Search CliffsNotes
CREST CPSA EXAM VERIFIED QUESTIONS AND CORRECT ANSWERS LATEST 2023-2024 .pdf
1 Helpful Unhelpful
Home / Information Systems
CREST CPSA EXAM VERIFIED
QUESTIONS AND CORRECT
ANSWERS LATEST 2023-2024
What port does squid proxy use? ---------------------- ANSWER>>>3128
What are the benefits of a penetration test? ----------------------------ANSWER>>>-
Enhancement of the management system
- Avoid fines
- Protection from financial damage
- Customer protection
What is the structure of a penetration test? - ---
ANSWER>>>Planning and Preparation
Reconnaissance
Discovery
Analyzing information and risks Active
intrusion attempts
Final analysis Report
Preparation
What is another structure of a penetration test? - ---
ANSWER>>>Reconnaissance
Vulnerability Scanning Investigation
Exploitation
, 3
What is does infrastructure testing include? - ---
ANSWER>>>Includes all internal computer systems, associated external devices,
internet networking, cloud and virtualization testing.
What are the types of infrastructure testing? --------------------------- ANSWER>>>-
External Infrastructure Penetration Testing
- Internal Infrastructure Penetration Testing
- Cloud and Virtualization Penetration Testing
- Wireless Security Penetration Testing
What does External Infrastructure Testing include? - ---
ANSWER>>>Mapping flaws in the external infrastructure
What are the benefits of External Infrastructure Testing ? - ---
ANSWER>>>- Identifies flaws within the firewall configuration thatcould be
misused.
- Finds how information could be leaked out from the system
- Suggests how these issues could be fixed
- Prepares a comprehensive report highlighting the security risk ofthe networks and
suggests solutions
- Ensures overall efficiency and productivity of your business
What are the benefits of Internal Infrastructure testing? - ---
ANSWER>>>-Identifies how an internal attacker could takeadvantage of
even a minor security flaw
- Identifies the potential business risk and damage that an internalattacker can inflict
- Improves security systems of internal infrastructure
- Prepares a comprehensive report giving details of the security exposures of
internal networks along with the detailed action planon how to deal with it
What are the benefits of cloud and virtualization penetrationtesting? - ---
ANSWER>>>- Discover the real risks within the
, 4
virtual environment and suggests the methods and costs to fix thethreats and flaws
- Provides guidelines and an action plan how to resolve the issues
- Improves the overall protection systems
- Prepares a comprehensive security system report of the cloud computing and
virtualization, outline the security flaws, causesand possible solutions
What are the benefits of wireless security penetration testing ? - --
-ANSWER>>>- To find the potential risk caused by your wirelessdevice
- To provide guidelines and an action plan on how to protect fromthe external
threats
- For preparing a comprehensive security system report of thewireless
networking, to outline the security flaw, causes, and possible solutions
What is Black Box Testing? - ---ANSWER>>>Black-box testing is a method in
which the tester is provided no information about theapplication being tested.
What are the advantages of Black Box Testing? - ---
ANSWER>>>- Test is generally conducted with the perspective ofa user, not the
designer
- Verifies contradictions in the actual system and thespecifications
What are the disadvantages of black box penetration testing? - ---
ANSWER>>>- Particularly, these kinds of test cases are difficultto design
- Possibly, it is not worth, in-case designer has already conducteda test case
- It does not conduct everything
5
, What os
whole
code, is
range
white
details,
ofbox
information
ip address,
penetration
etc.
abouttesting
the systems
? - ---ANSWER>>>A
and/ornetworktester
such isasprovided
schema, source
a
What are the advantages of white box penetration testing? - ---
ANSWER>>>- It ensures that all independent paths of a modulehave been
exercised
- It ensures that all logical decisions have been verified along withtheir true and false
value.
- It discovers the typographical errors and does syntax checking
- It finds the design errors that may have occurred because of thedifference
between logical flow of the program and the actual execution.
What are the important highlights of the computer misuse act1990? - ---
ANSWER>>>Section 1: Unauthorized access to computer material
Section 2: Unauthorized access with intent to commit or facilitatecommission of
further offenses
Section 3: Unauthorized acts with intent to impair, or withrecklessness as
to impairing the operation of a computer
Unauthorized modification of computer material
What are the important highlights of the human rights act 1998? -
---ANSWER>>>- The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
when capturing the scope of a penetration test, what information requires consent to
meet the UK laws? -------------------------------------------------------- ANSWER>>>-Name &
Position of the individual who is providing consent
-Authorized testing period - both the date range and hours thattesting is
permitted
6
- Contact information for members of technical staff, who mayprovide
assistance during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within applicationtesting
Credentials that may be required as part of authenticatedapplication
testing
CREST CPSA EXAM VERIFIED QUESTIONS AND CORRECT ANSWERS LATEST 2023-2024 .pdf
1 Helpful Unhelpful
Home / Information Systems
CREST CPSA EXAM VERIFIED
QUESTIONS AND CORRECT
ANSWERS LATEST 2023-2024
What port does squid proxy use? ---------------------- ANSWER>>>3128
What are the benefits of a penetration test? ----------------------------ANSWER>>>-
Enhancement of the management system
- Avoid fines
- Protection from financial damage
- Customer protection
What is the structure of a penetration test? - ---
ANSWER>>>Planning and Preparation
Reconnaissance
Discovery
Analyzing information and risks Active
intrusion attempts
Final analysis Report
Preparation
What is another structure of a penetration test? - ---
ANSWER>>>Reconnaissance
Vulnerability Scanning Investigation
Exploitation
, 3
What is does infrastructure testing include? - ---
ANSWER>>>Includes all internal computer systems, associated external devices,
internet networking, cloud and virtualization testing.
What are the types of infrastructure testing? --------------------------- ANSWER>>>-
External Infrastructure Penetration Testing
- Internal Infrastructure Penetration Testing
- Cloud and Virtualization Penetration Testing
- Wireless Security Penetration Testing
What does External Infrastructure Testing include? - ---
ANSWER>>>Mapping flaws in the external infrastructure
What are the benefits of External Infrastructure Testing ? - ---
ANSWER>>>- Identifies flaws within the firewall configuration thatcould be
misused.
- Finds how information could be leaked out from the system
- Suggests how these issues could be fixed
- Prepares a comprehensive report highlighting the security risk ofthe networks and
suggests solutions
- Ensures overall efficiency and productivity of your business
What are the benefits of Internal Infrastructure testing? - ---
ANSWER>>>-Identifies how an internal attacker could takeadvantage of
even a minor security flaw
- Identifies the potential business risk and damage that an internalattacker can inflict
- Improves security systems of internal infrastructure
- Prepares a comprehensive report giving details of the security exposures of
internal networks along with the detailed action planon how to deal with it
What are the benefits of cloud and virtualization penetrationtesting? - ---
ANSWER>>>- Discover the real risks within the
, 4
virtual environment and suggests the methods and costs to fix thethreats and flaws
- Provides guidelines and an action plan how to resolve the issues
- Improves the overall protection systems
- Prepares a comprehensive security system report of the cloud computing and
virtualization, outline the security flaws, causesand possible solutions
What are the benefits of wireless security penetration testing ? - --
-ANSWER>>>- To find the potential risk caused by your wirelessdevice
- To provide guidelines and an action plan on how to protect fromthe external
threats
- For preparing a comprehensive security system report of thewireless
networking, to outline the security flaw, causes, and possible solutions
What is Black Box Testing? - ---ANSWER>>>Black-box testing is a method in
which the tester is provided no information about theapplication being tested.
What are the advantages of Black Box Testing? - ---
ANSWER>>>- Test is generally conducted with the perspective ofa user, not the
designer
- Verifies contradictions in the actual system and thespecifications
What are the disadvantages of black box penetration testing? - ---
ANSWER>>>- Particularly, these kinds of test cases are difficultto design
- Possibly, it is not worth, in-case designer has already conducteda test case
- It does not conduct everything
5
, What os
whole
code, is
range
white
details,
ofbox
information
ip address,
penetration
etc.
abouttesting
the systems
? - ---ANSWER>>>A
and/ornetworktester
such isasprovided
schema, source
a
What are the advantages of white box penetration testing? - ---
ANSWER>>>- It ensures that all independent paths of a modulehave been
exercised
- It ensures that all logical decisions have been verified along withtheir true and false
value.
- It discovers the typographical errors and does syntax checking
- It finds the design errors that may have occurred because of thedifference
between logical flow of the program and the actual execution.
What are the important highlights of the computer misuse act1990? - ---
ANSWER>>>Section 1: Unauthorized access to computer material
Section 2: Unauthorized access with intent to commit or facilitatecommission of
further offenses
Section 3: Unauthorized acts with intent to impair, or withrecklessness as
to impairing the operation of a computer
Unauthorized modification of computer material
What are the important highlights of the human rights act 1998? -
---ANSWER>>>- The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
when capturing the scope of a penetration test, what information requires consent to
meet the UK laws? -------------------------------------------------------- ANSWER>>>-Name &
Position of the individual who is providing consent
-Authorized testing period - both the date range and hours thattesting is
permitted
6
- Contact information for members of technical staff, who mayprovide
assistance during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within applicationtesting
Credentials that may be required as part of authenticatedapplication
testing
