CPSA LATEST 2026 EXAM QUESTIONS AND ANSWERS
GUARANTEE A+
✔✔Network Sweeping Techniques to prioritise a target list and potential for false
positive - ✔✔Ping sweep $ nmap -sn [ip] / (previously) $nmap -sP [ip]
TCP Port Scan $ nmap -sT [ip]
UDP Port Scan $ nmap -sU [ip]
Top 10 ports $ nmap --top-ports 10 [ip]
Service Scan $ nmap -sV [ip]
No Ping Scan $ nmap -Pn [ip]
Scan All Ports $ nmap -p1-65535 [ip] / $ nmap -p- [ip]
Script Scan $ nmap --script=... [ip]
✔✔Egress Filtering - ✔✔Egress filtering is the control of traffic leaving the network.
Egress filtering prevents from sending unwanted traffic out of the internet. This could
include leaking out private network address space or stopping compromised system
attempting to communicate with remote hosts. Egress filtering can help in preventing
information leaks due to misconfiguration.
✔✔Port consider blocking - ✔✔MSRPC - TCP / UDP 135
NetBIOS - TCP / UDP 137 - 139
SMB / IP - TCP 445
TFTP - UDP 69
Syslog - UDP 514
SNMP - UDP
SMTP - TCP 25
✔✔Ingress Filtering - ✔✔Ingress filtering is a method of verifying inbound packet
arriving at a network from the source computer.
Ingress filtering is one method to reduce DDOS attacks which uses forged IP address to
be propagated. While ingress traffic reduces the possibility of source address spoofing.
It does not include preclude an attacker using a forged source address of another hosts
within the permitted prefix filter range. It however ensures that when an attack occurs a
network administrator will know where the originating prefixes that are being advertised.
✔✔Active Operating System Fingerprinting - ✔✔Active Fingerprinting is the process of
transmitting of packets to a remote hosts and analysing the corresponding replies.
Nmap
OS Detection $ nmap -O [ip]
Aggressive Scan (equiv. -O -sV -sC --traceroute) $ nmap -A [ip]
✔✔Active Operating System Fingerprinting - ✔✔Passive fingerprinting is the process of
analysing packets from a host on a network. In this case a finger printer act as a sniffer
and doesn't put any traffic on the network.
Tools:
,· NetworkMiner
· P0F
· Satori
✔✔Check of NMAP for services using aggressive scanning - ✔✔# nmap -sV -T4 -F
insecure.org
Starting Nmap ( http://nmap.org )
Nmap scan report for insecure.org (74.207.254.18)
Host is up (0.016s latency).
rDNS record for 74.207.254.18: web.insecure.org
Not shown: 95 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
25/tcp open smtp Postfix smtpd
80/tcp open http Apache httpd 2.2.3 ((CentOS))
113/tcp closed auth
443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS))
Service Info: Host: web.insecure.org
Nmap done: 1 IP address (1 host up) scanned in 14.82 seconds
✔✔Check for UDP applications - ✔✔$ sudo nmap -sU -p 3478 192.168.1.25
Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-13 20:43 EDT
Nmap scan report for example.com (192.168.1.25)
Host is up (0.096s latency).
PORT STATE SERVICE
3478/udp open|filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 1.17 seconds
✔✔Check for UDP connection through Netcat - ✔✔$ nc -vz -u 10.1.0.100 53
Connection to 10.1.0.100 53 port [udp/domain] succeeded!
-z Specifies that nc should just scan for listening daemons, without
sending any data to them. It is an error to use this option in
conjunction with the -l option.
✔✔ACL - ✔✔Access Control List
✔✔Network Access Control Analysis - ✔✔An access control list (ACL), with respect to a
computer file system, is a list of permissions attached to an object. An ACL specifies
which users or system processes are granted access to objects, as well as what
operations are allowed on given objects.[1] Each entry in a typical ACL specifies a
subject and an operation. For instance, if a file object has an ACL that contains (Alice:
read,write; Bob: read), this would give Alice permission to read and write the file and
Bob to only read it.
, #Set "Default Deny" Policy
Iptables -P INPUT DROP
Iptables -P OUTPUT DROP
Iptables -P FORWARD DROP
✔✔Cisco Deny FTP Traffic - ✔✔hostname R1
!
interface ethernet0
ip access-group 102 in
!
access-list 102 deny tcp any any eq ftp
access-list 102 deny tcp any any eq ftp-data
access-list 102 permit ip any any
✔✔Encoding - ✔✔The purpose of encoding is to transform data so that it can be
properly consumed by a different type of system, eg. Binary data being sent over email.
The goal is not to keep information secret. But rather to ensure that it is properly
consumed.
Encoding transform data into another format using scheme that is publicly available so
that it can be easily reverse.
It does not require a key as the only thing required to decode it is the algorithm that was
used to encode.
Examples: ASCII, Unicode, URL encoding, Base64
✔✔Encryption - ✔✔The purpose of encryption is to transform data in order to keep it
secret from others. Eg. Sending someone a letter that only they should be only able to
read.
Encryption transform data into another format in such a way that only specific individual
can reverse the transformation. As such the ciphertext, algorithm and key are all
required to return to the plaintext.
Example: AES, Blowfish, RSA
✔✔Hashing - ✔✔Hashing serves as the purpose of ensuring integrity. Making it so that
if something is changed. You can know it is changed. Technically hashing take arbitrary
input and produce fixed length string that has the following attributes:
· The same input will always produce the same output
· Multiple disparate inputs should produce the same output
· It should not be possible to go from output to input
· Any modification of a given input should result in drastic change to the hash
Hashing is used in conjunction with authentication to produce strong evidence given
that a message has not been modified.
✔✔Symmetric Encryption - ✔✔Symmetric-key algorithms are algorithms for
cryptography that use the same cryptographic keys for both encryption of plaintext and
decryption of ciphertext. The keys may be identical or there may be a simple
transformation to go between the two keys.
GUARANTEE A+
✔✔Network Sweeping Techniques to prioritise a target list and potential for false
positive - ✔✔Ping sweep $ nmap -sn [ip] / (previously) $nmap -sP [ip]
TCP Port Scan $ nmap -sT [ip]
UDP Port Scan $ nmap -sU [ip]
Top 10 ports $ nmap --top-ports 10 [ip]
Service Scan $ nmap -sV [ip]
No Ping Scan $ nmap -Pn [ip]
Scan All Ports $ nmap -p1-65535 [ip] / $ nmap -p- [ip]
Script Scan $ nmap --script=... [ip]
✔✔Egress Filtering - ✔✔Egress filtering is the control of traffic leaving the network.
Egress filtering prevents from sending unwanted traffic out of the internet. This could
include leaking out private network address space or stopping compromised system
attempting to communicate with remote hosts. Egress filtering can help in preventing
information leaks due to misconfiguration.
✔✔Port consider blocking - ✔✔MSRPC - TCP / UDP 135
NetBIOS - TCP / UDP 137 - 139
SMB / IP - TCP 445
TFTP - UDP 69
Syslog - UDP 514
SNMP - UDP
SMTP - TCP 25
✔✔Ingress Filtering - ✔✔Ingress filtering is a method of verifying inbound packet
arriving at a network from the source computer.
Ingress filtering is one method to reduce DDOS attacks which uses forged IP address to
be propagated. While ingress traffic reduces the possibility of source address spoofing.
It does not include preclude an attacker using a forged source address of another hosts
within the permitted prefix filter range. It however ensures that when an attack occurs a
network administrator will know where the originating prefixes that are being advertised.
✔✔Active Operating System Fingerprinting - ✔✔Active Fingerprinting is the process of
transmitting of packets to a remote hosts and analysing the corresponding replies.
Nmap
OS Detection $ nmap -O [ip]
Aggressive Scan (equiv. -O -sV -sC --traceroute) $ nmap -A [ip]
✔✔Active Operating System Fingerprinting - ✔✔Passive fingerprinting is the process of
analysing packets from a host on a network. In this case a finger printer act as a sniffer
and doesn't put any traffic on the network.
Tools:
,· NetworkMiner
· P0F
· Satori
✔✔Check of NMAP for services using aggressive scanning - ✔✔# nmap -sV -T4 -F
insecure.org
Starting Nmap ( http://nmap.org )
Nmap scan report for insecure.org (74.207.254.18)
Host is up (0.016s latency).
rDNS record for 74.207.254.18: web.insecure.org
Not shown: 95 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
25/tcp open smtp Postfix smtpd
80/tcp open http Apache httpd 2.2.3 ((CentOS))
113/tcp closed auth
443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS))
Service Info: Host: web.insecure.org
Nmap done: 1 IP address (1 host up) scanned in 14.82 seconds
✔✔Check for UDP applications - ✔✔$ sudo nmap -sU -p 3478 192.168.1.25
Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-13 20:43 EDT
Nmap scan report for example.com (192.168.1.25)
Host is up (0.096s latency).
PORT STATE SERVICE
3478/udp open|filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 1.17 seconds
✔✔Check for UDP connection through Netcat - ✔✔$ nc -vz -u 10.1.0.100 53
Connection to 10.1.0.100 53 port [udp/domain] succeeded!
-z Specifies that nc should just scan for listening daemons, without
sending any data to them. It is an error to use this option in
conjunction with the -l option.
✔✔ACL - ✔✔Access Control List
✔✔Network Access Control Analysis - ✔✔An access control list (ACL), with respect to a
computer file system, is a list of permissions attached to an object. An ACL specifies
which users or system processes are granted access to objects, as well as what
operations are allowed on given objects.[1] Each entry in a typical ACL specifies a
subject and an operation. For instance, if a file object has an ACL that contains (Alice:
read,write; Bob: read), this would give Alice permission to read and write the file and
Bob to only read it.
, #Set "Default Deny" Policy
Iptables -P INPUT DROP
Iptables -P OUTPUT DROP
Iptables -P FORWARD DROP
✔✔Cisco Deny FTP Traffic - ✔✔hostname R1
!
interface ethernet0
ip access-group 102 in
!
access-list 102 deny tcp any any eq ftp
access-list 102 deny tcp any any eq ftp-data
access-list 102 permit ip any any
✔✔Encoding - ✔✔The purpose of encoding is to transform data so that it can be
properly consumed by a different type of system, eg. Binary data being sent over email.
The goal is not to keep information secret. But rather to ensure that it is properly
consumed.
Encoding transform data into another format using scheme that is publicly available so
that it can be easily reverse.
It does not require a key as the only thing required to decode it is the algorithm that was
used to encode.
Examples: ASCII, Unicode, URL encoding, Base64
✔✔Encryption - ✔✔The purpose of encryption is to transform data in order to keep it
secret from others. Eg. Sending someone a letter that only they should be only able to
read.
Encryption transform data into another format in such a way that only specific individual
can reverse the transformation. As such the ciphertext, algorithm and key are all
required to return to the plaintext.
Example: AES, Blowfish, RSA
✔✔Hashing - ✔✔Hashing serves as the purpose of ensuring integrity. Making it so that
if something is changed. You can know it is changed. Technically hashing take arbitrary
input and produce fixed length string that has the following attributes:
· The same input will always produce the same output
· Multiple disparate inputs should produce the same output
· It should not be possible to go from output to input
· Any modification of a given input should result in drastic change to the hash
Hashing is used in conjunction with authentication to produce strong evidence given
that a message has not been modified.
✔✔Symmetric Encryption - ✔✔Symmetric-key algorithms are algorithms for
cryptography that use the same cryptographic keys for both encryption of plaintext and
decryption of ciphertext. The keys may be identical or there may be a simple
transformation to go between the two keys.
