UPDATED CREST CPSA - Appendix A: Soft Skills and Assessment Management Questions with 100% Correct Answers

What are the Benefits and utility of penetration testing to the client? Correct Answer 1.) Identifies existing and potential security risks. 2.) Obtain recommendations to remove vulnerabilities and increase security and protection against attack. 3.) Increase awareness of security issues 4.) Meet regulatory requirements 5.) Satisfy external customers of the client that there system meets recognised security standards What is NDA? Correct Answer Non-disclosure agreement What is infrastructure testing? Correct Answer Security review of network connected IT equipment including security/networking devices, servers, and workstations. What is application testing? Correct Answer Security review of computer program running on a IT system. What is Blackbox testing? Correct Answer Zero knowledge of internal workings What is Whitebox testing? Correct Answer Detailed knowledge of internal workings, for example design specs or source code (application). What is Computer Misuse Act 1990? Correct Answer 1.) Covers intended unauthorised access to a computer material. 2.) Covers unauthorised modification of computer system or data held on a computer system. 3.) Unauthorised access to a computer system with intent to commit or facilitate further offences 4.) Need to ensure you have signed permission to access systems otherwise it is a breach of the Computer Misuse Act. What is Humans Rights Act 1998? Correct Answer 1.) Employees have a right to privacy while in their place of work. This right may be breached during the pen-test due to network traffic capture, access to shared resources containing personal data, terminal services type access, etc. 2.) The client contract should advise users that testers may gain access to private information. The onus is then on the client to inform their employees about the testing if not covered by employment contracts warning of internet/mail/data logging and monitoring.