Comptia Pentest+ 2023 Questions and answer - Part 58
1. How might a penetration tester successfully obtain the information required to begin testing in the scoping phase of a penetration testing?
A) By sending a pre-engagement survey to the client for them to fill out
B) By starting an email chain with business leadership so communications are documented
C) Both A and B
D) None of the above
2. Which of the following contractual documents is a confidentiality agreement that protects the proprietary information and intellectual property of a business?
A) Master Service Agreement (MSA)
B) Statement Of Work (SOW)
C) Written authorization letter
D) Non-Disclosure Agreement (NDA)
3. While performing penetration testing behind perimeter defenses, what does it mean to be provided limited access?
A) Client personnel will only be available for a limited period of time
B) Network access to the target systems or networks will only be permitted during pre-defined hours
C) The penetration tester is only provided with initial, basic connectivity to target systems
D) None of the above
4. Which of the following type of threat actors with red team assessment is usually conducted in a consistent manner?
A) Advanced Persistent Threat
B) Script Kiddie
C) Insider Threat
D) Hacktivist
5. According to Risk Management, what would be the final risk factor of vulnerability in the following figure?
A) High
B) Urgent
C) Medium
D) Low
A) By sending a pre-engagement survey to the client for them to fill out
B) By starting an email chain with business leadership so communications are documented
C) Both A and B
D) None of the above
2. Which of the following contractual documents is a confidentiality agreement that protects the proprietary information and intellectual property of a business?
A) Master Service Agreement (MSA)
B) Statement Of Work (SOW)
C) Written authorization letter
D) Non-Disclosure Agreement (NDA)
3. While performing penetration testing behind perimeter defenses, what does it mean to be provided limited access?
A) Client personnel will only be available for a limited period of time
B) Network access to the target systems or networks will only be permitted during pre-defined hours
C) The penetration tester is only provided with initial, basic connectivity to target systems
D) None of the above
4. Which of the following type of threat actors with red team assessment is usually conducted in a consistent manner?
A) Advanced Persistent Threat
B) Script Kiddie
C) Insider Threat
D) Hacktivist
5. According to Risk Management, what would be the final risk factor of vulnerability in the following figure?
A) High
B) Urgent
C) Medium
D) Low
1. Right Answer: A
Explanation: Web applications commonly experience SQL injection, buffer overflow, and cross-site scripting vulnerabilities. Virtual Machine (VM) Escape attacks work against the hypervisor of a virtualization platform and are not generally exploitable over the Web.
2. Right Answer: D
Explanation: Pre-engagement survey is an informal document that provides a great way to capture information that is necessary to develop a course of action for the penetration test and it can also be used for cost estimation for the user. It is also known as a scoping document.
3. Right Answer: B
Explanation: A Non-Disclosure Agreement (NDA) protects the proprietary data and intellectual property of a business. It is a confidentiality agreement.
4. Right Answer: A
Explanation: During a penetration test, limited access refers to a kind of starting position where testers are providing initial connectivity to the targets. This may take the procedure of a physical network switch connection, the SSID (Service Set Identifier) and password to the organization-s Wi-Fi network, or IP address whitelisting.
5. Right Answer: A
Explanation: Advanced Persistent Threat, or APT is a type of threat actor with red team assessment, it is usually conducted in a manner consistent with real world operation.
Explanation: Web applications commonly experience SQL injection, buffer overflow, and cross-site scripting vulnerabilities. Virtual Machine (VM) Escape attacks work against the hypervisor of a virtualization platform and are not generally exploitable over the Web.
2. Right Answer: D
Explanation: Pre-engagement survey is an informal document that provides a great way to capture information that is necessary to develop a course of action for the penetration test and it can also be used for cost estimation for the user. It is also known as a scoping document.
3. Right Answer: B
Explanation: A Non-Disclosure Agreement (NDA) protects the proprietary data and intellectual property of a business. It is a confidentiality agreement.
4. Right Answer: A
Explanation: During a penetration test, limited access refers to a kind of starting position where testers are providing initial connectivity to the targets. This may take the procedure of a physical network switch connection, the SSID (Service Set Identifier) and password to the organization-s Wi-Fi network, or IP address whitelisting.
5. Right Answer: A
Explanation: Advanced Persistent Threat, or APT is a type of threat actor with red team assessment, it is usually conducted in a manner consistent with real world operation.
Comments
0
CA Foundation Business Economics Questions 2023 - Part 32
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 29
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 28
03 Mar 2023
