CPSA Final Exam
A1) Benefits of pentesting *** Manage risk. Increase business continuity. Minimise client-side attacks.
Protect clients, partners and third-parties. Comply with regulation.
A1) Pentest structure *** Reconnaissance (i.e. find live hosts, sweeping, find services, scanning, banner
matching, find vulnerabilities). Target prioritisation (e.g. assess servers rather than printers). Testing of
services and exploitation if applicable. Consult/Confirm with customer if ok to exploit. Inform customer
of any high risk issues that need addressing immediately.
A1) Project Lifecycle *** Data Gathering / Scoping / Briefing. Testing. Report Writing. Debriefing
A2) Computer Misuse Act 1990 *** The Act defines 3 specific offences: 1. Unauthorised access to
computer material (that is, a program or data). 6 months or Level 5 fine (£5000 currently). 2.
Unauthorised access to a computer system with intent to commit or facilitate the commission of a
serious crime. 5 years, max fine. 3. Unauthorised modification of computer material. 5 years, max fine.
In general: You must not test a system without prior authorisation (e.g. as agreed in written
scope/contract). You should never test without informing the client beforehand. Amended by Part 5 of
Police and Justice Act 2006.
A2) Police and Justice Act 2006 *** An amendment and update to the Computer Misuse Act 1990 in Part
5 of the Police and Justice Act 2006 are: Section 35. Unauthorised access to computer material. Section
36. Unauthorised acts with intent to impair operation of computer, etc. Section 37. Making, supplying or
obtaining articles for use in computer misuse offences. Section 38. Transitional and saving provision. In
general: Part V includes a few sections on Computer Misuse Act 1990. Provision for DoS as an offence.
Increased penalties. Making available tools to the Internet. Dual-use tools liable.
A2) Human Rights Act 1998 *** Lots of general human rights involved such as right to marry,
discrimination, privacy, slavery, guilty etc. Human Rights Act 1998 is relevant to Computer usage as:
"Protects the right of individuals against unreasonable disruption of and intrusion into their lives, while
balancing this individual right with those of others." In general: Article 8: Right to respect for private and
family life. Right to privacy. With Acceptable Usage Policy (AUP), you waive the right to privacy on
network.
,A2) Data Protection Act 1998 *** In general: Deals with PII (Personal Information ID). Data about
identifiable users should only be used for the purpose intended. Should not make a local copy (e.g. HR
Database)
A2) Handling Data (6 catergories) *** Data classification set by uk.gov. Important for CHECK member to
know the protective marking of test/report. 1. NPM — Non Protective Marking. 2. PROTECT — Not
sensitive enough to make classification. Sensitive but not high risk. 3. RESTRICTED — Pentests are
usually RESTRICTED as a minimum 4. CONFIDENTIAL — (Prejudical). 5. SECRET — (Serious Injuries). 6.
TOP SECRET (EGD).
A4) 5 Principles of Risk Management *** Assess risk and determine needs. Establish a central
management focus. Implement appropriate policies and related controls. Promote awareness. Monitor
and evaluate policy and control effectiveness.
A3) Sensible scoping questions (7) *** 1. What technologies are being used? 2. Can we get access to the
application (Web Application)? 3. How many users are there? 4. How many pages are there? Are they
dynamic or static? 5. What are you expecting us to find? 6. Will this be a white box or black box test? 7.
Will the testing be onsite or remote?
B1) OSI *** Open Standards Interconnection (OSI) developped by International Standards Organisation
(ISO)
B1) OSI Model. What and stages? *** Model is set of 7 layers that define the different stages that data
must go through to travel from one device to another over a network. {7} Application, {6} Presentation,
{5} Session, {4} Transport, {3} Network, {2} Data Link, {1} Physical. Higher layers more specific, lower
layers more generic. Please Do Not Tell Sales People Anything.
B1) Physical Layer *** Physical layer defines electrical and physical specifications for devices, i.e.
relationship between a device and a transmission medium (e.g. copper or fibre optical cable,
Shielded/unshielded twisted pair, 10Base-2, 10Base-T, 100Base-TX, 1000B-T, RJ45, Coaxial, Fibre-optical
cables, Copper cables)
,B1) Data Link Layer *** Data Link layer provides means to transfer data between network entities using
a common addressing format. Data Link layer has Logical Link Control (LLC) sublayer for multiplexing
several network protocols (e.g. IP, IPX, Decnet and Appletalk) to coexist in multipoint network. Data Link
layer has Media Access Control (MAC) sublayer for addressing and terminal/network nodes to
communicate within a multiple access network. MAC address, PPP, HDLC, ADCCP.
B1) Network Layer *** Network layer provides means of transferring data from a source host on one
network to a destination host on a different network. IP Address, ARP, IPv4, IPv6, ICMP, IPX, RIP, IKE.
B1) Transport Layer *** Transport layer provides transparent transfer of data using connection-oriented
data stream support, reliability, flow control, and multiplexing. Port Number, TCP, UDP, SCTP.
B1) Session Layer *** Session layer provides mechanism for opening, closing and managing a session
between end-user application processes, i.e., a semi-permanent dialogue. SOCKS, TLS-PSK, TLS-SRP.
B1) Presentation Layer *** Presentation layer is responsible for the delivery and formatting of
information to the application layer for further processing or display. MIME, Netware Core Protocol,
XML.
B1) Application Layer *** Application layer is outermost layer where user interact directly with the
software application. FTP, SSH, Telnet, SMTP, IMAP, POP, HTTP, HTTPS, RTP, BOOTP, SNMP, NTP.
B1) TCP/IP Model Layers *** TCP/IP model is basically a shorter version of the OSI model. Consists of
four instead of seven layers. Application, Transport, Network and Link. TCP Application layer is like
Application, Presentation and Session of OSI. TCP Transport aka 'Host-to-host transport' is Transport in
OSI. TCP Network aka 'Internet Layer' is Network OSI. TCP Link aka 'Network Access' is Data Link and
Physical OSI.
B1) TCP/IP Transport and Application Layer *** Transport Layer is a convenient application
programming interface to internet hosts. Application Layer contains all protocols and methods that fall
into the realm of process-to-process communications across an IP network.
, B1) IPv4 *** IPv4 uses a 32-bit address for its Internet addresses. That means it can provide support for
2^32 IP addresses in total â around 4.29 billion
B1) IPv6 Size and Advantages *** IPv6 utilizes 128-bit Internet addresses. No more NAT. No more
private address collisions. More efficient, many other benefits. Leading zeros can be omitted. The
double colon (::) can be used once in the text form of an address, to designate any number of 0 bits.
B1) TCP Characteristics (3) *** 1) Transmission Control Protocol/Internet Protocol. 2) It is specifically
designed as a model to offer highly reliable and end-to-end byte stream over an unreliable network. 3) A
TCP connection is established with the help of three-way handshake. It is a process of initiating and
acknowledging a connection. Once the connection is established, data transfer begins, and when the
transmission process is finished, the connection is terminated by the closing of an established virtual
circuit. The connection is full duplex, and both sides synchronize (SYN) and acknowledge (ACK) each
other. The exchange of these four flags is performed in three steps—SYN, SYN-ACK, and ACK
B1) UDP Characteristics *** 1) User Datagram Protocol (A datagram is a transfer unit associated with a
packet-switched network.) 2) Datagram oriented protocol. It is used for broadcast and multicast type of
network transmission. 3) The UDP protocol works almost similar to TCP, but it throws all the error-
checking stuff out, all the back-and-forth communication and deliverability. UDP uses a simple
transmission method without implied hand-shaking dialogues for ordering, reliability, or data integrity.
B1) TCP vs UDP (6) *** 1) TCP is a connection-oriented protocol, whereas UDP is a connectionless
protocol. 2) The speed for TCP is slower while the speed of UDP is faster. 3) TCP uses handshake
protocol like SYN, SYN-ACK, ACK while UDP uses no handshake protocols. 4) TCP does error checking and
also makes error recovery, on the other hand, UDP performs error checking, but it discards erroneous
packets. 5) TCP has acknowledgment segments, but UDP does not have any acknowledgment segment.
6) TCP is heavy-weight, and UDP is lightweight.
B1) ICMP *** 1) The Internet Control Message Protocol (ICMP) is a network layer protocol used by
network devices to diagnose network communication issues. 2) The primary purpose of ICMP is for error
reporting. ICMP is mainly used to determine whether or not data is reaching its intended destination in
a timely manner. 3) Unlike the Internet Protocol (IP), ICMP is not associated with a transport layer
protocol such as TCP or UDP. This makes ICMP a connectionless protocol: one device does not need to
open a connection with another device before sending an ICMP message. Normal IP traffic is sent using
TCP, which means any two devices that exchange data will first carry out a TCP handshake to ensure
A1) Benefits of pentesting *** Manage risk. Increase business continuity. Minimise client-side attacks.
Protect clients, partners and third-parties. Comply with regulation.
A1) Pentest structure *** Reconnaissance (i.e. find live hosts, sweeping, find services, scanning, banner
matching, find vulnerabilities). Target prioritisation (e.g. assess servers rather than printers). Testing of
services and exploitation if applicable. Consult/Confirm with customer if ok to exploit. Inform customer
of any high risk issues that need addressing immediately.
A1) Project Lifecycle *** Data Gathering / Scoping / Briefing. Testing. Report Writing. Debriefing
A2) Computer Misuse Act 1990 *** The Act defines 3 specific offences: 1. Unauthorised access to
computer material (that is, a program or data). 6 months or Level 5 fine (£5000 currently). 2.
Unauthorised access to a computer system with intent to commit or facilitate the commission of a
serious crime. 5 years, max fine. 3. Unauthorised modification of computer material. 5 years, max fine.
In general: You must not test a system without prior authorisation (e.g. as agreed in written
scope/contract). You should never test without informing the client beforehand. Amended by Part 5 of
Police and Justice Act 2006.
A2) Police and Justice Act 2006 *** An amendment and update to the Computer Misuse Act 1990 in Part
5 of the Police and Justice Act 2006 are: Section 35. Unauthorised access to computer material. Section
36. Unauthorised acts with intent to impair operation of computer, etc. Section 37. Making, supplying or
obtaining articles for use in computer misuse offences. Section 38. Transitional and saving provision. In
general: Part V includes a few sections on Computer Misuse Act 1990. Provision for DoS as an offence.
Increased penalties. Making available tools to the Internet. Dual-use tools liable.
A2) Human Rights Act 1998 *** Lots of general human rights involved such as right to marry,
discrimination, privacy, slavery, guilty etc. Human Rights Act 1998 is relevant to Computer usage as:
"Protects the right of individuals against unreasonable disruption of and intrusion into their lives, while
balancing this individual right with those of others." In general: Article 8: Right to respect for private and
family life. Right to privacy. With Acceptable Usage Policy (AUP), you waive the right to privacy on
network.
,A2) Data Protection Act 1998 *** In general: Deals with PII (Personal Information ID). Data about
identifiable users should only be used for the purpose intended. Should not make a local copy (e.g. HR
Database)
A2) Handling Data (6 catergories) *** Data classification set by uk.gov. Important for CHECK member to
know the protective marking of test/report. 1. NPM — Non Protective Marking. 2. PROTECT — Not
sensitive enough to make classification. Sensitive but not high risk. 3. RESTRICTED — Pentests are
usually RESTRICTED as a minimum 4. CONFIDENTIAL — (Prejudical). 5. SECRET — (Serious Injuries). 6.
TOP SECRET (EGD).
A4) 5 Principles of Risk Management *** Assess risk and determine needs. Establish a central
management focus. Implement appropriate policies and related controls. Promote awareness. Monitor
and evaluate policy and control effectiveness.
A3) Sensible scoping questions (7) *** 1. What technologies are being used? 2. Can we get access to the
application (Web Application)? 3. How many users are there? 4. How many pages are there? Are they
dynamic or static? 5. What are you expecting us to find? 6. Will this be a white box or black box test? 7.
Will the testing be onsite or remote?
B1) OSI *** Open Standards Interconnection (OSI) developped by International Standards Organisation
(ISO)
B1) OSI Model. What and stages? *** Model is set of 7 layers that define the different stages that data
must go through to travel from one device to another over a network. {7} Application, {6} Presentation,
{5} Session, {4} Transport, {3} Network, {2} Data Link, {1} Physical. Higher layers more specific, lower
layers more generic. Please Do Not Tell Sales People Anything.
B1) Physical Layer *** Physical layer defines electrical and physical specifications for devices, i.e.
relationship between a device and a transmission medium (e.g. copper or fibre optical cable,
Shielded/unshielded twisted pair, 10Base-2, 10Base-T, 100Base-TX, 1000B-T, RJ45, Coaxial, Fibre-optical
cables, Copper cables)
,B1) Data Link Layer *** Data Link layer provides means to transfer data between network entities using
a common addressing format. Data Link layer has Logical Link Control (LLC) sublayer for multiplexing
several network protocols (e.g. IP, IPX, Decnet and Appletalk) to coexist in multipoint network. Data Link
layer has Media Access Control (MAC) sublayer for addressing and terminal/network nodes to
communicate within a multiple access network. MAC address, PPP, HDLC, ADCCP.
B1) Network Layer *** Network layer provides means of transferring data from a source host on one
network to a destination host on a different network. IP Address, ARP, IPv4, IPv6, ICMP, IPX, RIP, IKE.
B1) Transport Layer *** Transport layer provides transparent transfer of data using connection-oriented
data stream support, reliability, flow control, and multiplexing. Port Number, TCP, UDP, SCTP.
B1) Session Layer *** Session layer provides mechanism for opening, closing and managing a session
between end-user application processes, i.e., a semi-permanent dialogue. SOCKS, TLS-PSK, TLS-SRP.
B1) Presentation Layer *** Presentation layer is responsible for the delivery and formatting of
information to the application layer for further processing or display. MIME, Netware Core Protocol,
XML.
B1) Application Layer *** Application layer is outermost layer where user interact directly with the
software application. FTP, SSH, Telnet, SMTP, IMAP, POP, HTTP, HTTPS, RTP, BOOTP, SNMP, NTP.
B1) TCP/IP Model Layers *** TCP/IP model is basically a shorter version of the OSI model. Consists of
four instead of seven layers. Application, Transport, Network and Link. TCP Application layer is like
Application, Presentation and Session of OSI. TCP Transport aka 'Host-to-host transport' is Transport in
OSI. TCP Network aka 'Internet Layer' is Network OSI. TCP Link aka 'Network Access' is Data Link and
Physical OSI.
B1) TCP/IP Transport and Application Layer *** Transport Layer is a convenient application
programming interface to internet hosts. Application Layer contains all protocols and methods that fall
into the realm of process-to-process communications across an IP network.
, B1) IPv4 *** IPv4 uses a 32-bit address for its Internet addresses. That means it can provide support for
2^32 IP addresses in total â around 4.29 billion
B1) IPv6 Size and Advantages *** IPv6 utilizes 128-bit Internet addresses. No more NAT. No more
private address collisions. More efficient, many other benefits. Leading zeros can be omitted. The
double colon (::) can be used once in the text form of an address, to designate any number of 0 bits.
B1) TCP Characteristics (3) *** 1) Transmission Control Protocol/Internet Protocol. 2) It is specifically
designed as a model to offer highly reliable and end-to-end byte stream over an unreliable network. 3) A
TCP connection is established with the help of three-way handshake. It is a process of initiating and
acknowledging a connection. Once the connection is established, data transfer begins, and when the
transmission process is finished, the connection is terminated by the closing of an established virtual
circuit. The connection is full duplex, and both sides synchronize (SYN) and acknowledge (ACK) each
other. The exchange of these four flags is performed in three steps—SYN, SYN-ACK, and ACK
B1) UDP Characteristics *** 1) User Datagram Protocol (A datagram is a transfer unit associated with a
packet-switched network.) 2) Datagram oriented protocol. It is used for broadcast and multicast type of
network transmission. 3) The UDP protocol works almost similar to TCP, but it throws all the error-
checking stuff out, all the back-and-forth communication and deliverability. UDP uses a simple
transmission method without implied hand-shaking dialogues for ordering, reliability, or data integrity.
B1) TCP vs UDP (6) *** 1) TCP is a connection-oriented protocol, whereas UDP is a connectionless
protocol. 2) The speed for TCP is slower while the speed of UDP is faster. 3) TCP uses handshake
protocol like SYN, SYN-ACK, ACK while UDP uses no handshake protocols. 4) TCP does error checking and
also makes error recovery, on the other hand, UDP performs error checking, but it discards erroneous
packets. 5) TCP has acknowledgment segments, but UDP does not have any acknowledgment segment.
6) TCP is heavy-weight, and UDP is lightweight.
B1) ICMP *** 1) The Internet Control Message Protocol (ICMP) is a network layer protocol used by
network devices to diagnose network communication issues. 2) The primary purpose of ICMP is for error
reporting. ICMP is mainly used to determine whether or not data is reaching its intended destination in
a timely manner. 3) Unlike the Internet Protocol (IP), ICMP is not associated with a transport layer
protocol such as TCP or UDP. This makes ICMP a connectionless protocol: one device does not need to
open a connection with another device before sending an ICMP message. Normal IP traffic is sent using
TCP, which means any two devices that exchange data will first carry out a TCP handshake to ensure
