CREST CPSA Study Guide Exam: Ports, Protocols, and Network Security 150 Multiple, Exams of Nursing

CREST CPSA Study Guide Exam: Ports, Protocols, and Network Security 150 Multiple-Choice Questions with Answers and Detailed Rationales 2025-2026

Typology: Exams

2025/2026

Available from 06/30/2026

lily-anderson-4
lily-anderson-4 🇺🇸

1.5K documents

1 / 50

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CREST CPSA Study Guide Exam: Ports, Protocols, and Network Security
150 Multiple-Choice Questions with Answers and Detailed Rationales
2025-2026
Section 1: Port and Protocol Identification (Questions 140)
Question 1
Which port number is assigned to the SSH protocol for secure remote administration?
A) Port 21
B) Port 22
C) Port 23
D) Port 25
E) Port 443
Correct Answer: B) Port 22
Rationale: SSH (Secure Shell) operates on TCP port 22 by default. It provides encrypted remote
administration and secure file transfer capabilities. Port 21 is FTP, port 23 is Telnet
(unencrypted), port 25 is SMTP, and port 443 is HTTPS.
Question 2
What service runs on TCP port 21?
A) SSH
B) Telnet
C) FTP
D) SMTP
E) HTTP
Correct Answer: C) FTP
Rationale: FTP (File Transfer Protocol) uses TCP port 21 for command/control channel
communication. Data transfer occurs on port 20. SSH uses port 22, Telnet port 23, SMTP port
25, and HTTP port 80.
Question 3
Which protocol operates on UDP port 53?
A) HTTP
B) FTP
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32

Partial preview of the text

Download CREST CPSA Study Guide Exam: Ports, Protocols, and Network Security 150 Multiple and more Exams Nursing in PDF only on Docsity!

CREST CPSA Study Guide Exam: Ports, Protocols, and Network Security

150 Multiple-Choice Questions with Answers and Detailed Rationales

Section 1: Port and Protocol Identification (Questions 1–40)

Question 1 Which port number is assigned to the SSH protocol for secure remote administration?

A) Port 21 B) Port 22 C) Port 23 D) Port 25 E) Port 443

Correct Answer: B) Port 22

Rationale: SSH (Secure Shell) operates on TCP port 22 by default. It provides encrypted remote administration and secure file transfer capabilities. Port 21 is FTP, port 23 is Telnet (unencrypted), port 25 is SMTP, and port 443 is HTTPS.

Question 2 What service runs on TCP port 21?

A) SSH B) Telnet C) FTP D) SMTP E) HTTP

Correct Answer: C) FTP

Rationale: FTP (File Transfer Protocol) uses TCP port 21 for command/control channel communication. Data transfer occurs on port 20. SSH uses port 22, Telnet port 23, SMTP port 25, and HTTP port 80.

Question 3 Which protocol operates on UDP port 53? A) HTTP B) FTP

C) DNS

D) DHCP

E) SNMP

Correct Answer: C) DNS

Rationale: DNS (Domain Name System) uses both TCP and UDP port 53. UDP is used for standard queries where responses are small enough to fit in a single packet, while TCP is used for zone transfers and large responses.

Question 4 What is the default port for HTTPS?

A) Port 80 B) Port 443 C) Port 8080 D) Port 8443 E) Port 21

Correct Answer: B) Port 443

Rationale: HTTPS (HTTP Secure) uses TCP port 443 by default. HTTP uses port 80. Port 8080 is commonly used as an alternative HTTP port, and port 8443 is often used as an alternative HTTPS port.

Question 5 SMTP is associated with which port number?

A) Port 110 B) Port 143 C) Port 25 D) Port 993 E) Port 995

Correct Answer: C) Port 25

Rationale: SMTP (Simple Mail Transfer Protocol) uses TCP port 25 for sending emails. Port 110 is POP3, port 143 is IMAP, port 993 is IMAPS, and port 995 is POP3S.

Question 6 Which protocol runs on UDP port 161? A) SSH B) SNMP

C) Port 123 D) Port 161 E) Port 443

Correct Answer: C) Port 123

Rationale: NTP (Network Time Protocol) uses UDP port 123 to synchronize computer clocks over networks. Accurate time synchronization is critical for security logging, certificate validation, and authentication protocols.

Question 10 What service is associated with port 3389?

A) SSH B) Telnet C) RDP D) VNC E) FTP

Correct Answer: C) RDP

Rationale: RDP (Remote Desktop Protocol) uses TCP port 3389 for remote desktop connections to Windows systems. SSH uses port 22, Telnet port 23, VNC typically uses port 5900, and FTP uses port 21.

Question 11 Which port is used by Kerberos authentication?

A) Port 53 B) Port 88 C) Port 389 D) Port 443 E) Port 636

Correct Answer: B) Port 88

Rationale: Kerberos uses both TCP and UDP port 88 as a network authentication protocol that allows secure communication over non-secure networks using ticket-based authentication.

Question 12 DHCP servers listen on which UDP ports? A) 67 and 68 B) 53 and 54

C) 80 and 443 D) 161 and 162 E) 20 and 21

Correct Answer: A) 67 and 68

Rationale: DHCP uses UDP port 67 for the server and UDP port 68 for the client. DHCP dynamically assigns IP addresses and network configuration parameters to clients on a network.

Question 13 What is the default port for IMAP?

A) Port 110 B) Port 143 C) Port 993 D) Port 995

E) Port 25

Correct Answer: B) Port 143

Rationale: IMAP (Internet Message Access Protocol) uses TCP port 143 for email retrieval. IMAP allows users to access and manage emails stored on a mail server. Port 993 is IMAPS (IMAP over SSL).

Question 14 RPC (Remote Procedure Call) uses which port?

A) Port 111 B) Port 135 C) Port 139 D) Port 445 E) Port 593

Correct Answer: A) Port 111

Rationale: RPC (Remote Procedure Call) uses TCP/UDP port 111 for the portmapper service. Windows RPC typically uses ports 135, 139, and 445 depending on the specific implementation.

Question 15 SMB (Server Message Block) uses which port? A) Port 137 B) Port 138 C) Port 139

Correct Answer: C) Port 3306

Rationale: MySQL uses TCP port 3306 by default. MS SQL uses port 1433, Oracle uses port 1521, PostgreSQL uses port 5432, and MongoDB uses port 27017.

Question 19 Which port is used for MS SQL Server?

A) Port 3306 B) Port 1433 C) Port 1521 D) Port 5432 E) Port 27017

Correct Answer: B) Port 1433

Rationale: Microsoft SQL Server uses TCP port 1433 by default for database connections. MySQL uses 3306, Oracle uses 1521, PostgreSQL uses 5432, and MongoDB uses 27017.

Question 20 Oracle Database uses which default port?

A) Port 1433 B) Port 1521 C) Port 3306 D) Port 5432 E) Port 27017

Correct Answer: B) Port 1521

Rationale: Oracle Database uses TCP port 1521 by default. MS SQL uses 1433, MySQL uses 3306, PostgreSQL uses 5432, and MongoDB uses 27017.

Question 21 PostgreSQL uses which port?

A) Port 1433 B) Port 1521 C) Port 3306 D) Port 5432 E) Port 27017

Correct Answer: D) Port 5432

Rationale: PostgreSQL uses TCP port 5432 by default. MS SQL uses 1433, Oracle uses 1521, MySQL uses 3306, and MongoDB uses 27017.

Question 22 MongoDB uses which default port?

A) Port 1433 B) Port 1521 C) Port 3306 D) Port 5432 E) Port 27017

Correct Answer: E) Port 27017

Rationale: MongoDB uses TCP port 27017 by default. MS SQL uses 1433, Oracle uses 1521, MySQL uses 3306, and PostgreSQL uses 5432.

Question 23 What port is used by Syslog?

A) Port 123 B) Port 514 C) Port 161 D) Port 162 E) Port 443

Correct Answer: B) Port 514

Rationale: Syslog uses UDP port 514 for system logging and message collection. Port 123 is NTP, port 161 is SNMP, port 162 is SNMP traps, and port 443 is HTTPS.

Question 24 BGP uses which port?

A) Port 179 B) Port 22 C) Port 53 D) Port 443 E) Port 80

Correct Answer: D) Both B and C

Rationale: RADIUS can use UDP ports 1645/1646 (older standard) or 1812/1813 (IANA standard). Port 1812 is used for authentication and 1813 for accounting.

Question 28 X11 (X Window System) uses which port range?

A) Port 6000- B) Port 5900- C) Port 5800- D) Port 7000- E) Port 8000-

Correct Answer: A) Port 6000-

Rationale: X11 uses TCP ports 6000-6063, with port 6000 being the default display server. VNC uses ports 5900+ (display) and 5800+ (web).

Question 29 VNC server typically uses which port?

A) 5900 B) 5800 C) 6000 D) 3389 E) 22

Correct Answer: A) 5900

Rationale: VNC (Virtual Network Computing) typically uses TCP port 5900 for the display server. Port 5800 is used for the web-based VNC client, port 3389 is RDP, and port 6000 is X11.

Question 30 SIP (Session Initiation Protocol) uses which ports?

A) 5060 and 5061 B) 80 and 443 C) 25 and 110 D) 143 and 993 E) 53 and 54

Correct Answer: A) 5060 and 5061

Rationale: SIP uses UDP/TCP port 5060 for unencrypted communication and port 5061 for TLSencrypted communication. SIP is used for VoIP signaling. Question 31 IRC uses which default port?

A) 6667 B) 80 C) 443 D) 21 E) 25

Correct Answer: A) 6667

Rationale: IRC (Internet Relay Chat) uses TCP port 6667 by default, though it can run on other ports. HTTP uses port 80, HTTPS port 443, FTP port 21, and SMTP port 25.

Question 32 Gopher protocol uses which port?

A) 70 B) 80 C) 443 D) 21 E) 23

Correct Answer: A) 70

Rationale: Gopher uses TCP port 70. It is a distributed document search and retrieval protocol that predates the World Wide Web. HTTP uses port 80, HTTPS port 443, FTP port 21, and Telnet port 23.

Question 33 Whois service uses which port?

A) 43 B) 53 C) 80 D) 443 E) 21

Correct Answer: A) 119

Rationale: NNTP (Network News Transfer Protocol) uses TCP port 119 for Usenet newsgroup access. IMAP uses port 143, POP3 port 110, SMTP port 25, and IMAPS port 993.

Question 37 What port is used by SNMP traps? A) 161 B) 162 C) 514 D) 123 E) 53

Correct Answer: B) 162

Rationale: SNMP traps are sent to UDP port 162. SNMP agent communication uses port 161. Syslog uses port 514, NTP port 123, and DNS port 53.

Question 38 SOCKS proxy uses which port?

A) 1080 B) 8080 C) 3128 D) 80 E) 443

Correct Answer: A) 1080

Rationale: SOCKS proxy uses TCP port 1080 by default. Port 8080 is often used for HTTP proxies, port 3128 for Squid proxies, port 80 for HTTP, and port 443 for HTTPS.

Question 39 Squid proxy uses which default port?

A) 1080 B) 3128 C) 8080 D) 80 E) 443

Correct Answer: B) 3128

Rationale: Squid proxy server uses TCP port 3128 by default. SOCKS uses port 1080, port 8080 is often used for HTTP proxies, port 80 for HTTP, and port 443 for HTTPS.

Question 40 IPsec uses which protocols?

A) AH and ESP B) TCP and UDP C) SSL and TLS D) SSH and Telnet E) HTTP and HTTPS

Correct Answer: A) AH and ESP

Rationale: IPsec uses Authentication Header (AH) for authentication and Encapsulating Security Payload (ESP) for encryption and authentication. IPsec operates at the network layer and can secure entire IP communication.

Section 2: Network Scanning and Enumeration (Questions 41–70)

Question 41 Which Nmap scan type is considered the most stealthy?

A) SYN scan (-sS) B) TCP connect scan (-sT) C) UDP scan (-sU) D) NULL scan (-sN) E) FIN scan (-sF)

Correct Answer: D) NULL scan (-sN)

Rationale: NULL scans send TCP packets with no flags set. They exploit RFC compliance issues in older systems and are stealthy because they do not complete the three-way handshake. FIN and Xmas scans are also stealthy, but NULL scans are often the least detectable.

Question 42 What is the purpose of a TCP SYN scan?

A) To complete the full three-way handshake B) To send packets with no flags set C) To send a SYN packet and analyze the response

D) Xmas scan E) ACK scan

Correct Answer: D) Xmas scan

Rationale: Xmas scans send TCP packets with FIN, URG, and PSH flags set, making the packet appear "lit up like a Christmas tree". These scans exploit RFC compliance issues and can be used for firewall evasion. Question 46 What is the purpose of an ACK scan?

A) To determine if a port is open or closed B) To determine if a port is filtered by a firewall C) To complete the three-way handshake D) To perform OS fingerprinting E) To identify service versions

Correct Answer: B) To determine if a port is filtered by a firewall

Rationale: ACK scans send ACK packets to determine firewall rules. If a RST is received, the port is unfiltered; if no response or ICMP unreachable, the port is filtered. ACK scans do not determine whether a port is open or closed.

Question 47 Which Nmap option is used for UDP scanning?

A) -sU B) -sS C) -sT D) -sN E) -sA

Correct Answer: A) -sU

Rationale: The -sU option enables UDP scanning in Nmap. UDP scans are slower than TCP scans because they rely on ICMP port unreachable responses for closed ports and timeouts for open or filtered ports.

Question 48 What is the purpose of the Nmap -p- option?

A) Scans the most common 1000 ports B) Scans all 65535 ports

C) Scans a specific port range D) Scans only well-known ports E) Scans only registered ports

Correct Answer: B) Scans all 65535 ports

Rationale: The -p- option instructs Nmap to scan all 65,535 TCP ports. By default, Nmap scans the 1000 most common ports. Question 49 Which tool is commonly used for network traffic analysis?

A) Nmap B) Wireshark C) Metasploit D) Burp Suite E) John the Ripper

Correct Answer: B) Wireshark

Rationale: Wireshark is a network protocol analyzer that captures and displays network traffic. Nmap is used for port scanning, Metasploit for exploitation, Burp Suite for web application testing, and John the Ripper for password cracking.

Question 50 What does the Nmap -sS flag represent?

A) SYN stealth scan B) TCP connect scan C) UDP scan D) Null scan E) FIN scan

Correct Answer: A) SYN stealth scan

Rationale: -sS performs a SYN stealth scan (also called half-open scan). It sends SYN packets and never completes the three-way handshake, making it faster and potentially less detectable than a full TCP connect scan.

Question 51 Which Nmap option is used to specify a custom port range?

A) -p B) -P

C) A scan with fragmented packets D) A scan with random source ports E) A scan using proxy servers

Correct Answer: B) An idle scan using a third-party host

Rationale: A zombie scan (idle scan) uses a third-party host with predictable IP fragmentation IDs to scan a target. This technique allows scanning without revealing the attacker's IP address. Question 55 Which Nmap option enables firewall/IDS evasion using decoy IPs?

A) -D B) -f C) -g D) -S E) -e

Correct Answer: A) -D

Rationale: The -D option specifies decoy IP addresses to obscure the true source of the scan. f fragments packets, -g specifies source port, -S spoofs the source IP, and -e specifies the network interface.

Question 56 What is the difference between a TCP connect scan and a SYN scan?

A) Connect scan completes the handshake; SYN scan does not B) SYN scan completes the handshake; Connect scan does not C) Connect scan is stealthier D) Connect scan uses UDP E) There is no difference

Correct Answer: A) Connect scan completes the handshake; SYN scan does not

Rationale: A TCP connect scan (-sT) uses the operating system's connect() system call and completes the full three-way handshake. A SYN scan (-sS) sends a SYN packet, responds to SYN/ACK with RST, and never completes the handshake.

Question 57 What does the Nmap -sA flag represent?

A) ACK scan B) SYN scan

C) UDP scan D) TCP connect scan E) Window scan

Correct Answer: A) ACK scan

Rationale: The -sA flag performs an ACK scan, which sends ACK packets to determine firewall filtering rules. It does not determine open/closed status. Question 58 Which scanning technique is used to map firewall rules?

A) SYN scan B) Connect scan C) ACK scan D) Xmas scan E) UDP scan

Correct Answer: C) ACK scan

Rationale: ACK scans are specifically designed to map firewall rules. By analyzing whether RST packets are received, an attacker can determine which ports are filtered and which are not.

Question 59 What is the purpose of packet fragmentation in network scanning?

A) To increase scan speed B) To bypass firewall/IDS inspection C) To perform OS detection D) To scan UDP ports E) To detect service versions

Correct Answer: B) To bypass firewall/IDS inspection

Rationale: Packet fragmentation splits scan packets into smaller fragments. This can evade intrusion detection systems and firewalls that reassemble packets for inspection or that do not handle fragmented packets properly.

Question 60 Which Nmap option enables fragmentation?

A) -f B) -D C) -g