UPDATED CREST CPSA - Appendix A: Soft Skills And Assessment Management Questions And Answers
•
A1 (1) What are the benefits of penetration testing to the client? - Answer-Penetration testing can identify vulnerabilities in a client's systems and networks, allowing them to take steps to r...
UPDATED CREST CPSA - Appendix A: Soft Skills And
Assessment Management 2023 Questions And Answers
A1 (1) What are the benefits of penetration testing to the client? - Answer-Penetration
testing can identify vulnerabilities in a client's systems and networks, allowing them to
take steps to remediate them before they can be exploited by malicious actors. It also
helps organizations comply with regulatory requirements and industry standards.
/.A1 (2) What is the structure of a penetration testing engagement? - Answer-A typical
penetration testing engagement includes several phases, such as planning and
scoping, reconnaissance, vulnerability analysis, exploitation, and reporting.
/.A1 (3) What is infrastructure testing? - Answer-Infrastructure testing is a type of
penetration testing that focuses on the client's network and systems, such as servers,
routers, and firewalls. It aims to identify vulnerabilities and misconfigurations that could
be exploited by an attacker.
/.A1 (4) What is application testing? - Answer-Application testing is a type of penetration
testing that focuses on the client's web and mobile applications. It aims to identify
vulnerabilities and misconfigurations that could be exploited by an attacker to gain
unauthorized access or steal sensitive data.
/.A1 (5) What is the difference between black box and white box testing? - Answer-
Black box testing is a type of testing in which the tester has no knowledge of the inner
workings of the system being tested. White box testing is a type of testing in which the
tester has complete knowledge of the system, including its internal structures and
algorithms.
/.A1 (6) What is project closure and debriefing? - Answer-Project closure and debriefing
are the final phase of a penetration testing engagement. During this phase, the testing
team will present the findings to the client, along with recommendations for remediation.
The client will also review the testing process and provide feedback to the testing team
to improve future engagements.
/.A2 (1) What is the Computer Misuse Act 1990? - Answer-The Computer Misuse Act
1990 is a law in the United Kingdom that makes it a criminal offense to access or alter
computer material without authorization. It also criminalizes the unauthorized access to
computer systems and the distribution of malicious software.
The Computer Misuse Act 1990 is divided into three sections:
, Section 1: Unauthorized access to computer material. This section criminalizes the
unauthorized access to computer material, and carries a maximum penalty of 6 months'
imprisonment or a fine.
Section 2: Unauthorized access with intent to commit or facilitate commission of further
offenses. This section criminalizes the unauthorized access to computer systems with
the intent to commit or facilitate the commission of further offenses, and carries a
maximum penalty of 2 years' imprisonment or a fine.
Section 3: Unauthorized acts with intent to impair, or with recklessness as to impairing,
operation of computer, etc. This section criminalizes the distribution of malicious
software with the intent to impair the operation of a computer or to prevent or hinder
access to any program or data held in a computer, and carries a maximum penalty of 10
years' imprisonment or a fine.
As a penetration tester, it's important to be aware of the above sections, and to conduct
testing within the legal boundaries set by the Computer Misuse Act 1990. This includes
obtaining legal authorization before accessing systems, and not engaging in any
activities that could be considered unauthorized access or distribution of malicious
software.
/.A2 (2) What is the Human Rights Act 1998? - Answer-The Human Rights Act 1998 is a
law in the United Kingdom that incorporates the European Convention on Human Rights
into domestic law. It provides for the protection of human rights and fundamental
freedoms, such as the right to privacy.
The Human Rights Act 1998 incorporates several articles of the European Convention
on Human Rights, including:
Article 8: Right to respect for private and family life. This article protects an individual's
right to privacy, and applies to the collection, storage, and use of personal data.
Article 10: Freedom of expression. This article protects an individual's right to freedom
of expression, and applies to the restriction of speech and other forms of expression.
As a penetration tester, it's important to be aware of how the Human Rights Act 1998
applies to the collection, storage, and use of personal data and to the restriction of
speech and other forms of expression, so as to not violate any individual's rights.
/.A2 (3) What is the Data Protection Act 1998? - Answer-The Data Protection Act 1998
is a law in the United Kingdom that regulates the handling of personal data. It
establishes principles for data processing, and gives individuals the right to access their
own personal data and to have it rectified if it is inaccurate.
The Data Protection Act 1998 establishes eight principles for data processing:
1.) personal data shall be processed fairly and lawfully;
2.) personal data shall be obtained for one or more specified and lawful purposes;
3.) personal data shall be adequate, relevant and not excessive;
4.) personal data shall be accurate and, where necessary, kept up to date;
5.) personal data shall not be kept for longer than is necessary;
6.) personal data shall be processed in accordance with the rights of data subjects;
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller kartelodoc. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
