CREST CPSA EXAM 300 QUESTIONS AND
CORRECT ANSWERS LATEST 2025/2026(VERIFIED
ANSWERS)
What are the disadvantages of black box penetration testing? - ---
ANSWER>>>- Particularly, these kinds of test cases are difficult to
design
- Possibly, it is not worth, in-case designer has already conducted a test
case
- It does not conduct everything
What is white box penetration testing ? - ---ANSWER>>>A tester is
provided a whole range of information about the systems and/or
network such as schema, source code, os details, ip address, etc.
What are the advantages of white box penetration testing? - ---
ANSWER>>>- It ensures that all independent paths of a module have
been exercised
- It ensures that all logical decisions have been verified along with their
true and false value.
- It discovers the typographical errors and does syntax checking - It finds
the design errors that may have occurred because of the difference
between logical flow of the program and the actual execution.
, 3
What are the important highlights of the computer misuse act
1990? - ---ANSWER>>>Section 1: Unauthorized access to
computer material
Section 2: Unauthorized access with intent to commit or facilitate
commission of further offenses
Section 3: Unauthorized acts with intent to impair, or with recklessness
as to impairing the operation of a computer
Unauthorized modification of computer material
What are the important highlights of the human rights act 1998? -
---ANSWER>>>- The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
when capturing the scope of a penetration test, what information
requires consent to meet the UK laws? - ---ANSWER>>>-Name &
Position of the individual who is providing consent
-Authorized testing period - both the date range and hours that testing
is permitted
- Contact information for members of technical staff, who may provide
assistance during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing
Credentials that may be required as part of authenticated application
testing
What are the important highlights of the data protection act 1998? - ---
ANSWER>>>- Personal data must be processed fairly and lawfully
, 4
- be obtained only for lawful purposes and not processed in
any manner incompatible with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than neccessary
- be processed in accordance with the rights and freedoms of data
subjects
- Be protected against unauthorized or unlawful processing and against
accidental loss, destruction or damage
What are the important highlights of the police and justice act
2006? - ---ANSWER>>>- Make amendments to the computer
misuse act 1990
- increased penalties of computer misuse act (makes
unauthorized computer access serious enough to fall under
extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits.
What issues may arise between a tester and his client? - ---
ANSWER>>>- The tester is unknown to his client - so, on what
grounds, he should be given access of sensitive data -Who will take
the guarantee of security of lost data?
- The client may blame for the loss of data or confidentiality to
tester.
How can you prevent legal issues when doing a penetration test? - ---
ANSWER>>>A statement of intent should be duly signed by both
parties
, 5
- The tester has the permission in writing, with clearly defined
parameters
- the company has the details of its pen tester and an
assurance that he would not leak any confidential data
What does scoping a penetration test involve? ----- ANSWER>>>- All
relevant risk owners
- Technical staff knowledgeable about the target system
- A representative of the penetration test team
- Risk owners should outline any areas of special concern - Technical
staff should outline technical boundaries of the organizations IT estate
- The penetration test team should identify what testing they believe
will give a full picture of the vulnerability status of the estate
What is a IP protocol? - ---ANSWER>>>The IP (Internet Protocol) is the
network layer communications protocol in the Internet protocol suite
used for relaying datagrams across network boundaries
What is the TCP protocol? - ---ANSWER>>>TCP (transmisson control
protocol) a main protocol from the Internet protocol suite.
What is the Task of TCP? - ---ANSWER>>>To create a
connection between the client and server before data can be sent.
What will applications that do not require a reliable data stream
use? - ---ANSWER>>>User datagram protocol
What is the task of the Internet Protocol? ----- ANSWER>>>to deliver
packets from the source host to the destination host based on the IP
addresses in the packet headers.
CORRECT ANSWERS LATEST 2025/2026(VERIFIED
ANSWERS)
What are the disadvantages of black box penetration testing? - ---
ANSWER>>>- Particularly, these kinds of test cases are difficult to
design
- Possibly, it is not worth, in-case designer has already conducted a test
case
- It does not conduct everything
What is white box penetration testing ? - ---ANSWER>>>A tester is
provided a whole range of information about the systems and/or
network such as schema, source code, os details, ip address, etc.
What are the advantages of white box penetration testing? - ---
ANSWER>>>- It ensures that all independent paths of a module have
been exercised
- It ensures that all logical decisions have been verified along with their
true and false value.
- It discovers the typographical errors and does syntax checking - It finds
the design errors that may have occurred because of the difference
between logical flow of the program and the actual execution.
, 3
What are the important highlights of the computer misuse act
1990? - ---ANSWER>>>Section 1: Unauthorized access to
computer material
Section 2: Unauthorized access with intent to commit or facilitate
commission of further offenses
Section 3: Unauthorized acts with intent to impair, or with recklessness
as to impairing the operation of a computer
Unauthorized modification of computer material
What are the important highlights of the human rights act 1998? -
---ANSWER>>>- The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
when capturing the scope of a penetration test, what information
requires consent to meet the UK laws? - ---ANSWER>>>-Name &
Position of the individual who is providing consent
-Authorized testing period - both the date range and hours that testing
is permitted
- Contact information for members of technical staff, who may provide
assistance during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing
Credentials that may be required as part of authenticated application
testing
What are the important highlights of the data protection act 1998? - ---
ANSWER>>>- Personal data must be processed fairly and lawfully
, 4
- be obtained only for lawful purposes and not processed in
any manner incompatible with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than neccessary
- be processed in accordance with the rights and freedoms of data
subjects
- Be protected against unauthorized or unlawful processing and against
accidental loss, destruction or damage
What are the important highlights of the police and justice act
2006? - ---ANSWER>>>- Make amendments to the computer
misuse act 1990
- increased penalties of computer misuse act (makes
unauthorized computer access serious enough to fall under
extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits.
What issues may arise between a tester and his client? - ---
ANSWER>>>- The tester is unknown to his client - so, on what
grounds, he should be given access of sensitive data -Who will take
the guarantee of security of lost data?
- The client may blame for the loss of data or confidentiality to
tester.
How can you prevent legal issues when doing a penetration test? - ---
ANSWER>>>A statement of intent should be duly signed by both
parties
, 5
- The tester has the permission in writing, with clearly defined
parameters
- the company has the details of its pen tester and an
assurance that he would not leak any confidential data
What does scoping a penetration test involve? ----- ANSWER>>>- All
relevant risk owners
- Technical staff knowledgeable about the target system
- A representative of the penetration test team
- Risk owners should outline any areas of special concern - Technical
staff should outline technical boundaries of the organizations IT estate
- The penetration test team should identify what testing they believe
will give a full picture of the vulnerability status of the estate
What is a IP protocol? - ---ANSWER>>>The IP (Internet Protocol) is the
network layer communications protocol in the Internet protocol suite
used for relaying datagrams across network boundaries
What is the TCP protocol? - ---ANSWER>>>TCP (transmisson control
protocol) a main protocol from the Internet protocol suite.
What is the Task of TCP? - ---ANSWER>>>To create a
connection between the client and server before data can be sent.
What will applications that do not require a reliable data stream
use? - ---ANSWER>>>User datagram protocol
What is the task of the Internet Protocol? ----- ANSWER>>>to deliver
packets from the source host to the destination host based on the IP
addresses in the packet headers.
