1|Page
CREST CPSA EXAM 400 QUESTIONS AND
CORRECT ANSWERS LATEST (VERIFIED
ANSWERS) ALREADY GRADED A 2025 UPDATE
Squid Proxy - CORRECT ANSWER>>3128
Benefits of a Penetration Test - CORRECT ANSWER>>- Enhancement of the
management system
- Avoid fines
- Protection from financial damage
- Customer protection
Structure of a Penetration Test - CORRECT ANSWER>>Planning and Preparation
Reconnaissance
Discovery
Analyzing information and risks
Active intrusion attempts
Final analysis Report
Preparation
Another Structure of a Penetration Test - CORRECT ANSWER>>Reconnaissance
Vulnerability Scanning
Investigation
Exploitation
Infrastructure Testing - CORRECT ANSWER>>Includes all internal computer
systems, associated external devices, internet networking, cloud and virtualization
testing.
Types of Infrastructure Testing - CORRECT ANSWER>>- External Infrastructure
Penetration Testing
- Internal Infrastructure Penetration Testing
,2|Page
- Cloud and Virtualization Penetration Testing
- Wireless Security Penetration Testing
External Infrastructure Testing - CORRECT ANSWER>>Mapping flaws in the
external infrastructure
Benefits of External Infrastructure Testing - CORRECT ANSWER>>- Identifies flaws
within the firewall configuration that could be misused.
- Finds how information could be leaked out from the system
- Suggests how these issues could be fixed
- Prepares a comprehensive report highlighting the security risk of the networks
and suggests solutions
- Ensures overall efficiency and productivity of your business
Benefits of Internal Infrastructure Testing - CORRECT ANSWER>>- Identifies how
an internal attacker could take advantage of even a minor security flaw
- Identifies the potential business risk and damage that an internal attacker can
inflict
- Improves security systems of internal infrastructure
- Prepares a comprehensive report giving details of the security exposures of
internal networks along with the detailed action plan on how to deal with it
Benefits of Cloud and Virtualization Penetration Testing - CORRECT ANSWER>>-
Discover the real risks within the virtual environment and suggests the methods
and costs to fix the threats and flaws
- Provides guidelines and an action plan how to resolve the issues
- Improves the overall protection systems
- Prepares a comprehensive security system report of the cloud computing and
virtualization, outline the security flaws, causes and possible solutions
Benefits of Wireless Security Penetration Testing - CORRECT ANSWER>>- To find
the potential risk caused by your wireless device
,3|Page
- To provide guidelines and an action plan on how to protect from the external
threats
- For preparing a comprehensive security system report of the wireless
networking, to outline the security flaw, causes, and possible solutions
Black Box Testing - CORRECT ANSWER>>Black-box testing is a method in which
the tester is provided no information about the application being tested.
Advantages of Black Box Testing - CORRECT ANSWER>>- Test is generally
conducted with the perspective of a user, not the designer
- Verifies contradictions in the actual system and the specifications
Disadvantages of Black Box Penetration Testing - CORRECT ANSWER>>-
Particularly, these kinds of test cases are difficult to design
- Possibly, it is not worth, in case designer has already conducted a test case
- It does not conduct everything
White Box Penetration Testing - CORRECT ANSWER>>A tester is provided a whole
range of information about the systems and/or network such as schema, source
code, os details, ip address, etc.
Advantages of White Box Penetration Testing - CORRECT ANSWER>>- It ensures
that all independent paths of a module have been exercised
- It ensures that all logical decisions have been verified along with their true and
false value.
- It discovers the typographical errors and does syntax checking
- It finds the design errors that may have occurred because of the difference
between logical flow of the program and the actual execution.
Computer Misuse Act 1990 Highlights - CORRECT ANSWER>>Section 1:
Unauthorized access to computer material
Section 2: Unauthorized access with intent to commit or facilitate commission of
further offenses
, 4|Page
Section 3: Unauthorized acts with intent to impair, or with recklessness as to
impairing the operation of a computer
Human Rights Act 1998 Highlights - CORRECT ANSWER>>- The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
Consent Information for Penetration Test - CORRECT ANSWER>>- Name &
Position of the individual who is providing consent
- Authorized testing period - both the date range and hours that testing is
permitted
- Contact information for members of technical staff, who may provide assistance
during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing
- Credentials that may be required as part of authenticated application testing
Data Protection Act 1998 Highlights - CORRECT ANSWER>>- Personal data must
be processed fairly and lawfully
- be obtained only for lawful purposes and not processed in any manner
incompatible with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than necessary
- be processed in accordance with the rights and freedoms of data subjects
- Be protected against unauthorized or unlawful processing and against accidental
loss, destruction or damage
Police and Justice Act 2006 Highlights - CORRECT ANSWER>>- Make amendments
to the computer misuse act 1990
- increased penalties of computer misuse act (makes unauthorized computer
access serious enough to fall under extradition)
CREST CPSA EXAM 400 QUESTIONS AND
CORRECT ANSWERS LATEST (VERIFIED
ANSWERS) ALREADY GRADED A 2025 UPDATE
Squid Proxy - CORRECT ANSWER>>3128
Benefits of a Penetration Test - CORRECT ANSWER>>- Enhancement of the
management system
- Avoid fines
- Protection from financial damage
- Customer protection
Structure of a Penetration Test - CORRECT ANSWER>>Planning and Preparation
Reconnaissance
Discovery
Analyzing information and risks
Active intrusion attempts
Final analysis Report
Preparation
Another Structure of a Penetration Test - CORRECT ANSWER>>Reconnaissance
Vulnerability Scanning
Investigation
Exploitation
Infrastructure Testing - CORRECT ANSWER>>Includes all internal computer
systems, associated external devices, internet networking, cloud and virtualization
testing.
Types of Infrastructure Testing - CORRECT ANSWER>>- External Infrastructure
Penetration Testing
- Internal Infrastructure Penetration Testing
,2|Page
- Cloud and Virtualization Penetration Testing
- Wireless Security Penetration Testing
External Infrastructure Testing - CORRECT ANSWER>>Mapping flaws in the
external infrastructure
Benefits of External Infrastructure Testing - CORRECT ANSWER>>- Identifies flaws
within the firewall configuration that could be misused.
- Finds how information could be leaked out from the system
- Suggests how these issues could be fixed
- Prepares a comprehensive report highlighting the security risk of the networks
and suggests solutions
- Ensures overall efficiency and productivity of your business
Benefits of Internal Infrastructure Testing - CORRECT ANSWER>>- Identifies how
an internal attacker could take advantage of even a minor security flaw
- Identifies the potential business risk and damage that an internal attacker can
inflict
- Improves security systems of internal infrastructure
- Prepares a comprehensive report giving details of the security exposures of
internal networks along with the detailed action plan on how to deal with it
Benefits of Cloud and Virtualization Penetration Testing - CORRECT ANSWER>>-
Discover the real risks within the virtual environment and suggests the methods
and costs to fix the threats and flaws
- Provides guidelines and an action plan how to resolve the issues
- Improves the overall protection systems
- Prepares a comprehensive security system report of the cloud computing and
virtualization, outline the security flaws, causes and possible solutions
Benefits of Wireless Security Penetration Testing - CORRECT ANSWER>>- To find
the potential risk caused by your wireless device
,3|Page
- To provide guidelines and an action plan on how to protect from the external
threats
- For preparing a comprehensive security system report of the wireless
networking, to outline the security flaw, causes, and possible solutions
Black Box Testing - CORRECT ANSWER>>Black-box testing is a method in which
the tester is provided no information about the application being tested.
Advantages of Black Box Testing - CORRECT ANSWER>>- Test is generally
conducted with the perspective of a user, not the designer
- Verifies contradictions in the actual system and the specifications
Disadvantages of Black Box Penetration Testing - CORRECT ANSWER>>-
Particularly, these kinds of test cases are difficult to design
- Possibly, it is not worth, in case designer has already conducted a test case
- It does not conduct everything
White Box Penetration Testing - CORRECT ANSWER>>A tester is provided a whole
range of information about the systems and/or network such as schema, source
code, os details, ip address, etc.
Advantages of White Box Penetration Testing - CORRECT ANSWER>>- It ensures
that all independent paths of a module have been exercised
- It ensures that all logical decisions have been verified along with their true and
false value.
- It discovers the typographical errors and does syntax checking
- It finds the design errors that may have occurred because of the difference
between logical flow of the program and the actual execution.
Computer Misuse Act 1990 Highlights - CORRECT ANSWER>>Section 1:
Unauthorized access to computer material
Section 2: Unauthorized access with intent to commit or facilitate commission of
further offenses
, 4|Page
Section 3: Unauthorized acts with intent to impair, or with recklessness as to
impairing the operation of a computer
Human Rights Act 1998 Highlights - CORRECT ANSWER>>- The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
Consent Information for Penetration Test - CORRECT ANSWER>>- Name &
Position of the individual who is providing consent
- Authorized testing period - both the date range and hours that testing is
permitted
- Contact information for members of technical staff, who may provide assistance
during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing
- Credentials that may be required as part of authenticated application testing
Data Protection Act 1998 Highlights - CORRECT ANSWER>>- Personal data must
be processed fairly and lawfully
- be obtained only for lawful purposes and not processed in any manner
incompatible with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than necessary
- be processed in accordance with the rights and freedoms of data subjects
- Be protected against unauthorized or unlawful processing and against accidental
loss, destruction or damage
Police and Justice Act 2006 Highlights - CORRECT ANSWER>>- Make amendments
to the computer misuse act 1990
- increased penalties of computer misuse act (makes unauthorized computer
access serious enough to fall under extradition)
