CREST CPSA Study Guide Exam: Ports, Protocols, and Network Security 150 Multiple-Choice Qu, Exams of Port Engineering

CREST CPSA Study Guide Exam: Ports, Protocols, and Network Security 150 Multiple-Choice Questions with Answers and Detailed Rationales 2025-2026

Typology: Exams

2025/2026

Available from 06/29/2026

paul-JOHANNES
paul-JOHANNES 🇺🇸

3

(2)

781 documents

1 / 50

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CREST CPSA Study Guide Exam: Ports, Protocols, and Network Security
150 Multiple-Choice Questions with Answers and Detailed Rationales
2025-2026
Section 1: Port and Protocol Identification (Questions 1–40)
Question 1
Which port number is assigned to the SSH protocol for secure remote administration?
A) Port 21
B) Port 22
C) Port 23
D) Port 25
E) Port 443
Correct Answer: B) Port 22
Rationale: SSH (Secure Shell) operates on TCP port 22 by default. It provides encrypted remote
administration and secure file transfer capabilities. Port 21 is FTP, port 23 is Telnet
(unencrypted), port 25 is SMTP, and port 443 is HTTPS.
Question 2
What service runs on TCP port 21?
A) SSH
B) Telnet
C) FTP
D) SMTP
E) HTTP
Correct Answer: C) FTP
Rationale: FTP (File Transfer Protocol) uses TCP port 21 for command/control channel
communication. Data transfer occurs on port 20. SSH uses port 22, Telnet port 23, SMTP port
25, and HTTP port 80.
Question 3
Which protocol operates on UDP port 53?
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32

Partial preview of the text

Download CREST CPSA Study Guide Exam: Ports, Protocols, and Network Security 150 Multiple-Choice Qu and more Exams Port Engineering in PDF only on Docsity!

CREST CPSA Study Guide Exam: Ports, Protocols, and Network Security

150 Multiple-Choice Questions with Answers and Detailed Rationales

Section 1: Port and Protocol Identification (Questions 1–40) Question 1 Which port number is assigned to the SSH protocol for secure remote administration? A) Port 21 B) Port 22 C) Port 23 D) Port 25 E) Port 443 Correct Answer: B) Port 22 Rationale: SSH (Secure Shell) operates on TCP port 22 by default. It provides encrypted remote administration and secure file transfer capabilities. Port 21 is FTP, port 23 is Telnet (unencrypted), port 25 is SMTP, and port 443 is HTTPS. Question 2 What service runs on TCP port 21? A) SSH B) Telnet C) FTP D) SMTP E) HTTP Correct Answer: C) FTP Rationale: FTP (File Transfer Protocol) uses TCP port 21 for command/control channel communication. Data transfer occurs on port 20. SSH uses port 22, Telnet port 23, SMTP port 25, and HTTP port 80. Question 3 Which protocol operates on UDP port 53?

A) HTTP

B) FTP

C) DNS

D) DHCP

E) SNMP

Correct Answer: C) DNS Rationale: DNS (Domain Name System) uses both TCP and UDP port 53. UDP is used for standard queries where responses are small enough to fit in a single packet, while TCP is used for zone transfers and large responses. Question 4 What is the default port for HTTPS? A) Port 80 B) Port 443 C) Port 8080 D) Port 8443 E) Port 21 Correct Answer: B) Port 443 Rationale: HTTPS (HTTP Secure) uses TCP port 443 by default. HTTP uses port 80. Port 8080 is commonly used as an alternative HTTP port, and port 8443 is often used as an alternative HTTPS port. Question 5 SMTP is associated with which port number? A) Port 110 B) Port 143 C) Port 25 D) Port 993 E) Port 995 Correct Answer: C) Port 25 Rationale: SMTP (Simple Mail Transfer Protocol) uses TCP port 25 for sending emails. Port 110 is POP3, port 143 is IMAP, port 993 is IMAPS, and port 995 is POP3S. Question 6 Which protocol runs on UDP port 161?

A) Port 53 B) Port 67 C) Port 123 D) Port 161 E) Port 443 Correct Answer: C) Port 123 Rationale: NTP (Network Time Protocol) uses UDP port 123 to synchronize computer clocks over networks. Accurate time synchronization is critical for security logging, certificate validation, and authentication protocols. Question 10 What service is associated with port 3389? A) SSH B) Telnet C) RDP D) VNC E) FTP Correct Answer: C) RDP Rationale: RDP (Remote Desktop Protocol) uses TCP port 3389 for remote desktop connections to Windows systems. SSH uses port 22, Telnet port 23, VNC typically uses port 5900, and FTP uses port 21. Question 11 Which port is used by Kerberos authentication? A) Port 53 B) Port 88 C) Port 389 D) Port 443 E) Port 636 Correct Answer: B) Port 88 Rationale: Kerberos uses both TCP and UDP port 88 as a network authentication protocol that allows secure communication over non-secure networks using ticket-based authentication. Question 12 DHCP servers listen on which UDP ports?

A) 67 and 68 B) 53 and 54 C) 80 and 443 D) 161 and 162 E) 20 and 21 Correct Answer: A) 67 and 68 Rationale: DHCP uses UDP port 67 for the server and UDP port 68 for the client. DHCP dynamically assigns IP addresses and network configuration parameters to clients on a network. Question 13 What is the default port for IMAP? A) Port 110 B) Port 143 C) Port 993 D) Port 995 E) Port 25 Correct Answer: B) Port 143 Rationale: IMAP (Internet Message Access Protocol) uses TCP port 143 for email retrieval. IMAP allows users to access and manage emails stored on a mail server. Port 993 is IMAPS (IMAP over SSL). Question 14 RPC (Remote Procedure Call) uses which port? A) Port 111 B) Port 135 C) Port 139 D) Port 445 E) Port 593 Correct Answer: A) Port 111 Rationale: RPC (Remote Procedure Call) uses TCP/UDP port 111 for the portmapper service. Windows RPC typically uses ports 135, 139, and 445 depending on the specific implementation. Question 15 SMB (Server Message Block) uses which port?

C) Port 3306 D) Port 5432 E) Port 27017 Correct Answer: C) Port 3306 Rationale: MySQL uses TCP port 3306 by default. MS SQL uses port 1433, Oracle uses port 1521, PostgreSQL uses port 5432, and MongoDB uses port 27017. Question 19 Which port is used for MS SQL Server? A) Port 3306 B) Port 1433 C) Port 1521 D) Port 5432 E) Port 27017 Correct Answer: B) Port 1433 Rationale: Microsoft SQL Server uses TCP port 1433 by default for database connections. MySQL uses 3306, Oracle uses 1521, PostgreSQL uses 5432, and MongoDB uses 27017. Question 20 Oracle Database uses which default port? A) Port 1433 B) Port 1521 C) Port 3306 D) Port 5432 E) Port 27017 Correct Answer: B) Port 1521 Rationale: Oracle Database uses TCP port 1521 by default. MS SQL uses 1433, MySQL uses 3306, PostgreSQL uses 5432, and MongoDB uses 27017. Question 21 PostgreSQL uses which port? A) Port 1433 B) Port 1521 C) Port 3306

D) Port 5432 E) Port 27017 Correct Answer: D) Port 5432 Rationale: PostgreSQL uses TCP port 5432 by default. MS SQL uses 1433, Oracle uses 1521, MySQL uses 3306, and MongoDB uses 27017. Question 22 MongoDB uses which default port? A) Port 1433 B) Port 1521 C) Port 3306 D) Port 5432 E) Port 27017 Correct Answer: E) Port 27017 Rationale: MongoDB uses TCP port 27017 by default. MS SQL uses 1433, Oracle uses 1521, MySQL uses 3306, and PostgreSQL uses 5432. Question 23 What port is used by Syslog? A) Port 123 B) Port 514 C) Port 161 D) Port 162 E) Port 443 Correct Answer: B) Port 514 Rationale: Syslog uses UDP port 514 for system logging and message collection. Port 123 is NTP, port 161 is SNMP, port 162 is SNMP traps, and port 443 is HTTPS. Question 24 BGP uses which port? A) Port 179 B) Port 22 C) Port 53 D) Port 443 E) Port 80

Rationale: RADIUS can use UDP ports 1645/1646 (older standard) or 1812/1813 (IANA standard). Port 1812 is used for authentication and 1813 for accounting. Question 28 X11 (X Window System) uses which port range? A) Port 6000- 6063 B) Port 5900- 5909 C) Port 5800- 5809 D) Port 7000- 7009 E) Port 8000- 8009 Correct Answer: A) Port 6000- 6063 Rationale: X11 uses TCP ports 6000-6063, with port 6000 being the default display server. VNC uses ports 5900+ (display) and 5800+ (web). Question 29 VNC server typically uses which port? A) 5900 B) 5800 C) 6000 D) 3389 E) 22 Correct Answer: A) 5900 Rationale: VNC (Virtual Network Computing) typically uses TCP port 5900 for the display server. Port 5800 is used for the web-based VNC client, port 3389 is RDP, and port 6000 is X11. Question 30 SIP (Session Initiation Protocol) uses which ports? A) 5060 and 5061 B) 80 and 443 C) 25 and 110 D) 143 and 993 E) 53 and 54 Correct Answer: A) 5060 and 5061 Rationale: SIP uses UDP/TCP port 5060 for unencrypted communication and port 5061 for TLS- encrypted communication. SIP is used for VoIP signaling.

Question 31 IRC uses which default port? A) 6667 B) 80 C) 443 D) 21 E) 25 Correct Answer: A) 6667 Rationale: IRC (Internet Relay Chat) uses TCP port 6667 by default, though it can run on other ports. HTTP uses port 80, HTTPS port 443, FTP port 21, and SMTP port 25. Question 32 Gopher protocol uses which port? A) 70 B) 80 C) 443 D) 21 E) 23 Correct Answer: A) 70 Rationale: Gopher uses TCP port 70. It is a distributed document search and retrieval protocol that predates the World Wide Web. HTTP uses port 80, HTTPS port 443, FTP port 21, and Telnet port 23. Question 33 Whois service uses which port? A) 43 B) 53 C) 80 D) 443 E) 21 Correct Answer: A) 43 Rationale: Whois uses TCP port 43 for querying domain registration information. DNS uses port 53, HTTP port 80, HTTPS port 443, and FTP port 21.

A) 161

B) 162

C) 514

D) 123

E) 53

Correct Answer: B) 162 Rationale: SNMP traps are sent to UDP port 162. SNMP agent communication uses port 161. Syslog uses port 514, NTP port 123, and DNS port 53. Question 38 SOCKS proxy uses which port? A) 1080 B) 8080 C) 3128 D) 80 E) 443 Correct Answer: A) 1080 Rationale: SOCKS proxy uses TCP port 1080 by default. Port 8080 is often used for HTTP proxies, port 3128 for Squid proxies, port 80 for HTTP, and port 443 for HTTPS. Question 39 Squid proxy uses which default port? A) 1080 B) 3128 C) 8080 D) 80 E) 443 Correct Answer: B) 3128 Rationale: Squid proxy server uses TCP port 3128 by default. SOCKS uses port 1080, port 8080 is often used for HTTP proxies, port 80 for HTTP, and port 443 for HTTPS. Question 40 IPsec uses which protocols? A) AH and ESP B) TCP and UDP

C) SSL and TLS D) SSH and Telnet E) HTTP and HTTPS Correct Answer: A) AH and ESP Rationale: IPsec uses Authentication Header (AH) for authentication and Encapsulating Security Payload (ESP) for encryption and authentication. IPsec operates at the network layer and can secure entire IP communication. Section 2: Network Scanning and Enumeration (Questions 41–70) Question 41 Which Nmap scan type is considered the most stealthy? A) SYN scan (-sS) B) TCP connect scan (-sT) C) UDP scan (-sU) D) NULL scan (-sN) E) FIN scan (-sF) Correct Answer: D) NULL scan (-sN) Rationale: NULL scans send TCP packets with no flags set. They exploit RFC compliance issues in older systems and are stealthy because they do not complete the three-way handshake. FIN and Xmas scans are also stealthy, but NULL scans are often the least detectable. Question 42 What is the purpose of a TCP SYN scan? A) To complete the full three-way handshake B) To send packets with no flags set C) To send a SYN packet and analyze the response D) To send FIN packets to closed ports E) To perform OS fingerprinting Correct Answer: C) To send a SYN packet and analyze the response Rationale: A SYN scan sends a SYN packet to a target port. If the port is open, the target responds with SYN/ACK; if closed, it responds with RST. The scanner sends a RST in response to the SYN/ACK, never completing the handshake, which makes it faster and partially stealthy.

Question 46 What is the purpose of an ACK scan? A) To determine if a port is open or closed B) To determine if a port is filtered by a firewall C) To complete the three-way handshake D) To perform OS fingerprinting E) To identify service versions Correct Answer: B) To determine if a port is filtered by a firewall Rationale: ACK scans send ACK packets to determine firewall rules. If a RST is received, the port is unfiltered; if no response or ICMP unreachable, the port is filtered. ACK scans do not determine whether a port is open or closed. Question 47 Which Nmap option is used for UDP scanning? A) - sU B) - sS C) - sT D) - sN E) - sA Correct Answer: A) - sU Rationale: The - sU option enables UDP scanning in Nmap. UDP scans are slower than TCP scans because they rely on ICMP port unreachable responses for closed ports and timeouts for open or filtered ports. Question 48 What is the purpose of the Nmap - p- option? A) Scans the most common 1000 ports B) Scans all 65535 ports C) Scans a specific port range D) Scans only well-known ports E) Scans only registered ports Correct Answer: B) Scans all 65535 ports Rationale: The - p- option instructs Nmap to scan all 65,535 TCP ports. By default, Nmap scans the 1000 most common ports.

Question 49 Which tool is commonly used for network traffic analysis? A) Nmap B) Wireshark C) Metasploit D) Burp Suite E) John the Ripper Correct Answer: B) Wireshark Rationale: Wireshark is a network protocol analyzer that captures and displays network traffic. Nmap is used for port scanning, Metasploit for exploitation, Burp Suite for web application testing, and John the Ripper for password cracking. Question 50 What does the Nmap - sS flag represent? A) SYN stealth scan B) TCP connect scan C) UDP scan D) Null scan E) FIN scan Correct Answer: A) SYN stealth scan Rationale: - sS performs a SYN stealth scan (also called half-open scan). It sends SYN packets and never completes the three-way handshake, making it faster and potentially less detectable than a full TCP connect scan. Question 51 Which Nmap option is used to specify a custom port range? A) - p B) - P C) - port D) - r E) - s Correct Answer: A) - p Rationale: The - p option specifies the port range to scan (e.g., - p 22,80,443 or - p 1-1000). - P is used for host discovery options.

Question 55 Which Nmap option enables firewall/IDS evasion using decoy IPs? A) - D B) - f C) - g D) - S E) - e Correct Answer: A) - D Rationale: The - D option specifies decoy IP addresses to obscure the true source of the scan. - f fragments packets, - g specifies source port, - S spoofs the source IP, and - e specifies the network interface. Question 56 What is the difference between a TCP connect scan and a SYN scan? A) Connect scan completes the handshake; SYN scan does not B) SYN scan completes the handshake; Connect scan does not C) Connect scan is stealthier D) Connect scan uses UDP E) There is no difference Correct Answer: A) Connect scan completes the handshake; SYN scan does not Rationale: A TCP connect scan (-sT) uses the operating system's connect() system call and completes the full three-way handshake. A SYN scan (-sS) sends a SYN packet, responds to SYN/ACK with RST, and never completes the handshake. Question 57 What does the Nmap - sA flag represent? A) ACK scan B) SYN scan C) UDP scan D) TCP connect scan E) Window scan Correct Answer: A) ACK scan Rationale: The - sA flag performs an ACK scan, which sends ACK packets to determine firewall filtering rules. It does not determine open/closed status.

Question 58 Which scanning technique is used to map firewall rules? A) SYN scan B) Connect scan C) ACK scan D) Xmas scan E) UDP scan Correct Answer: C) ACK scan Rationale: ACK scans are specifically designed to map firewall rules. By analyzing whether RST packets are received, an attacker can determine which ports are filtered and which are not. Question 59 What is the purpose of packet fragmentation in network scanning? A) To increase scan speed B) To bypass firewall/IDS inspection C) To perform OS detection D) To scan UDP ports E) To detect service versions Correct Answer: B) To bypass firewall/IDS inspection Rationale: Packet fragmentation splits scan packets into smaller fragments. This can evade intrusion detection systems and firewalls that reassemble packets for inspection or that do not handle fragmented packets properly. Question 60 Which Nmap option enables fragmentation? A) - f B) - D C) - g D) - S E) - e Correct Answer: A) - f Rationale: The - f option fragments IP packets into tiny fragments to evade firewall/IDS inspection. - D uses decoys, - g specifies source port, - S spoofs source IP, and - e specifies the network interface.