UPDATED CREST CPSA - Appendix A: Soft Skills and Assessment Management Correct 100%

What are the Benefits and utility of penetration testing to the client? - ANSWER1.) Identifies existing and potential security risks. 2.) Obtain recommendations to remove vulnerabilities and increase security and protection against attack. 3.) Increase awareness of security issues 4.) Meet regulatory requirements 5.) Satisfy external customers of the client that there system meets recognised security standards What is NDA? - ANSWERNon-disclosure agreement What is infrastructure testing? - ANSWERSecurity review of network connected IT equipment including security/networking devices, servers, and workstations. What is application testing? - ANSWERSecurity review of computer program running on a IT system. What is Blackbox testing? - ANSWERZero knowledge of internal workings What is Whitebox testing? - ANSWERDetailed knowledge of internal workings, for example design specs or source code (application). What is Computer Misuse Act 1990? - ANSWER1.) Covers intended unauthorised access to a computer material. 2.) Covers unauthorised modification of computer system or data held on a computer system. 3.) Unauthorised access to a computer system with intent to commit or facilitate further offences 4.) Need to ensure you have signed permission to access systems otherwise it is a breach of the Computer Misuse Act. What is Humans Rights Act 1998? - ANSWER1.) Employees have a right to privacy while in their place of work. This right may be breached during the pen-test due to network traffic capture, access to shared resources containing personal data, terminal services type access, etc. 2.) The client contract should advise users that testers may gain access to private information. The o