance Vulnerability Scanning
Investigation
Exploitation
Infrastructure Testing -
Answer-Includes all internal computer systems, associated external devices, internet
networking, cloud and virtualization testing.
Types of Infrastructure Testing -
Answer-- External Infrastructure Penetration Testing
- Internal Infrastructure Penetration Testing
- Cloud and Virtualization Penetration Testing
- Wireless Security Penetration Testing
External Infrastructure Testing -
Answer-Mapping flaws in the external infrastructure
Benefits of External Infrastructure Testing -
Answer-- Identifies flaws within the firewall configuration that could be misused.
- Finds how information could be leaked out from the system
- Suggests how these issues could be fixed
- Prepares a comprehensive report highlighting the security risk of the networks and
suggests solutions
- Ensures overall efficiency and productivity of your business
,Benefits of Internal Infrastructure Testing -
Answer-- Identifies how an internal attacker could take advantage of even a minor
security flaw
- Identifies the potential business risk and damage that an internal attacker can inflict
,- Improves security systems of internal infrastructure
- Prepares a comprehensive report giving details of the security exposures of internal
networks along with the detailed action plan on how to deal with it
Benefits of Cloud and Virtualization Penetration Testing -
Answer-- Discover the real risks within the virtual environment and suggests the
methods and costs to fix the threats and flaws
- Provides guidelines and an action plan how to resolve the issues
- Improves the overall protection systems
- Prepares a comprehensive security system report of the cloud computing and
virtualization, outline the security flaws, causes and possible solutions
Benefits of Wireless Security Penetration Testing -
Answer-- To find the potential risk caused by your wireless device
- To provide guidelines and an action plan on how to protect from the external threats
- For preparing a comprehensive security system report of the wireless networking, to
outline the security flaw, causes, and possible solutions
Black Box Testing -
Answer-Black-box testing is a method in which the tester is provided no information about
the application being tested.
Advantages of Black Box Testing -
Answer-- Test is generally conducted with the perspective of a user, not the designer
- Verifies contradictions in the actual system and the specifications
Disadvantages of Black Box Penetration Testing -
Answer-- Particularly, these kinds of test cases are difficult to design
- Possibly, it is not worth, in case designer has already conducted a test case
- It does not conduct everything
White Box Penetration Testing -
Answer-A tester is provided a whole range of information about the systems and/or
network such as schema, source code, os details, ip address, etc.
Advantages of White Box Penetration Testing -
Answer-- It ensures that all independent paths of a module have been exercised
- It ensures that all logical decisions have been verified along with their true and false
value.
- It discovers the typographical errors and does syntax checking
- It finds the design errors that may have occurred because of the difference between
logical flow of the program and the actual execution.
Computer Misuse Act 1990 Highlights -
Answer-Section 1: Unauthorized access to computer material
Section 2: Unauthorized access with intent to commit or facilitate commission of further
offenses
, Section 3: Unauthorized acts with intent to impair, or with recklessness as to impairing
the operation of a computer
Human Rights Act 1998 Highlights -
Answer-- The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
Consent Information for Penetration Test -
Answer-- Name & Position of the individual who is providing consent
- Authorized testing period - both the date range and hours that testing is permitted
- Contact information for members of technical staff, who may provide assistance during
the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing
- Credentials that may be required as part of authenticated application testing
Data Protection Act 1998 Highlights -
Answer-- Personal data must be processed fairly and lawfully
- be obtained only for lawful purposes and not processed in any manner incompatible
with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than necessary
- be processed in accordance with the rights and freedoms of data subjects
- Be protected against unauthorized or unlawful processing and against accidental loss,
destruction or damage
Police and Justice Act 2006 Highlights -
Answer-- Make amendments to the computer misuse act 1990
- increased penalties of computer misuse act (makes unauthorized computer access
serious enough to fall under extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits.
Issues Between Tester and Client -
Answer-- The tester is unknown to his client - so, on what grounds, he should be given
access of sensitive data
- Who will take the guarantee of security of lost data?
- The client may blame for the loss of data or confidentiality to tester.
Preventing Legal Issues in Penetration Testing -
Answer-- A statement of intent should be duly signed by both parties
- The tester has the permission in writing, with clearly defined parameters
- the company has the details of its pen tester and an assurance that he would not leak
any confidential data
CORRECT ANSWERS | GRADED A+ | VERIFIED ANSWERS | LATEST
VERSION (JUST RELEASED)
Squid Proxy -
Answer-3128
Benefits of a Penetration Test -
Answer-- Enhancement of the management system
- Avoid fines
- Protection from financial damage
- Customer protection
Structure of a Penetration Test -
Answer-Planning and Preparation Reconnaissance
Discovery
Analyzing information and risks
Active intrusion attempts
Final analysis Report
Preparation
Another Structure of a Penetration Test -
Answer-Reconnaissance Vulnerability Scanning
Investigation
Exploitation
Infrastructure Testing -
Answer-Includes all internal computer systems, associated external devices, internet
networking, cloud and virtualization testing.
Types of Infrastructure Testing -
Answer-- External Infrastructure Penetration Testing
- Internal Infrastructure Penetration Testing
- Cloud and Virtualization Penetration Testing
- Wireless Security Penetration Testing
External Infrastructure Testing -
Answer-Mapping flaws in the external infrastructure
Benefits of External Infrastructure Testing -
Answer-- Identifies flaws within the firewall configuration that could be misused.
- Finds how information could be leaked out from the system
- Suggests how these issues could be fixed
- Prepares a comprehensive report highlighting the security risk of the networks and
suggests solutions
- Ensures overall efficiency and productivity of your business
,Benefits of Internal Infrastructure Testing -
Answer-- Identifies how an internal attacker could take advantage of even a minor
security flaw
- Identifies the potential business risk and damage that an internal attacker can inflict
,- Improves security systems of internal infrastructure
- Prepares a comprehensive report giving details of the security exposures of internal
networks along with the detailed action plan on how to deal with it
Benefits of Cloud and Virtualization Penetration Testing -
Answer-- Discover the real risks within the virtual environment and suggests the
methods and costs to fix the threats and flaws
- Provides guidelines and an action plan how to resolve the issues
- Improves the overall protection systems
- Prepares a comprehensive security system report of the cloud computing and
virtualization, outline the security flaws, causes and possible solutions
Benefits of Wireless Security Penetration Testing -
Answer-- To find the potential risk caused by your wireless device
- To provide guidelines and an action plan on how to protect from the external threats
- For preparing a comprehensive security system report of the wireless networking, to
outline the security flaw, causes, and possible solutions
Black Box Testing -
Answer-Black-box testing is a method in which the tester is provided no information about
the application being tested.
Advantages of Black Box Testing -
Answer-- Test is generally conducted with the perspective of a user, not the designer
- Verifies contradictions in the actual system and the specifications
Disadvantages of Black Box Penetration Testing -
Answer-- Particularly, these kinds of test cases are difficult to design
- Possibly, it is not worth, in case designer has already conducted a test case
- It does not conduct everything
White Box Penetration Testing -
Answer-A tester is provided a whole range of information about the systems and/or
network such as schema, source code, os details, ip address, etc.
Advantages of White Box Penetration Testing -
Answer-- It ensures that all independent paths of a module have been exercised
- It ensures that all logical decisions have been verified along with their true and false
value.
- It discovers the typographical errors and does syntax checking
- It finds the design errors that may have occurred because of the difference between
logical flow of the program and the actual execution.
Computer Misuse Act 1990 Highlights -
Answer-Section 1: Unauthorized access to computer material
Section 2: Unauthorized access with intent to commit or facilitate commission of further
offenses
, Section 3: Unauthorized acts with intent to impair, or with recklessness as to impairing
the operation of a computer
Human Rights Act 1998 Highlights -
Answer-- The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
Consent Information for Penetration Test -
Answer-- Name & Position of the individual who is providing consent
- Authorized testing period - both the date range and hours that testing is permitted
- Contact information for members of technical staff, who may provide assistance during
the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing
- Credentials that may be required as part of authenticated application testing
Data Protection Act 1998 Highlights -
Answer-- Personal data must be processed fairly and lawfully
- be obtained only for lawful purposes and not processed in any manner incompatible
with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than necessary
- be processed in accordance with the rights and freedoms of data subjects
- Be protected against unauthorized or unlawful processing and against accidental loss,
destruction or damage
Police and Justice Act 2006 Highlights -
Answer-- Make amendments to the computer misuse act 1990
- increased penalties of computer misuse act (makes unauthorized computer access
serious enough to fall under extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits.
Issues Between Tester and Client -
Answer-- The tester is unknown to his client - so, on what grounds, he should be given
access of sensitive data
- Who will take the guarantee of security of lost data?
- The client may blame for the loss of data or confidentiality to tester.
Preventing Legal Issues in Penetration Testing -
Answer-- A statement of intent should be duly signed by both parties
- The tester has the permission in writing, with clearly defined parameters
- the company has the details of its pen tester and an assurance that he would not leak
any confidential data
