CREST - CPSA MAIN Questions And Answers 100% Verified.
2 views 0 purchase
Course
CREST - CPSA MAIN
Institution
CREST - CPSA MAIN
CREST - CPSA MAIN Questions And Answers 100% Verified.
3306? - correct answer. MySQL (structured Query Language) Database management system for web database, data warehousing, e-commerce, and logging applications
What port does squid proxy use? - correct answer. 3128
Wh...
CREST - CPSA MAIN Questions And
Answers 100% Verified.
3306? - correct answer. MySQL (structured Query Language) Database
management system for web database, data warehousing, e-commerce, and logging
applications
What port does squid proxy use? - correct answer. 3128
What are the benefits of a penetration test? - correct answer. - Enhancement of the
management system
- Avoid fines
- Protection from financial damage
- Customer protection
What is the structure of a penetration test? - correct answer. Planning and
Preparation
Reconnaissance
Discovery
Analyzing information and risks
Active intrusion attempts
Final analysis
Report Preparation
What is another structure of a penetration test? - correct answer. Reconnaissance
Vulnerability Scanning
Investigation
Exploitation
What is does infrastructure testing include? - correct answer. Includes all internal
computer systems, associated external devices, internet networking, cloud and
virtualization testing.
What are the types of infrastructure testing? - correct answer. - External
Infrastructure Penetration Testing
- Internal Infrastructure Penetration Testing
- Cloud and Virtualization Penetration Testing
- Wireless Security Penetration Testing
,What does External Infrastructure Testing include? - correct answer. Mapping flaws
in the external infrastructure
What are the benefits of External Infrastructure Testing ? - correct answer. -
Identifies flaws within the firewall configuration that could be misused.
- Finds how information could be leaked out from the system
- Suggests how these issues could be fixed
- Prepares a comprehensive report highlighting the security risk of the networks and
suggests solutions
- Ensures overall efficiency and productivity of your business
What are the benefits of Internal Infrastructure testing? - correct answer. -Identifies
how an internal attacker could take advantage of even a minor security flaw
- Identifies the potential business risk and damage that an internal attacker can inflict
- Improves security systems of internal infrastructure
- Prepares a comprehensive report giving details of the security exposures of internal
networks along with the detailed action plan on how to deal with it
What are the benefits of cloud and virtualization penetration testing? - correct answer.
- Discover the real risks within the virtual environment and suggests the methods and
costs to fix the threats and flaws
- Provides guidelines and an action plan how to resolve the issues
- Improves the overall protection systems
- Prepares a comprehensive security system report of the cloud computing and
virtualization, outline the security flaws, causes and possible solutions
What are the benefits of wireless security penetration testing ? - correct answer. -
To find the potential risk caused by your wireless device
- To provide guidelines and an action plan on how to protect from the external threats
- For preparing a comprehensive security system report of the wireless networking, to
outline the security flaw, causes, and possible solutions
What is Black Box Testing? - correct answer. Black-box testing is a method in which
the tester is provided no information about the application being tested.
What are the advantages of Black Box Testing? - correct answer. - Test is generally
conducted with the perspective of a user, not the designer
- Verifies contradictions in the actual system and the specifications
What are the disadvantages of black box penetration testing? - correct answer. -
Particularly, these kinds of test cases are difficult to design
- Possibly, it is not worth, in-case designer has already conducted a test case
- It does not conduct everything
,What is white box penetration testing ? - correct answer. A tester is provided a
whole range of information about the systems and/or network such as schema, source
code, os details, ip address, etc.
What are the advantages of white box penetration testing? - correct answer. - It
ensures that all independent paths of a module have been exercised
- It ensures that all logical decisions have been verified along with their true and false
value.
- It discovers the typographical errors and does syntax checking
- It finds the design errors that may have occurred because of the difference between
logical flow of the program and the actual execution.
What are the important highlights of the computer misuse act 1990? - correct answer.
Section 1: Unauthorized access to computer material
Section 2: Unauthorized access with intent to commit or facilitate commission of further
offenses
Section 3: Unauthorized acts with intent to impair, or with recklessness as to impairing
the operation of a computer
Unauthorized modification of computer material
What are the important highlights of the human rights act 1998? - correct answer. -
The right to life
- The right to respect for private and family life
- The right to freedom of religion and belief
- Your right not to be mistreated or wrongly punished by the state
when capturing the scope of a penetration test, what information requires consent to
meet the UK laws? - correct answer. -Name & Position of the individual who is
providing consent
-Authorized testing period - both the date range and hours that testing is permitted
- Contact information for members of technical staff, who may provide assistance during
the test
- IP addresses or URL that are in scope of testing
- Exclusions to certain hosts, services or areas within application testing
Credentials that may be required as part of authenticated application testing
What are the important highlights of the data protection act 1998? - correct answer.
- Personal data must be processed fairly and lawfully
- be obtained only for lawful purposes and not processed in any manner incompatible
with those purposes
- be adequate, relevant and not excessive
- be accurate and current
- not be retained for longer than neccessary
- be processed in accordance with the rights and freedoms of data subjects
, - Be protected against unauthorized or unlawful processing and against accidental loss,
destruction or damage
What are the important highlights of the police and justice act 2006? - correct answer.
- Make amendments to the computer misuse act 1990
- increased penalties of computer misuse act (makes unauthorized computer access
serious enough to fall under extradition)
- Made it illegal to perform DOS attacks
- Made it illegal to supply and own hacking tools.
- Be careful about how you release information about exploits.
What issues may arise between a tester and his client? - correct answer. - The
tester is unknown to his client - so, on what grounds, he should be given access of
sensitive data
-Who will take the guarantee of security of lost data?
- The client may blame for the loss of data or confidentiality to tester.
How can you prevent legal issues when doing a penetration test? - correct answer.
A statement of intent should be duly signed by both parties
- The tester has the permission in writing, with clearly defined parameters
- the company has the details of its pen tester and an assurance that he would not leak
any confidential data
What does scoping a penetration test involve? - correct answer. - All relevant risk
owners
- Technical staff knowledgeable about the target system
- A representative of the penetration test team
- Risk owners should outline any areas of special concern
- Technical staff should outline technical boundaries of the organizations IT estate
- The penetration test team should identify what testing they believe will give a full
picture of the vulnerability status of the estate
What is a IP protocol? - correct answer. The IP (Internet Protocol) is the network
layer communications protocol in the Internet protocol suite used for relaying datagrams
across network boundaries
What is the TCP protocol? - correct answer. TCP (transmisson control protocol) a
main protocol from the Internet protocol suite.
What is the Task of TCP? - correct answer. To create a connection between the
client and server before data can be sent.
What will applications that do not require a reliable data stream use? - correct answer.
User datagram protocol
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller techgrades. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.
