CREST CPSA EXAM (NEWEST EXAM 2025) | ALL QUESTIONS AND
CREST CPSA Exam Practice
CORRECT ANSWERS | GRADED A+ | VERIFIED ANSWERS | LATEST
Study online at https://quizlet.com/_ha2glc
VERSION
1. Squid Proxy 3128
2. Benefits of a Pen- - Enhancement of the management system
etration Test - Avoid fines
- Protection from financial damage
- Customer protection
3. Structure of a Planning and Preparation
Penetration Test Reconnaissance
Discovery
Analyzing information and risks
Active intrusion attempts
Final analysis Report
Preparation
4. Another Struc- Reconnaissance
ture of a Penetra- Vulnerability Scanning
tion Test Investigation
Exploitation
5. Infrastructure Includes all internal computer systems, associated external devices, internet net-
Testing working, cloud and virtualization testing.
6. Types of Infra- - External Infrastructure Penetration Testing
structure Testing - Internal Infrastructure Penetration Testing
- Cloud and Virtualization Penetration Testing
- Wireless Security Penetration Testing
7. External Infra- Mapping flaws in the external infrastructure
structure Testing
8. - Identifies flaws within the firewall configuration that could be misused.
- Finds how information could be leaked out from the system
, CREST CPSA Exam Practice
Study online at https://quizlet.com/_ha2glc
Benefits of Ex- - Suggests how these issues could be fixed
ternal Infrastruc- - Prepares a comprehensive report highlighting the security risk of the networks
ture Testing and suggests solutions
- Ensures overall efficiency and productivity of your business
9. Benefits of In- - Identifies how an internal attacker could take advantage of even a minor security
ternal Infrastruc- flaw
ture Testing - Identifies the potential business risk and damage that an internal attacker can
inflict
- Improves security systems of internal infrastructure
- Prepares a comprehensive report giving details of the security exposures of
internal networks along with the detailed action plan on how to deal with it
10. Benefits of Cloud - Discover the real risks within the virtual environment and suggests the methods
and Virtualiza- and costs to fix the threats and flaws
tion Penetration - Provides guidelines and an action plan how to resolve the issues
Testing - Improves the overall protection systems
- Prepares a comprehensive security system report of the cloud computing and
virtualization, outline the security flaws, causes and possible solutions
11. Benefits of Wire- - To find the potential risk caused by your wireless device
less Security Pen- - To provide guidelines and an action plan on how to protect from the external
etration Testing threats
- For preparing a comprehensive security system report of the wireless network-
ing, to outline the security flaw, causes, and possible solutions
12. Black Box Testing Black-box testing is a method in which the tester is provided no information about
the application being tested.
13. Advantages of - Test is generally conducted with the perspective of a user, not the designer
Black Box Testing - Verifies contradictions in the actual system and the specifications
14.
, CREST CPSA Exam Practice
Study online at https://quizlet.com/_ha2glc
Disadvantages of - Particularly, these kinds of test cases are difficult to design
Black Box Pene- - Possibly, it is not worth, in case designer has already conducted a test case
tration Testing - It does not conduct everything
15. White Box Pene- A tester is provided a whole range of information about the systems and/or
tration Testing network such as schema, source code, os details, ip address, etc.
16. Advantages of - It ensures that all independent paths of a module have been exercised
White Box Pene- - It ensures that all logical decisions have been verified along with their true and
tration Testing false value.
- It discovers the typographical errors and does syntax checking
- It finds the design errors that may have occurred because of the difference
between logical flow of the program and the actual execution.
17. Computer Mis- Section 1: Unauthorized access to computer material
use Act 1990 Section 2: Unauthorized access with intent to commit or facilitate commission of
Highlights further offenses
Section 3: Unauthorized acts with intent to impair, or with recklessness as to
impairing the operation of a computer
18. Human Rights - The right to life
Act 1998 High- - The right to respect for private and family life
lights - The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
19. Consent Infor- - Name & Position of the individual who is providing consent
mation for Pene- - Authorized testing period - both the date range and hours that testing is
tration Test permitted
- Contact information for members of technical staff, who may provide assistance
during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing
- Credentials that may be required as part of authenticated application testing
, CREST CPSA Exam Practice
Study online at https://quizlet.com/_ha2glc
20. Data Protection - Personal data must be processed fairly and lawfully
Act 1998 High- - be obtained only for lawful purposes and not processed in any manner incom-
lights patible with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than necessary
- be processed in accordance with the rights and freedoms of data subjects
- Be protected against unauthorized or unlawful processing and against acciden-
tal loss, destruction or damage
21. Police and Justice - Make amendments to the computer misuse act 1990
Act 2006 High- - increased penalties of computer misuse act (makes unauthorized computer
lights access serious enough to fall under extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits.
22. Issues Between - The tester is unknown to his client - so, on what grounds, he should be given
Tester and Client access of sensitive data
- Who will take the guarantee of security of lost data?
- The client may blame for the loss of data or confidentiality to tester.
23. Preventing Legal - A statement of intent should be duly signed by both parties
Issues in Pene- - The tester has the permission in writing, with clearly defined parameters
tration Testing - the company has the details of its pen tester and an assurance that he would
not leak any confidential data
24. Scoping a Pene- - All relevant risk owners
tration Test - Technical staff knowledgeable about the target system
- The penetration test team should identify what testing they believe will give a full
picture of the vulnerability status of the estate
CREST CPSA Exam Practice
CORRECT ANSWERS | GRADED A+ | VERIFIED ANSWERS | LATEST
Study online at https://quizlet.com/_ha2glc
VERSION
1. Squid Proxy 3128
2. Benefits of a Pen- - Enhancement of the management system
etration Test - Avoid fines
- Protection from financial damage
- Customer protection
3. Structure of a Planning and Preparation
Penetration Test Reconnaissance
Discovery
Analyzing information and risks
Active intrusion attempts
Final analysis Report
Preparation
4. Another Struc- Reconnaissance
ture of a Penetra- Vulnerability Scanning
tion Test Investigation
Exploitation
5. Infrastructure Includes all internal computer systems, associated external devices, internet net-
Testing working, cloud and virtualization testing.
6. Types of Infra- - External Infrastructure Penetration Testing
structure Testing - Internal Infrastructure Penetration Testing
- Cloud and Virtualization Penetration Testing
- Wireless Security Penetration Testing
7. External Infra- Mapping flaws in the external infrastructure
structure Testing
8. - Identifies flaws within the firewall configuration that could be misused.
- Finds how information could be leaked out from the system
, CREST CPSA Exam Practice
Study online at https://quizlet.com/_ha2glc
Benefits of Ex- - Suggests how these issues could be fixed
ternal Infrastruc- - Prepares a comprehensive report highlighting the security risk of the networks
ture Testing and suggests solutions
- Ensures overall efficiency and productivity of your business
9. Benefits of In- - Identifies how an internal attacker could take advantage of even a minor security
ternal Infrastruc- flaw
ture Testing - Identifies the potential business risk and damage that an internal attacker can
inflict
- Improves security systems of internal infrastructure
- Prepares a comprehensive report giving details of the security exposures of
internal networks along with the detailed action plan on how to deal with it
10. Benefits of Cloud - Discover the real risks within the virtual environment and suggests the methods
and Virtualiza- and costs to fix the threats and flaws
tion Penetration - Provides guidelines and an action plan how to resolve the issues
Testing - Improves the overall protection systems
- Prepares a comprehensive security system report of the cloud computing and
virtualization, outline the security flaws, causes and possible solutions
11. Benefits of Wire- - To find the potential risk caused by your wireless device
less Security Pen- - To provide guidelines and an action plan on how to protect from the external
etration Testing threats
- For preparing a comprehensive security system report of the wireless network-
ing, to outline the security flaw, causes, and possible solutions
12. Black Box Testing Black-box testing is a method in which the tester is provided no information about
the application being tested.
13. Advantages of - Test is generally conducted with the perspective of a user, not the designer
Black Box Testing - Verifies contradictions in the actual system and the specifications
14.
, CREST CPSA Exam Practice
Study online at https://quizlet.com/_ha2glc
Disadvantages of - Particularly, these kinds of test cases are difficult to design
Black Box Pene- - Possibly, it is not worth, in case designer has already conducted a test case
tration Testing - It does not conduct everything
15. White Box Pene- A tester is provided a whole range of information about the systems and/or
tration Testing network such as schema, source code, os details, ip address, etc.
16. Advantages of - It ensures that all independent paths of a module have been exercised
White Box Pene- - It ensures that all logical decisions have been verified along with their true and
tration Testing false value.
- It discovers the typographical errors and does syntax checking
- It finds the design errors that may have occurred because of the difference
between logical flow of the program and the actual execution.
17. Computer Mis- Section 1: Unauthorized access to computer material
use Act 1990 Section 2: Unauthorized access with intent to commit or facilitate commission of
Highlights further offenses
Section 3: Unauthorized acts with intent to impair, or with recklessness as to
impairing the operation of a computer
18. Human Rights - The right to life
Act 1998 High- - The right to respect for private and family life
lights - The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
19. Consent Infor- - Name & Position of the individual who is providing consent
mation for Pene- - Authorized testing period - both the date range and hours that testing is
tration Test permitted
- Contact information for members of technical staff, who may provide assistance
during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing
- Credentials that may be required as part of authenticated application testing
, CREST CPSA Exam Practice
Study online at https://quizlet.com/_ha2glc
20. Data Protection - Personal data must be processed fairly and lawfully
Act 1998 High- - be obtained only for lawful purposes and not processed in any manner incom-
lights patible with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than necessary
- be processed in accordance with the rights and freedoms of data subjects
- Be protected against unauthorized or unlawful processing and against acciden-
tal loss, destruction or damage
21. Police and Justice - Make amendments to the computer misuse act 1990
Act 2006 High- - increased penalties of computer misuse act (makes unauthorized computer
lights access serious enough to fall under extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits.
22. Issues Between - The tester is unknown to his client - so, on what grounds, he should be given
Tester and Client access of sensitive data
- Who will take the guarantee of security of lost data?
- The client may blame for the loss of data or confidentiality to tester.
23. Preventing Legal - A statement of intent should be duly signed by both parties
Issues in Pene- - The tester has the permission in writing, with clearly defined parameters
tration Testing - the company has the details of its pen tester and an assurance that he would
not leak any confidential data
24. Scoping a Pene- - All relevant risk owners
tration Test - Technical staff knowledgeable about the target system
- The penetration test team should identify what testing they believe will give a full
picture of the vulnerability status of the estate