CPSA LATEST 2026 TEST PAPER QUESTIONS AND
ANSWERS GUARANTEE A+
✔✔SSH - ✔✔SSH is an implementation of a secure channel at the application layer. It
provides the same security services as TLS and IPSEC, but it is of course application-
specific. It is widely used for remote access by login and can now also provide a mini-
VPN. The protocol assumes that there is a reliable channel provided by IP. A secure
channel aims to provide origin authentication, confidentiality and integrity but NOT non-
repudiation and security services after receipt of data.
✔✔PGP - ✔✔PGP is a rival to S/MIME and achieves the exact same thing. It is a little
more complicated to use because it is not part of the mail client software like S/MIME: it
is available as a plug-in that you can download and install from the Internet. It is less
flexible than S/MIME as it only allows one type of security processing. And, signatures
are computed on unencrypted data. PGP-processed data is base64 encoded and
carried inside an RFC822 message body.
PGP supports DES, 3DES, AES and others for bulk data encryption with symmetric
algorithms. It uses RSA and ElGamal for public key encryption of session keys, and
SHA-1, MD5, and others for hashing. Signature algorithms are RSA, DSS, Elliptic Curve
Digital Signature Algorithms, and others.
✔✔WPA (Wi-Fi Protected Access) - ✔✔WPA is the successor of WEP. The first version
still relied on the classic encryption algorithms in WEP, but they were implemented
differently (to be able to update without having to replace hardware). The successor
used AES. There are several keys:
· Mutual key authentication
· Session keys from master key
o Encryption key
o MAC key
o Data encryption key
o Data MAC key
There are two ways of generating dynamic keys: CCMP and TKIP (Temporal Key
Integrity Protocol). CCMP is a CBC MAC protocol used from AES and available for
WPA2. TKIP basically works by generating a sequence of WEP keys based on a master
key, and re-keying periodically before enough volume of info. could be captured to allow
recovery of the WEP key. TKIP changes the Key every 10,000 packets, which is quick
enough to combat statistical methods to analyze the cipher.
✔✔File system permissions
UNIX - ✔✔No permission
---
Execute permission
--x
Write permission
-w-
,Execute and write permission: 1 (execute) + 2 (write) = 3
-wx
Read permission
r--
Read and execute permission: 4 (read) + 1 (execute) = 5
r-x
Read and write permission: 4 (read) + 2 (write) = 6
rw-
All permissions: 4 (read) + 2 (write) + 1 (execute) = 7
rwx
✔✔t = sticky bit - ✔✔A sticky bit is a permission bit that is set on a directory that allows
only the owner of the file within that directory, the owner of the directory or the root user
to delete or rename the file. No other user has the needed privileges to delete the file
created by some other user.
This is a security measure to avoid deletion of critical folders and their content (sub-
directories and files), though other users have full permissions.
drwsr-sr-x 2 root root 4096 Jun 19 06:45 dirname
When you execute a program that has the SUID bit enabled, you inherit the permissions
of that program's owner. Programs that do not have the SUID bit set are run with the
permissions of the user who started the program.
✔✔Analyzing ACLs in the registry - ✔✔Grab existing ACL: $ acl = Get-Acl
HKLM:\SOFTWARE\powertoe
✔✔netstat - ✔✔-a lists all the computer's connections and listening ports
-n displays addresses and port numbers in numerical format
-o outputs the process ID (PID) responsible for the connection
-b outputs the EXE and its associated DLLs
✔✔DNS Zone Transfer - ✔✔Replicate DNS databases across a group of DNS servers
DNS services are primarily accessed through UDP port 53 when serving answers to
DNS requests. Authoritative name servers also listen on TCP port 53 to serve DNS
zone transfers and other high-volume queries.
A DNS zone file contains all the naming information stored by the name server
regarding a specific DNS domain. A DNS zone transfer can often be launched to
retrieve details of nonpublic internal networks and other useful information that can help
build an accurate map of the target infrastructure.
The most effective method to issue a DNS zone transfer request against a specific DNS
server is to use DiG.
✔✔A (Address) Record - ✔✔DNS records are used to control the location of a resource
on the Internet. A Records are the most basic type of DNS record and are used to point
a domain or subdomain to an IP address. The 'A' stands for 'address'. For example, if
you query the A records of google.com, it currently returns an IP address of
, 172.217.3.174. 172.217.3.174 is the IP address of the hosting server for Google's
website.
$ORIGIN example.com.
@ 3600 IN A 223.89.20.79
* 3600 IN A 223.89.20.79
ftp 86400 IN A 201.52.12.36
✔✔CNAME (Canonical Name) Record - ✔✔CNAME record (Canonical Name Record)
is another commonly used type of DNS entry and is used to maps an alias name to a
true or canonical domain name. When a DNS resolver encounters a CNAME record, the
DNS lookup will continue by retrying the lookup with true or canonical domain name.
One thing that CNAME records are commonly used for is to direct a part of your website
to a site set up elsewhere, such as an eCommerce shop or something similar. CNAME
records also allow you to point multiple systems to one IP without specifically assigning
an A record to each hostname. If that IP were ever to change, you would only have to
update one A record.
$ORIGIN example.com.
shop 3600 IN CNAME myshop.com.
clientarea 86400 IN CNAME clientinterface.com.
✔✔HINFO (Host Information) Record - ✔✔HINFO records allow you to define the
hardware type and Operating System (OS) in use at a host. This information can be
used by application protocols such as FTP, which uses special procedures when
communicating with computers of a known CPU and OS type. For security reasons,
these records are rarely used on public servers.
$ORIGIN example.com.
testhinfo 90 IN HINFO "INTEL-386" "Windows"
MX (Mail Exchanger) Record
Mail Exchanger (MX) records tell the world which mail servers accept incoming mail for
your domain and where emails sent to your domain should be routed to. You can send
emails without the MX record configured for your domain name, but if the MX record is
not set up correctly, you will not receive email.
$ORIGIN example.com.
@ 3600 IN MX 10 mx1.dynu.com.
@ 3600 IN MX 20 mx2.dynu.com.
✔✔NS (Name Server) Record - ✔✔An NS record or name server record identify which
name servers are authoritative for a zone. DNS resolvers will query the servers listed in
the NS records of a domain name for specific DNS records such as A, AAAA, MX, TXT.
A DNS zone must contain at least one NS record but you can have as many NS records
as you would like for your domain name. The benefit of having multiple NS records is
the redundancy of your DNS service. In order to have a valid DNS configuration, the NS
records configured in the DNS zone must be exactly the same as these configured as
name servers at your domain name provider.
$ORIGIN example.com.
@ 3600 IN NS ns1.dynu.com.
ANSWERS GUARANTEE A+
✔✔SSH - ✔✔SSH is an implementation of a secure channel at the application layer. It
provides the same security services as TLS and IPSEC, but it is of course application-
specific. It is widely used for remote access by login and can now also provide a mini-
VPN. The protocol assumes that there is a reliable channel provided by IP. A secure
channel aims to provide origin authentication, confidentiality and integrity but NOT non-
repudiation and security services after receipt of data.
✔✔PGP - ✔✔PGP is a rival to S/MIME and achieves the exact same thing. It is a little
more complicated to use because it is not part of the mail client software like S/MIME: it
is available as a plug-in that you can download and install from the Internet. It is less
flexible than S/MIME as it only allows one type of security processing. And, signatures
are computed on unencrypted data. PGP-processed data is base64 encoded and
carried inside an RFC822 message body.
PGP supports DES, 3DES, AES and others for bulk data encryption with symmetric
algorithms. It uses RSA and ElGamal for public key encryption of session keys, and
SHA-1, MD5, and others for hashing. Signature algorithms are RSA, DSS, Elliptic Curve
Digital Signature Algorithms, and others.
✔✔WPA (Wi-Fi Protected Access) - ✔✔WPA is the successor of WEP. The first version
still relied on the classic encryption algorithms in WEP, but they were implemented
differently (to be able to update without having to replace hardware). The successor
used AES. There are several keys:
· Mutual key authentication
· Session keys from master key
o Encryption key
o MAC key
o Data encryption key
o Data MAC key
There are two ways of generating dynamic keys: CCMP and TKIP (Temporal Key
Integrity Protocol). CCMP is a CBC MAC protocol used from AES and available for
WPA2. TKIP basically works by generating a sequence of WEP keys based on a master
key, and re-keying periodically before enough volume of info. could be captured to allow
recovery of the WEP key. TKIP changes the Key every 10,000 packets, which is quick
enough to combat statistical methods to analyze the cipher.
✔✔File system permissions
UNIX - ✔✔No permission
---
Execute permission
--x
Write permission
-w-
,Execute and write permission: 1 (execute) + 2 (write) = 3
-wx
Read permission
r--
Read and execute permission: 4 (read) + 1 (execute) = 5
r-x
Read and write permission: 4 (read) + 2 (write) = 6
rw-
All permissions: 4 (read) + 2 (write) + 1 (execute) = 7
rwx
✔✔t = sticky bit - ✔✔A sticky bit is a permission bit that is set on a directory that allows
only the owner of the file within that directory, the owner of the directory or the root user
to delete or rename the file. No other user has the needed privileges to delete the file
created by some other user.
This is a security measure to avoid deletion of critical folders and their content (sub-
directories and files), though other users have full permissions.
drwsr-sr-x 2 root root 4096 Jun 19 06:45 dirname
When you execute a program that has the SUID bit enabled, you inherit the permissions
of that program's owner. Programs that do not have the SUID bit set are run with the
permissions of the user who started the program.
✔✔Analyzing ACLs in the registry - ✔✔Grab existing ACL: $ acl = Get-Acl
HKLM:\SOFTWARE\powertoe
✔✔netstat - ✔✔-a lists all the computer's connections and listening ports
-n displays addresses and port numbers in numerical format
-o outputs the process ID (PID) responsible for the connection
-b outputs the EXE and its associated DLLs
✔✔DNS Zone Transfer - ✔✔Replicate DNS databases across a group of DNS servers
DNS services are primarily accessed through UDP port 53 when serving answers to
DNS requests. Authoritative name servers also listen on TCP port 53 to serve DNS
zone transfers and other high-volume queries.
A DNS zone file contains all the naming information stored by the name server
regarding a specific DNS domain. A DNS zone transfer can often be launched to
retrieve details of nonpublic internal networks and other useful information that can help
build an accurate map of the target infrastructure.
The most effective method to issue a DNS zone transfer request against a specific DNS
server is to use DiG.
✔✔A (Address) Record - ✔✔DNS records are used to control the location of a resource
on the Internet. A Records are the most basic type of DNS record and are used to point
a domain or subdomain to an IP address. The 'A' stands for 'address'. For example, if
you query the A records of google.com, it currently returns an IP address of
, 172.217.3.174. 172.217.3.174 is the IP address of the hosting server for Google's
website.
$ORIGIN example.com.
@ 3600 IN A 223.89.20.79
* 3600 IN A 223.89.20.79
ftp 86400 IN A 201.52.12.36
✔✔CNAME (Canonical Name) Record - ✔✔CNAME record (Canonical Name Record)
is another commonly used type of DNS entry and is used to maps an alias name to a
true or canonical domain name. When a DNS resolver encounters a CNAME record, the
DNS lookup will continue by retrying the lookup with true or canonical domain name.
One thing that CNAME records are commonly used for is to direct a part of your website
to a site set up elsewhere, such as an eCommerce shop or something similar. CNAME
records also allow you to point multiple systems to one IP without specifically assigning
an A record to each hostname. If that IP were ever to change, you would only have to
update one A record.
$ORIGIN example.com.
shop 3600 IN CNAME myshop.com.
clientarea 86400 IN CNAME clientinterface.com.
✔✔HINFO (Host Information) Record - ✔✔HINFO records allow you to define the
hardware type and Operating System (OS) in use at a host. This information can be
used by application protocols such as FTP, which uses special procedures when
communicating with computers of a known CPU and OS type. For security reasons,
these records are rarely used on public servers.
$ORIGIN example.com.
testhinfo 90 IN HINFO "INTEL-386" "Windows"
MX (Mail Exchanger) Record
Mail Exchanger (MX) records tell the world which mail servers accept incoming mail for
your domain and where emails sent to your domain should be routed to. You can send
emails without the MX record configured for your domain name, but if the MX record is
not set up correctly, you will not receive email.
$ORIGIN example.com.
@ 3600 IN MX 10 mx1.dynu.com.
@ 3600 IN MX 20 mx2.dynu.com.
✔✔NS (Name Server) Record - ✔✔An NS record or name server record identify which
name servers are authoritative for a zone. DNS resolvers will query the servers listed in
the NS records of a domain name for specific DNS records such as A, AAAA, MX, TXT.
A DNS zone must contain at least one NS record but you can have as many NS records
as you would like for your domain name. The benefit of having multiple NS records is
the redundancy of your DNS service. In order to have a valid DNS configuration, the NS
records configured in the DNS zone must be exactly the same as these configured as
name servers at your domain name provider.
$ORIGIN example.com.
@ 3600 IN NS ns1.dynu.com.
