Final CPSA:A Guide to common Terms 2025
100base - ansSX, 100base-BX, 100base-LX10) technologies.
A1) Benefits of pentesting - ansManage risk. Increase business continuity. Minimise
client-side attacks. Protect clients, partners and third-parties. Comply with regulation.
A1) Pentest structure - ansReconnaissance (i.e. find live hosts, sweeping, find services,
scanning, banner matching, find vulnerabilities). Target prioritisation (e.g. assess
servers rather than printers). Testing of services and exploitation if applicable.
Consult/Confirm with customer if ok to exploit. Inform customer of any high risk issues
that need addressing immediately.
A1) Project Lifecycle - ansData Gathering / Scoping / Briefing. Testing. Report Writing.
Debriefing
A2) Computer Misuse Act 1990 - ansThe Act defines 3 specific offences: 1.
Unauthorised access to computer material (that is, a program or data). 6 months or
Level 5 fine (£5000 currently). 2. Unauthorised access to a computer system with intent
to commit or facilitate the commission of a serious crime. 5 years, max fine. 3.
Unauthorised modification of computer material. 5 years, max fine. In general: You
must not test a system without prior authorisation (e.g. as agreed in written
scope/contract). You should never test without informing the client beforehand.
Amended by Part 5 of Police and Justice Act 2006.
A2) Data Protection Act 1998 - ansIn general: Deals with PII (Personal Information ID).
Data about identifiable users should only be used for the purpose intended. Should not
make a local copy (e.g. HR Database)
,A2) Handling Data (6 catergories) - ansData classification set by uk.gov. Important for
CHECK member to know the protective marking of test/report. 1. NPM — Non Protective
Marking. 2. PROTECT — Not sensitive enough to make classification. Sensitive but not high risk. 3. RESTRICTED
— Pentests are usually RESTRICTED as a minimum 4. CONFIDENTIAL — (Prejudical). 5. SECRET — (Serious
Injuries). 6. TOP SECRET (EGD).
A2) Human Rights Act 1998 - ansLots of general human rights involved such as right to marry, discrimination,
privacy, slavery, guilty etc. Human Rights Act 1998 is relevant to Computer usage as: "Protects the right of
individuals against unreasonable disruption of and intrusion into their lives, while balancing this individual right
with those of others." In general: Article 8: Right to respect for private and family life. Right to privacy. With
Acceptable Usage Policy (AUP), you waive the right to privacy on network.
A2) Police and Justice Act 2006 - ansAn amendment and update to the Computer Misuse Act 1990 in Part 5 of
the Police and Justice Act 2006 are: Section 35. Unauthorised access to computer material. Section 36.
Unauthorised acts with intent to impair operation of computer, etc. Section 37. Making, supplying or obtaining
articles for use in computer misuse offences. Section 38. Transitional and saving provision. In general: Part V
includes a few sections on Computer Misuse Act 1990. Provision for DoS as an offence. Increased penalties.
Making available tools to the Internet. Dual-use tools liable.
A3) Sensible scoping questions (7) - ans1. What technologies are being used? 2. Can we get access to the
application (Web Application)? 3. How many users are there? 4. How many pages are there? Are they dynamic
or static? 5. What are you expecting us to find? 6. Will this be a white box or black box test? 7. Will the testing
be onsite or remote?
A4) 5 Principles of Risk Management - ansAssess risk and determine needs. Establish a central management
focus. Implement appropriate policies and related controls. Promote awareness. Monitor and evaluate policy
and control effectiveness.
B1) Application Layer - ansApplication layer is outermost layer where user interact directly with the software
application. FTP, SSH, Telnet, SMTP, IMAP, POP, HTTP, HTTPS, RTP, BOOTP, SNMP, NTP.
B1) Data Link Layer - ansData Link layer provides means to transfer data between network entities using a
common addressing format. Data Link layer has Logical Link Control (LLC) sublayer for multiplexing several
network protocols (e.g. IP, IPX, Decnet and Appletalk) to coexist in multipoint network. Data Link layer has
Media Access Control (MAC) sublayer for addressing and terminal/network nodes to communicate within a
,multiple access network. MAC address, PPP, HDLC, ADCCP.
B1) ICMP - ans1) The Internet Control Message Protocol (ICMP) is a network layer protocol used by network
devices to diagnose network communication issues. 2) The primary purpose of ICMP is for error reporting.
ICMP is mainly used to determine whether or not data is reaching its intended destination in a timely manner.
3) Unlike the Internet Protocol (IP), ICMP is not associated with a transport layer protocol such as TCP or UDP.
This makes ICMP a connectionless protocol: one device does not need to open a connection with another
device before sending an ICMP message. Normal IP traffic is sent using TCP, which means any two devices that
exchange data will first carry out a TCP handshake to ensure both devices are ready to receive data. ICMP does
not open a connection in this way. The ICMP protocol also does not allow for targeting a specific port on a
device.
B1) ICMP OS Fingerprinting - ansOfir Arkin's Xprobe2 utility performs OS fingerprinting by primarily analyzing
responses to ICMP probes
B1) ICMP Probing tools - ansSing (works like Ping but with enhancements as you can send diff types of ICMP).
Works like "sing -echo" "sing -tstamp" "sing -mask". nmap -sP. ICMPscan, can do all of the ICMP types with
flags -T (timestamp) -N (Netmask) -I (info) -E (echo)
B1) ICMP Probing/Ping sweep - ansType 8 (Echo Request) - used to perform ping sweeping in order to
determine whether hosts are accessible: root@kali:~# ping 192.168.51.29. Can use Nmap to perform ping
sweep across a whole network IP range: nmap -sP 192.168.51.0/24
B1) ICMP Types - ansType 8 (echo request) = Ping packets. Type 13 (timestamp request) = Used to obtain
system time from the target host. Type 15 (information request) = Rarely used, intended to support self-
configuring systems to allow then to discover their network addresses. Type 17 (subnet address mask request)
= Reveals the subnet mask used by the target host, used when mapping networks
B1) IPv4 - ansIPv4 uses a 32-bit address for its Internet addresses. That means it can provide support for 2^32
IP addresses in total â around 4.29 billion
B1) IPv6 Size and Advantages - ansIPv6 utilizes 128-bit Internet addresses. No more NAT. No more private
address collisions. More efficient, many other benefits. Leading zeros can be omitted. The double colon (::) can
be used once in the text form of an address, to designate any number of 0 bits.
, B1) Microsoft PPTP - ans1. The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for
implementing virtual private networks. A PPTP tunnel is started by communication to the peer on TCP port
1723. This TCP connection is then used to initiate and manage a GRE tunnel to the same peer. Generic Routing
Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of
network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol
network. Microsoft PPTP uses TCP port 1723 to negotiate and establish connection and IP protocol 47 (GRE) for
data communication. 2. Uses MS-CHAP for authentication which PPTPv1 and PPTPv2 and vulnerable to
bruteforce attacks.
B1) Network Layer - ansNetwork layer provides means of transferring data from a source host on one network
to a destination host on a different network. IP Address, ARP, IPv4, IPv6, ICMP, IPX, RIP, IKE.
B1) OSI - ansOpen Standards Interconnection (OSI) developped by International Standards Organisation (ISO)
B1) OSI Model. What and stages? - ansModel is set of 7 layers that define the different stages that data must go
through to travel from one device to another over a network. {7} Application, {6} Presentation, {5} Session, {4}
Transport, {3} Network, {2} Data Link, {1} Physical. Higher layers more specific, lower layers more generic.
Please Do Not Tell Sales People Anything.
B1) Physical Layer - ansPhysical layer defines electrical and physical specifications for devices, i.e. relationship
between a device and a transmission medium (e.g. copper or fibre optical cable, Shielded/unshielded twisted
pair, 10Base-2, 10Base-T, 100Base-TX, 1000B-T, RJ45, Coaxial, Fibre-optical cables, Copper cables)
B1) Presentation Layer - ansPresentation layer is responsible for the delivery and formatting of information to
the application layer for further processing or display. MIME, Netware Core Protocol, XML.
B1) Session Layer - ansSession layer provides mechanism for opening, closing and managing a session between
end-user application processes, i.e., a semi-permanent dialogue. SOCKS, TLS-PSK, TLS-SRP.
B1) TCP Characteristics (3) - ans1) Transmission Control Protocol/Internet Protocol. 2) It is specifically designed
as a model to offer highly reliable and end-to-end byte stream over an unreliable network. 3) A TCP connection
is established with the help of three-way handshake. It is a process of initiating and acknowledging a
connection. Once the connection is established, data transfer begins, and when the transmission process is
100base - ansSX, 100base-BX, 100base-LX10) technologies.
A1) Benefits of pentesting - ansManage risk. Increase business continuity. Minimise
client-side attacks. Protect clients, partners and third-parties. Comply with regulation.
A1) Pentest structure - ansReconnaissance (i.e. find live hosts, sweeping, find services,
scanning, banner matching, find vulnerabilities). Target prioritisation (e.g. assess
servers rather than printers). Testing of services and exploitation if applicable.
Consult/Confirm with customer if ok to exploit. Inform customer of any high risk issues
that need addressing immediately.
A1) Project Lifecycle - ansData Gathering / Scoping / Briefing. Testing. Report Writing.
Debriefing
A2) Computer Misuse Act 1990 - ansThe Act defines 3 specific offences: 1.
Unauthorised access to computer material (that is, a program or data). 6 months or
Level 5 fine (£5000 currently). 2. Unauthorised access to a computer system with intent
to commit or facilitate the commission of a serious crime. 5 years, max fine. 3.
Unauthorised modification of computer material. 5 years, max fine. In general: You
must not test a system without prior authorisation (e.g. as agreed in written
scope/contract). You should never test without informing the client beforehand.
Amended by Part 5 of Police and Justice Act 2006.
A2) Data Protection Act 1998 - ansIn general: Deals with PII (Personal Information ID).
Data about identifiable users should only be used for the purpose intended. Should not
make a local copy (e.g. HR Database)
,A2) Handling Data (6 catergories) - ansData classification set by uk.gov. Important for
CHECK member to know the protective marking of test/report. 1. NPM — Non Protective
Marking. 2. PROTECT — Not sensitive enough to make classification. Sensitive but not high risk. 3. RESTRICTED
— Pentests are usually RESTRICTED as a minimum 4. CONFIDENTIAL — (Prejudical). 5. SECRET — (Serious
Injuries). 6. TOP SECRET (EGD).
A2) Human Rights Act 1998 - ansLots of general human rights involved such as right to marry, discrimination,
privacy, slavery, guilty etc. Human Rights Act 1998 is relevant to Computer usage as: "Protects the right of
individuals against unreasonable disruption of and intrusion into their lives, while balancing this individual right
with those of others." In general: Article 8: Right to respect for private and family life. Right to privacy. With
Acceptable Usage Policy (AUP), you waive the right to privacy on network.
A2) Police and Justice Act 2006 - ansAn amendment and update to the Computer Misuse Act 1990 in Part 5 of
the Police and Justice Act 2006 are: Section 35. Unauthorised access to computer material. Section 36.
Unauthorised acts with intent to impair operation of computer, etc. Section 37. Making, supplying or obtaining
articles for use in computer misuse offences. Section 38. Transitional and saving provision. In general: Part V
includes a few sections on Computer Misuse Act 1990. Provision for DoS as an offence. Increased penalties.
Making available tools to the Internet. Dual-use tools liable.
A3) Sensible scoping questions (7) - ans1. What technologies are being used? 2. Can we get access to the
application (Web Application)? 3. How many users are there? 4. How many pages are there? Are they dynamic
or static? 5. What are you expecting us to find? 6. Will this be a white box or black box test? 7. Will the testing
be onsite or remote?
A4) 5 Principles of Risk Management - ansAssess risk and determine needs. Establish a central management
focus. Implement appropriate policies and related controls. Promote awareness. Monitor and evaluate policy
and control effectiveness.
B1) Application Layer - ansApplication layer is outermost layer where user interact directly with the software
application. FTP, SSH, Telnet, SMTP, IMAP, POP, HTTP, HTTPS, RTP, BOOTP, SNMP, NTP.
B1) Data Link Layer - ansData Link layer provides means to transfer data between network entities using a
common addressing format. Data Link layer has Logical Link Control (LLC) sublayer for multiplexing several
network protocols (e.g. IP, IPX, Decnet and Appletalk) to coexist in multipoint network. Data Link layer has
Media Access Control (MAC) sublayer for addressing and terminal/network nodes to communicate within a
,multiple access network. MAC address, PPP, HDLC, ADCCP.
B1) ICMP - ans1) The Internet Control Message Protocol (ICMP) is a network layer protocol used by network
devices to diagnose network communication issues. 2) The primary purpose of ICMP is for error reporting.
ICMP is mainly used to determine whether or not data is reaching its intended destination in a timely manner.
3) Unlike the Internet Protocol (IP), ICMP is not associated with a transport layer protocol such as TCP or UDP.
This makes ICMP a connectionless protocol: one device does not need to open a connection with another
device before sending an ICMP message. Normal IP traffic is sent using TCP, which means any two devices that
exchange data will first carry out a TCP handshake to ensure both devices are ready to receive data. ICMP does
not open a connection in this way. The ICMP protocol also does not allow for targeting a specific port on a
device.
B1) ICMP OS Fingerprinting - ansOfir Arkin's Xprobe2 utility performs OS fingerprinting by primarily analyzing
responses to ICMP probes
B1) ICMP Probing tools - ansSing (works like Ping but with enhancements as you can send diff types of ICMP).
Works like "sing -echo" "sing -tstamp" "sing -mask". nmap -sP. ICMPscan, can do all of the ICMP types with
flags -T (timestamp) -N (Netmask) -I (info) -E (echo)
B1) ICMP Probing/Ping sweep - ansType 8 (Echo Request) - used to perform ping sweeping in order to
determine whether hosts are accessible: root@kali:~# ping 192.168.51.29. Can use Nmap to perform ping
sweep across a whole network IP range: nmap -sP 192.168.51.0/24
B1) ICMP Types - ansType 8 (echo request) = Ping packets. Type 13 (timestamp request) = Used to obtain
system time from the target host. Type 15 (information request) = Rarely used, intended to support self-
configuring systems to allow then to discover their network addresses. Type 17 (subnet address mask request)
= Reveals the subnet mask used by the target host, used when mapping networks
B1) IPv4 - ansIPv4 uses a 32-bit address for its Internet addresses. That means it can provide support for 2^32
IP addresses in total â around 4.29 billion
B1) IPv6 Size and Advantages - ansIPv6 utilizes 128-bit Internet addresses. No more NAT. No more private
address collisions. More efficient, many other benefits. Leading zeros can be omitted. The double colon (::) can
be used once in the text form of an address, to designate any number of 0 bits.
, B1) Microsoft PPTP - ans1. The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for
implementing virtual private networks. A PPTP tunnel is started by communication to the peer on TCP port
1723. This TCP connection is then used to initiate and manage a GRE tunnel to the same peer. Generic Routing
Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of
network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol
network. Microsoft PPTP uses TCP port 1723 to negotiate and establish connection and IP protocol 47 (GRE) for
data communication. 2. Uses MS-CHAP for authentication which PPTPv1 and PPTPv2 and vulnerable to
bruteforce attacks.
B1) Network Layer - ansNetwork layer provides means of transferring data from a source host on one network
to a destination host on a different network. IP Address, ARP, IPv4, IPv6, ICMP, IPX, RIP, IKE.
B1) OSI - ansOpen Standards Interconnection (OSI) developped by International Standards Organisation (ISO)
B1) OSI Model. What and stages? - ansModel is set of 7 layers that define the different stages that data must go
through to travel from one device to another over a network. {7} Application, {6} Presentation, {5} Session, {4}
Transport, {3} Network, {2} Data Link, {1} Physical. Higher layers more specific, lower layers more generic.
Please Do Not Tell Sales People Anything.
B1) Physical Layer - ansPhysical layer defines electrical and physical specifications for devices, i.e. relationship
between a device and a transmission medium (e.g. copper or fibre optical cable, Shielded/unshielded twisted
pair, 10Base-2, 10Base-T, 100Base-TX, 1000B-T, RJ45, Coaxial, Fibre-optical cables, Copper cables)
B1) Presentation Layer - ansPresentation layer is responsible for the delivery and formatting of information to
the application layer for further processing or display. MIME, Netware Core Protocol, XML.
B1) Session Layer - ansSession layer provides mechanism for opening, closing and managing a session between
end-user application processes, i.e., a semi-permanent dialogue. SOCKS, TLS-PSK, TLS-SRP.
B1) TCP Characteristics (3) - ans1) Transmission Control Protocol/Internet Protocol. 2) It is specifically designed
as a model to offer highly reliable and end-to-end byte stream over an unreliable network. 3) A TCP connection
is established with the help of three-way handshake. It is a process of initiating and acknowledging a
connection. Once the connection is established, data transfer begins, and when the transmission process is
