CREST - CPSA
Main Latest Exam 2026/2027
450 Questions With Correct Answers
1. What are the important highlights of the human rights act 1998? - ANSWER-- The right
to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
2. When capturing the scope of a penetration test, what information requires consent to meet
the UK laws? - ANSWER--Name & Position of the individual who is providing consent
3. -Authorized testing period - both the date range and hours that testing is permitted
- Contact information for members of technical staff, who may provide assistance
during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing
Credentials that may be required as part of authenticated application testing
4. What are the important highlights of the data protection act 1998? - ANSWER-- Personal
data must be processed fairly and lawfully
- be obtained only for lawful purposes and not processed in any manner
incompatible with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than necessary
- be processed in accordance with the rights and freedoms of data subjects
- Be protected against unauthorized or unlawful processing and against accidental
loss, destruction or damage
5. What are the important highlights of the police and justice act 2006? - ANSWER-- Make
amendments to the computer misuse act 1990
- increased penalties of computer misuse act (makes unauthorized computer access
serious enough to fall under extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits.
6. What issues may arise between a tester and his client? - ANSWER-- The tester is
unknown to his client - so, on what grounds, he should be given access of sensitive data
7. -Who will take the guarantee of security of lost data?
- The client may blame for the loss of data or confidentiality to tester.
,8. How can you prevent legal issues when doing a penetration test? - ANSWER-A
statement of intent should be duly signed by both parties
- The tester has the permission in writing, with clearly defined parameters
- the company has the details of its pen tester and an assurance that he would not
leak any confidential data
9. What does scoping a penetration test involve? - ANSWER-- All relevant risk owners
- Technical staff knowledgeable about the target system
- A representative of the penetration test team
- Risk owners should outline any areas of special concern
- Technical staff should outline technical boundaries of the organizations IT estate
- The penetration test team should identify what testing they believe will give a full
picture of the vulnerability status of the estate
10. What is a IP protocol? - ANSWER-The IP (Internet Protocol) is the network layer
communications protocol in the Internet protocol suite used for relaying datagrams across
network boundaries
11. What is the TCP protocol? - ANSWER-TCP (transmission control protocol) a main
protocol from the Internet protocol suite.
12. What is the Task of TCP? - ANSWER-To create a connection between the client and
server before data can be sent.
13. What will applications that do not require a reliable data stream use? - ANSWER-User
datagram protocol
14. What is the task of the Internet Protocol? - ANSWER-to deliver packets from the source
host to the destination host based on the IP addresses in the packet headers.
15. Is UDP part of the Internet protocol suite? - ANSWER-Yes
16. What does SYN do in a TCP handshake? - ANSWER-SYN is used to initiate and
establish a connection. It also helps you to synchronize sequence numbers between
devices.
17. Does UDP perform handshakes? - ANSWER-No
18. What does ACK do in TCP handshake? - ANSWER-Helps to confirm to the other side
that it has received the SYN.
19. Which protocol is known for performing a three way handshake? - ANSWER-TCP
20. What happens after the SYN and ACK phrases of a TCP handshake? - ANSWER-SYN-
ACK
,21. What does SYN-ACK do in TCP handshake? - ANSWER-SYN-ACK is a SYN message
from local device and ACK of the earlier packet.
22. What is FIN used for? - ANSWER-Used to terminate the connection
23. What does SYN stand for in TCP? - ANSWER-Synchronize
24. What does ACK stand for in TCP? - ANSWER-Acknowledgement
25. What does SYN-ACK stand for in TCP - ANSWER-Synchronize Acknowledgement
26. What does FIN stand for in TCP? - ANSWER-Finish
27. What happens after the SYN-ACK phrase? - ANSWER-FIN
28. What does TCP stand for ? - ANSWER-Transmission control protocol
29. What is port 9100? - ANSWER-Jet direct
30. What is port 567? - ANSWER-dhcpv6 (servers)
31. What is port 593? - ANSWER-RPC over HTTPS
32. What port is 49? - ANSWER-TACACS
33. What does TACACS stand for?
- Terminal Access Control of Authentication and Control Systems
- Terminal Access Controller Access Control System
- Television Availability Control And Communication Standard
- Teletype Authentication and Control of All Control Systems - ANSWER-
Terminal Access Controller Access Control System
34. What port is NTP? - ANSWER-123
35. What is Port 500? - ANSWER-Internet Security Association and Key Management
Protocol - Key exchange
36. What port is syslog? - ANSWER-514
37. What port is RIP? - ANSWER-520
38. What is port 587? - ANSWER-SMTP
39. What UDP port does SMTP use? - ANSWER-587
, 40. What is port 1521 - ANSWER-Oracle
41. What is port 6000 - ANSWER-X11
42. What port is FTP - ANSWER-21
43. What does UDP stand for? - ANSWER-User Datagram Protocol
44. What is port 389? - ANSWER-LDAP
45. What port is 514 - ANSWER-Syslog
46. What is port 587? - ANSWER-SMTP
47. What port is for dhcpv6 (servers) - ANSWER-567
48. What does DHCP stand for? - ANSWER-Dynamic Host Configuration Protocol
49. What is the port of SSH - ANSWER-22
50. What port is Kerberos? - ANSWER-88
51. What port is POP3 - ANSWER-110
52. What port is RPC? - ANSWER-111
53. What does SMB stand for? - ANSWER-Server Message Block
54. What is the service for normally for port 138? - ANSWER-NETBIOS (datagram
services)
55. What port does HTTPS use - ANSWER-443
56. What port does RPC over HTTPS use? - ANSWER-593
57. What port is 143 - ANSWER-IMAP
58. What service uses port 123? - ANSWER-NTP
59. What port does DHCP server use? - ANSWER-67
60. What’s the service for port 138? - ANSWER-NETBIOS (datagram services)
61. What port does telnet use? - ANSWER-23
62. What service is 546? - ANSWER-dhcpv6 (client)
Main Latest Exam 2026/2027
450 Questions With Correct Answers
1. What are the important highlights of the human rights act 1998? - ANSWER-- The right
to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
2. When capturing the scope of a penetration test, what information requires consent to meet
the UK laws? - ANSWER--Name & Position of the individual who is providing consent
3. -Authorized testing period - both the date range and hours that testing is permitted
- Contact information for members of technical staff, who may provide assistance
during the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing
Credentials that may be required as part of authenticated application testing
4. What are the important highlights of the data protection act 1998? - ANSWER-- Personal
data must be processed fairly and lawfully
- be obtained only for lawful purposes and not processed in any manner
incompatible with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than necessary
- be processed in accordance with the rights and freedoms of data subjects
- Be protected against unauthorized or unlawful processing and against accidental
loss, destruction or damage
5. What are the important highlights of the police and justice act 2006? - ANSWER-- Make
amendments to the computer misuse act 1990
- increased penalties of computer misuse act (makes unauthorized computer access
serious enough to fall under extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits.
6. What issues may arise between a tester and his client? - ANSWER-- The tester is
unknown to his client - so, on what grounds, he should be given access of sensitive data
7. -Who will take the guarantee of security of lost data?
- The client may blame for the loss of data or confidentiality to tester.
,8. How can you prevent legal issues when doing a penetration test? - ANSWER-A
statement of intent should be duly signed by both parties
- The tester has the permission in writing, with clearly defined parameters
- the company has the details of its pen tester and an assurance that he would not
leak any confidential data
9. What does scoping a penetration test involve? - ANSWER-- All relevant risk owners
- Technical staff knowledgeable about the target system
- A representative of the penetration test team
- Risk owners should outline any areas of special concern
- Technical staff should outline technical boundaries of the organizations IT estate
- The penetration test team should identify what testing they believe will give a full
picture of the vulnerability status of the estate
10. What is a IP protocol? - ANSWER-The IP (Internet Protocol) is the network layer
communications protocol in the Internet protocol suite used for relaying datagrams across
network boundaries
11. What is the TCP protocol? - ANSWER-TCP (transmission control protocol) a main
protocol from the Internet protocol suite.
12. What is the Task of TCP? - ANSWER-To create a connection between the client and
server before data can be sent.
13. What will applications that do not require a reliable data stream use? - ANSWER-User
datagram protocol
14. What is the task of the Internet Protocol? - ANSWER-to deliver packets from the source
host to the destination host based on the IP addresses in the packet headers.
15. Is UDP part of the Internet protocol suite? - ANSWER-Yes
16. What does SYN do in a TCP handshake? - ANSWER-SYN is used to initiate and
establish a connection. It also helps you to synchronize sequence numbers between
devices.
17. Does UDP perform handshakes? - ANSWER-No
18. What does ACK do in TCP handshake? - ANSWER-Helps to confirm to the other side
that it has received the SYN.
19. Which protocol is known for performing a three way handshake? - ANSWER-TCP
20. What happens after the SYN and ACK phrases of a TCP handshake? - ANSWER-SYN-
ACK
,21. What does SYN-ACK do in TCP handshake? - ANSWER-SYN-ACK is a SYN message
from local device and ACK of the earlier packet.
22. What is FIN used for? - ANSWER-Used to terminate the connection
23. What does SYN stand for in TCP? - ANSWER-Synchronize
24. What does ACK stand for in TCP? - ANSWER-Acknowledgement
25. What does SYN-ACK stand for in TCP - ANSWER-Synchronize Acknowledgement
26. What does FIN stand for in TCP? - ANSWER-Finish
27. What happens after the SYN-ACK phrase? - ANSWER-FIN
28. What does TCP stand for ? - ANSWER-Transmission control protocol
29. What is port 9100? - ANSWER-Jet direct
30. What is port 567? - ANSWER-dhcpv6 (servers)
31. What is port 593? - ANSWER-RPC over HTTPS
32. What port is 49? - ANSWER-TACACS
33. What does TACACS stand for?
- Terminal Access Control of Authentication and Control Systems
- Terminal Access Controller Access Control System
- Television Availability Control And Communication Standard
- Teletype Authentication and Control of All Control Systems - ANSWER-
Terminal Access Controller Access Control System
34. What port is NTP? - ANSWER-123
35. What is Port 500? - ANSWER-Internet Security Association and Key Management
Protocol - Key exchange
36. What port is syslog? - ANSWER-514
37. What port is RIP? - ANSWER-520
38. What is port 587? - ANSWER-SMTP
39. What UDP port does SMTP use? - ANSWER-587
, 40. What is port 1521 - ANSWER-Oracle
41. What is port 6000 - ANSWER-X11
42. What port is FTP - ANSWER-21
43. What does UDP stand for? - ANSWER-User Datagram Protocol
44. What is port 389? - ANSWER-LDAP
45. What port is 514 - ANSWER-Syslog
46. What is port 587? - ANSWER-SMTP
47. What port is for dhcpv6 (servers) - ANSWER-567
48. What does DHCP stand for? - ANSWER-Dynamic Host Configuration Protocol
49. What is the port of SSH - ANSWER-22
50. What port is Kerberos? - ANSWER-88
51. What port is POP3 - ANSWER-110
52. What port is RPC? - ANSWER-111
53. What does SMB stand for? - ANSWER-Server Message Block
54. What is the service for normally for port 138? - ANSWER-NETBIOS (datagram
services)
55. What port does HTTPS use - ANSWER-443
56. What port does RPC over HTTPS use? - ANSWER-593
57. What port is 143 - ANSWER-IMAP
58. What service uses port 123? - ANSWER-NTP
59. What port does DHCP server use? - ANSWER-67
60. What’s the service for port 138? - ANSWER-NETBIOS (datagram services)
61. What port does telnet use? - ANSWER-23
62. What service is 546? - ANSWER-dhcpv6 (client)
