CREST CPSA EXAM NEWEST 2025 ACTUAL EXAM COMPLETE 300 QUESTIONS AND CORRECT DETAILED ANSWERS (VERIFIED ANSWERS) ALREADY GRADED +.pdf

CREST CPSA EXAM |ACTUAL UPDATED EXAMm m m m m m



WITH EXPERTLY AND CORRECTLY ANSWERED
m m m m m



QUESTIONS| ACE YOUR GRADES!!! m m m




White Box Penetration Testing - Correct Answer-
m m m m m m


A tester is provided a whole range of information about the systems a
m m m m m m m m m m m m


nd/or network such as schema, source code, os details, ip address, e
m m m m m m m m m m m


tc.




Advantages of White Box Penetration Testing - Correct Answer--
m m m m m m m m


It ensures that all independent paths of a module have been exercised
m m m m m m m m m m m m




- It ensures that all logical decisions have been verified along with their tru
m m m m m m m m m m m m


e and false value.
m m m



- It discovers the typographical errors and does syntax checking
m m m m m m m m




- It finds the design errors that may have occurred because of the differ
m m m m m m m m m m m m


ence between logical flow of the program and the actual execution.
m m m m m m m m m m




Computer Misuse Act 1990 Highlights - Correct Answer-
m m m m m m m


Section 1: Unauthorized access to computer material
m m m m m m



Section 2: Unauthorized access with intent to commit or facilitate commissi
m m m m m m m m m m


on of further offenses
m m m



Section 3: Unauthorized acts with intent to impair, or with recklessness as
m m m m m m m m m m m m


to impairing the operation of a computer
m m m m m m




Human Rights Act 1998 Highlights - Correct Answer-- The right to life
m m m m m m m m m m m



- The right to respect for private and family life
m m m m m m m m

,- The right to freedom of religion and belief
m m m m m m m



- Your right not to be mistreated or wrongly punished by the state
m m m m m m m m m m m




Consent Information for Penetration Test - Correct Answer--
m m m m m m m


Name & Position of the individual who is providing consent
m m m m m m m m m m



- Authorized testing period - m m m


mboth the date range and hours that testing is permitted
m m m m m m m m m



- Contact information for members of technical staff, who may provid
m m m m m m m m m


e assistance during the test
m m m m



- IP addresses or URL that are in scope of testing
m m m m m m m m m



- Exclusions to certain hosts, services or areas within application testing
m m m m m m m m m



- Credentials that may be required as part of authenticated applicatio
m m m m m m m m m


n testing
m




Data Protection Act 1998 Highlights - Correct Answer--
m m m m m m m


Personal data must be processed fairly and lawfully
m m m m m m m m



- be obtained only for lawful purposes and not processed in any manne
m m m m m m m m m m m


r incompatible with those purposes
m m m m



- be adequate, relevant and not excessive
m m m m m



- be accurate and current
m m m



- not be retained for longer than necessary
m m m m m m



- be processed in accordance with the rights and freedoms of data subjects
m m m m m m m m m m m



- Be protected against unauthorized or unlawful processing and agains
m m m m m m m m


t accidental loss, destruction or damage
m m m m m

,Police and Justice Act 2006 Highlights - Correct Answer--
m m m m m m m m


Make amendments to the computer misuse act 1990
m m m m m m m m



- increased penalties of computer misuse act (makes unauthorized
m m m m m m m


mcomputer access serious enough to fall under extradition)
m m m m m m m



- Made it illegal to perform DOS attacks
m m m m m m



- Made it illegal to supply and own hacking tools.
m m m m m m m m



- Be careful about how you release information about exploits.
m m m m m m m m




Issues Between Tester and Client - Correct Answer--
m m m m m m m


mThe tester is unknown to his client -
m m m m m m m


mso, on what grounds, he should be given access of sensitive data
m m m m m m m m m m m



- Who will take the guarantee of security of lost data?
m m m m m m m m m



- The client may blame for the loss of data or confidentiality to tester.
m m m m m m m m m m m m




Preventing Legal Issues in Penetration Testing - Correct Answer--
m m m m m m m m


A statement of intent should be duly signed by both parties
m m m m m m m m m m m



- The tester has the permission in writing, with clearly defined parameters
m m m m m m m m m m




- the company has the details of its pen tester and an assurance that h
m m m m m m m m m m m m m


e would not leak any confidential data
m m m m m m




Scoping a Penetration Test - Correct Answer-- All relevant risk owners
m m m m m m m m m m



- Technical staff knowledgeable about the target system
m m m m m m



- The penetration test team should identify what testing they believe wil
m m m m m m m m m m


l give a full picture of the vulnerability status of the estate
m m m m m m m m m m m



- A representative of the penetration test team
m m m m m m

, - Risk owners should outline any areas of special concern
m m m m m m m m




IP - Correct Answer-
m m m


The IP (Internet Protocol) is the network layer communications protocol in t
m m m m m m m m m m m


he Internet protocol suite used for relaying datagrams across network boun
m m m m m m m m m m


daries.




TCP - Correct Answer-
m m m


TCP (Transmission Control Protocol) is a main protocol from the Internet pr
m m m m m m m m m m m


otocol suite. m




Task of TCP - Correct Answer-
m m m m m


To create a connection between the client and server before data can be s
m m m m m m m m m m m m m


ent
Squid Proxy - Correct Answer-3128
m m m m




Benefits of a Penetration Test - Correct Answer--
m m m m m m m


Enhancement of the management system
m m m m m



- Avoid fines m



- Protection from financial damage m m m



- Customer protection m




Structure of a Penetration Test - Correct Answer-
m m m m m m m



Planning and Preparation Reconnaissance
m m m



Discovery