CREST CPSA 2023/ 2024 EXAM
QUESTIONS AND CORRECT VERIFIED
ANSWERS| 100% CORRECT
Q: HTTP Status Codes
Answer:
1xx – Info
2xx – Success
3xx – Redirection
4xx – Error
5xx – Server Error
Q: HTTP Status Code 404
Answer:
NOT FOUND the method is not available
Q: HTTP Status Code 301
Answer:
Moved Permanently
Q: HTTP Status Code 302
Answer:
Temporarily Moved
Q: HTTP Status Code 410
Answer:
Gone
Q: SQL Injections (Escape Characters)
Answer:
‘ OR ‘1’ = ‘1’ —
‘ OR ‘1’ = ‘1’ {
‘ OR ‘1’ = ‘1’ /*
Q: SQL Injections (Type Handling)
Answer:
1;DROPTABLE users
Q: Linux File Permissions
Answer:
drwxrwxrwx 2 user(owner) group size date filename
d | rwx | rwx | rwx
Filetype | User | Group | Everyone
Q: Linux Command : Change Password
Answer:
passwd
Q: Linux Command : Find Files of Type
Answer:
find . -type f -iname ‘.pdf’ locate ‘.pdf’
Q: Linux File System Structure
Answer:
/bin – User Binaries
/boot – Bootup related files
/dev – Interface for system devices
/etc – System Config Files
/home – Base directory for user files
/lib – Critical software libraries
/opt – Third party software
/proc – System and running processes
/root – Home for root
/sbin – Sys Admin binaries
/tmp – Temporary Files
/usr – Less critical files
/var – Variable system files
Q: IPTables
Answer:
A user-space utility program that allows a system administrator to configure the tables provided
by the Linux kernel firewall and the chains and rules it stores
Q: Wireshark and TCPdump
Answer:
Common packet analyzers. Allows the user to display TCP/IP and other packets being
transmitted or received over a network to which the computer is attached
Q: pfSense
Answer:
Open source firewall/router computer software distribution based on FreeBSD
Q: Solaris Command : Process Listing
Answer:
prstat -a
Q: Solaris Command : Services and Status
Answer:
svcs -a
Q: Solaris Command: Start Service (Admin)
Answer:
svcadm start
Q: NT 3.1 Versions
Answer:
Windows NT 3.1 (All)
Q: NT 3.5 Versions
CREST CPSA 2023/ 2024 EXAM GUIDE
WITH CORRECT AND VERIFIED
SOLUTIONS| 100% CORRECT
Q: What’s a good way of remembering OSI model?
Answer:
Please don’t nag tyrannosaurus, she’ll probably attack
Q: Port 512?
Answer:
rexec (username / password)
Q: Port 513?
Answer:
rlogin (telnet)
Q: Port 514
Answer:
rsh
Q: Port 514
Answer:
rcp
Q: Reserved Internal IPs
Answer:
10.0.0.0/8 (10.0.0.0-10.255.255.255) : Private
127.0.0.0/8 (127.0.0.0-127.255.255.255) : Local Host Loopback
172.16.0.0/12 (172.16.0.0-172.31.255.255) : Private
192.168.0.0/16 (192.168.0.0-192.168.255.255) : Private
Q: Symmetric Encryption
Answer:
DES/3DES
AES
Twofish
Blowfish
Serpent
IDEA
RC4, RC5, RC6
CAST
Q: Asymmetric encryption
Answer:
RSA
El Gamal
ECC Eliptic Curve
Diffie-Helman (Key Exchange)
Paillier
Merkle-Helman
Cramer-Shoup
Q: Hashes
Answer:
MD5
SHA1
MySQL < 4.1
MySQL5
MD5 (WP)
MD5 (phpBB3)
LM / NTLM
Q: Oracle Default Credentials
Answer:
–Username | Password–
SYSTEM | MANAGER
ANONYMOUS | ANONYMOUS
SCOTT | TIGER
OLAPSYS | MANAGER
SYS | CHANGE_ON_INSTALL
Q: How do you remember TCP/IP model?
Answer:
Never Ingest Turian Almonds
1: Network interface
2: Internet Layer
3: Transport Layer
4: Application layer
Q: What is CAT5
Answer:
CAT5 stands for catagory 5 cable, which is a twisted pair cable for computer networks?
Q: What is 10/100/1000baseT
Answer:
The 10/100/1000 reference is an ethernet standard developed by the Institute of electrical and
electronics engineers (IEEE).
It is the standards when it comes to Ethernet data transmisson
Q: Whats the breakdown of 10/100/1000baseT
Answer:
10megabits, 100megabits, 1000megabits of bandwidth speed
Q: What is token ring
Answer:
A data link for a local area network (LAN) where all devices are connected in a ring or star
topology and pass one or more tokens from host to host.
Q: What is wireless (802.11)
Answer:
The IEEE 802.11 is a standard which is used for wireless ethernet networks. Provides 1Mbps or
2Mbps data rate in the 2.4GHz band
Q: What is LM Hash?
CREST CPSA EXAM |QUESTIONS AND
VERIFIED ANSWERS| 2023/ 2024| A Grade
Q: MS-SQL : DB Version
Answer:
SELECT @@version
EXEC xp_msver
(detailed version info)
Q: MS-SQL : Run OS Command
Answer:
EXEC master..xp_cmdshell ‘net user’
Q: MS-SQL : SELECT commands
Answer:
SELECT HOST_NAME( ) : Hostname and IP
SELECT DB_NAME ( ) : Current DB
SELECT name FROM master..sysdatabases; : List DBs
SELECT user_name ( ) : Current user
SELECT name FROM master..syslogins : List users
SELECT name FROM master..sysobjects WHERE xtype=’U’; : List Tables
SELECT name FROM syscolumns WHERE id=(SELECT id FROM sysobjections WHERE
name=’mytable’); : List columns
Q: MS-SQL : List all Tables and Columns
Answer:
SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name
= ‘mytable’)
Q: MS-SQL : System Table (Info on All Tables)
Answer:
SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES
Q: MS-SQL 2005 Vulnerability (Password Hashes)
Answer:
SELECT name, password_hash FROM master.sys.sql_logins
Q: Postgres : SELECT commands
Answer:
SELECT version(); : DB Version
SELECT inet_server)addr(); : Hostname and IP
SELECT current_database(); : Current DB
SELECT datname FROM pg_database; : List DBs
SELECT user; : Current user
SELECT username FROM pg_user; : List Users
SELECT username,passwd FROM pg_shadow : List password hashes
Q: MySQL Default Credentials
Answer:
root | MYSQL
Q: MySQL : SELECT Commands
Answer:
SELECT @@version; : DB Version
SELECT @@hostname; : Hostname and IP
SELECT database(); : Current DB
SELECT distinct (db) FROM mysql.db; : List DBs
SELECT user(); : Current user
SELECT user FROM mysql.user; : List Users
SELECT host,user,password FROM mysql.user; : List password hashes
Q: MySQL : List Tables (and Columns)
Answer:
SHOW TABLES (only works for current database)
SELECT * FROM information_schema.columns (full dump)
Q: Oracle : SELECT Commands
Answer:
SELECT * FROM v$version; : DB Version
(SELECT version FROM v$instance;)
SELECT instance_name FROM v$instance : Current DB
(SELECT name FROM v$database;)
SELECT DISTINCT owner FROM all_tables; : List DBs
SELECT user FROM dual; : Current User
SELECT username FROM all_users ORDER BY username; : List users
SELECT column_name FROM all_tab_columns; : List Columns
SELECT table_name FROM all_tables; : List Tables
SELECT name, password, astatus FROM sys.user$; : List password hashes
Q: host.equiv (or .rhosts file) Structure
Answer:
Allow any user to log in from any host:
+
Allow any user from host with a matching local account to log in:
host
Allow any user from host to log in:
host +
Allow user from host to log in as any non-root user:
host user
Allow all users with matching local accounts from host to log in except for baduser:
host -baduser
host
Deny all users from host:
-host
CREST CPSA Exam |Questions and Correct
Verified Answers| 2023/ 2024 New Update|
Graded A
Q: SQL server resolution service introduced?
Answer:
SQL server 2000
Q: SQL server stored procedures.
Answer:
xp_cmdshell
Q: ICMP type 8 response to host without firewall
Answer:
Echo
Q: SYS user password (oracle)
Answer:
CHANGE_ON_INSTALL
Q: how can HTTP Trace method used against web server?
Answer:
user cookie and session information compromised
Q: Java technique that minimises threat from applets
Answer:
Sandbox
Q: enumerate users with empty GECOS field.
Answer:
finger 0@
Q: LANMAN and NTLM.
Answer:
Don’t use a salt.
Q: Stored procedure xp_cmdshell can?
Answer:
Execute any DOS commands.
Q: Unmap unused ISAPI filters to…?
Answer:
…..reduce attack surface against IIS
Q: Which SQL string can be used in username to bypass an authentication mechanism.
Answer:
‘ or 1=1 – –
Q: Different Web site host names have same IP. How does web server differentiate?
Answer:
Inspecting host field in client request.
Q: HTTP Method for enumerating HTTP methods.
Answer:
OPTIONS
Q: EXPN command protocol?
Answer:
SMTP
Q: DNS Zone transfer command.
Answer:
dig @relay.example.org example.org axfr
Q: SMTP commands to enumerate users on a default Sendmail server.
Answer:
VRFY EXPN RCPT TO
CREST CPSA Exam Prep| Questions and
Correct Verified Answers| 2023/ 2024 New
Update| 100% Correct
Q: Name five network topologies
Answer:
Mesh, Ring, star, Tree, Bus.
Q: Name five common ethernet and FDDI cable types.
Answer:
100Base5, 10Base2, 10BaseT, 100Base-FL, 1000Base-T.
Q: What is WIFI the alias for?
Answer:
IEEE 802.11
Q: What does VLAN stand for?
Answer:
Virtual Local Area Network
Q: How does VLAN work?
Answer:
Virtual Local Area Networks (VLANs) separate an existing physical network into multiple
logical networks.
Thus, each VLAN creates its own broadcast domain. Communication between two VLANs can
only occur through a router that is connected to both.
Q: Name five common ICMP types.
Answer:
8-echo, 0-echo reply, 30-trace route, 5-redirect, 3-destination unreachable, 11, time execeed.
Q: What does ICMP stand for?
Answer:
Internet Control Message Protocol
Q: What does TTL stand for?
Answer:
Time to Live
Q: What is TTL?
Answer:
TTL is a hop count system, and each router decreases the TTL by 1. Upon reaching 0, the packet
is dropped. This way you don’t have packets not reaching their destination and clogging the
network.
Q: OS TLL numbers?
Answer:
128 Windows, 64 linux, 255 solaris(kapp)
Q: What is Traceroute
Answer:
Traceroute is when you send a packet with a TTL value of 1 once it reaches the first router it will
die sending a ICMP message to sender, at which point the sender can send another one with a
value of 2 to see how far it will go. By doing this we can see how many hops it will take to reach
our target. (A good way of enumeration of a network, when in a black box pen-test.)
Q: What is ping sweep?
Answer:
Ping sweep is just a technique that can be used to find out which hosts are alive in a network or
large number of IP addresses.
Q: Name Five Namp Flags.
Answer:
(TCP SYN scan, -sS)
(Null Scan, -sN)
(Ping Scan, -sP)
(Ack Scan, -sA)
(OS dect, -O)
Q: What are the three firewall states?
Answer:
Open, Filtered Dropped Blocked, Closed not listening.
Q: What is TCP window size?