CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. Which of the following post-report delivery activities focuses on executing any additional assessment work that may be desired by the client or is required based on terms defined in the engagement-s statement of work?
A) Post-engagement clean-up
B) Debriefing
C) Client acceptance
D) Follow-up actions/retesting
2. Why should a multifactor authentication be used and encouraged instead of single-factor methods? (Select all that applies)(Select 2answers)
A) Multifactor authentication increases user friction, increasing the likelihood of the use of weak passwords
B) Single-factor authentication allows remote users to easily perform their work
C) Single-factor authentication reduces the complexity of obtaining access to a target system
D) Multifactor authentication is often required by compliance guidelines
3. Which of the following agreements states that the testers successfully did the agreed-upon scope of work?
A) Communication Path
B) Communication Triggers
C) Client Acceptance
D) Goal Reprioritization
4. Which of the following is not a post-engagement clean-up activity?
A) Removing shells installed on systems
B) Removing all backdoors, services, daemons, rootkits, and tester-created accounts installed during the rest
C) Testing duration
D) Removing any tools installed during the penetration test
5. Select the class of vulnerability that is applied when parameterization of user input and queries is recommended for mitigation technique?
A) Unnecessary Open Services
B) SQL Injection
C) Shared Local Administrator Credentials
D) Weak Password Complexity
A) Post-engagement clean-up
B) Debriefing
C) Client acceptance
D) Follow-up actions/retesting
2. Why should a multifactor authentication be used and encouraged instead of single-factor methods? (Select all that applies)(Select 2answers)
A) Multifactor authentication increases user friction, increasing the likelihood of the use of weak passwords
B) Single-factor authentication allows remote users to easily perform their work
C) Single-factor authentication reduces the complexity of obtaining access to a target system
D) Multifactor authentication is often required by compliance guidelines
3. Which of the following agreements states that the testers successfully did the agreed-upon scope of work?
A) Communication Path
B) Communication Triggers
C) Client Acceptance
D) Goal Reprioritization
4. Which of the following is not a post-engagement clean-up activity?
A) Removing shells installed on systems
B) Removing all backdoors, services, daemons, rootkits, and tester-created accounts installed during the rest
C) Testing duration
D) Removing any tools installed during the penetration test
5. Select the class of vulnerability that is applied when parameterization of user input and queries is recommended for mitigation technique?
A) Unnecessary Open Services
B) SQL Injection
C) Shared Local Administrator Credentials
D) Weak Password Complexity
1. Right Answer: D
Explanation: The activity described is called follow-up actions/retesting. Based on the results of a portion of a penetration test, the penetration testers may be asked to attempt to retest a given component of the network, or the entire network.
2. Right Answer: C,D
Explanation: The increased complexity of attacking an account with MFA and its value in meeting regulatory compliance guidelines make it the best mitigation available for single-factor authentication.
3. Right Answer: C
Explanation: Client acceptance is the formal agreement stating that the testers successfully did the agreed-upon scope of work.
4. Right Answer: C
Explanation: Testing duration is not a post-engagement clean up activity. There are three major post-engagement clean-up activities such as: Removing shells installed on systems Removing all backdoors, services, daemons, rootkits, and tester-created accounts installed during the rest Removing any tools installed during the penetration test These three activities are the starting point. The basic principle that testers should follow when conducting post-engagement clean-up is that they should restore the system to its original, pre-test state.
5. Right Answer: B
Explanation: SQL injection is best combated by the parameterization of user input and queries.
Explanation: The activity described is called follow-up actions/retesting. Based on the results of a portion of a penetration test, the penetration testers may be asked to attempt to retest a given component of the network, or the entire network.
2. Right Answer: C,D
Explanation: The increased complexity of attacking an account with MFA and its value in meeting regulatory compliance guidelines make it the best mitigation available for single-factor authentication.
3. Right Answer: C
Explanation: Client acceptance is the formal agreement stating that the testers successfully did the agreed-upon scope of work.
4. Right Answer: C
Explanation: Testing duration is not a post-engagement clean up activity. There are three major post-engagement clean-up activities such as: Removing shells installed on systems Removing all backdoors, services, daemons, rootkits, and tester-created accounts installed during the rest Removing any tools installed during the penetration test These three activities are the starting point. The basic principle that testers should follow when conducting post-engagement clean-up is that they should restore the system to its original, pre-test state.
5. Right Answer: B
Explanation: SQL injection is best combated by the parameterization of user input and queries.
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
