Comptia Pentest+ 2023 Questions and answer - Part 60
1. Which of the following types of assessment acts like an attacker, targeting sensitive data or systems with the goal of acquiring data and access?
A) Compliance-based
B) Red Team
C) Goals-based
D) Objective-based
2. What type of testing methodology is approached with complete prior knowledge?
A) Black Box
B) White Box
C) Red Team
D) Gray Box
3. Which of the following is an individual or group with the capability and motivation necessary to manifest a threat to an organization and deploy exploits against its assets?
A) Script Kiddie
B) Advanced Persistent Threat
C) Hacktivist
D) Threat Actor
4. Select any three kinds of threats which are identified during the threat modeling process.
A) Host Threats
B) Network Threats
C) Application Threats
D) All of above
5. You have been contracted to conduct a penetration test for an organization. The initial meetings went well, and you have well-defined Rules Of Engagement (ROE) and target-scoping documents. Two weeks later, you are asked if you can -squeeze in another /22 subnetΒ for the given assessment time frame. This is a potential example of _________________.
A) Scope Creep
B) Impact Analysis
C) Black Box Assessment
D) Objective-based Assessment
A) Compliance-based
B) Red Team
C) Goals-based
D) Objective-based
2. What type of testing methodology is approached with complete prior knowledge?
A) Black Box
B) White Box
C) Red Team
D) Gray Box
3. Which of the following is an individual or group with the capability and motivation necessary to manifest a threat to an organization and deploy exploits against its assets?
A) Script Kiddie
B) Advanced Persistent Threat
C) Hacktivist
D) Threat Actor
4. Select any three kinds of threats which are identified during the threat modeling process.
A) Host Threats
B) Network Threats
C) Application Threats
D) All of above
5. You have been contracted to conduct a penetration test for an organization. The initial meetings went well, and you have well-defined Rules Of Engagement (ROE) and target-scoping documents. Two weeks later, you are asked if you can -squeeze in another /22 subnetΒ for the given assessment time frame. This is a potential example of _________________.
A) Scope Creep
B) Impact Analysis
C) Black Box Assessment
D) Objective-based Assessment
1. Right Answer: B
Explanation: Penetration test findings of media organization or any third party would be guaranteed to be in violation of the NDA for the assessment. Another option is rival corporation because the results of a penetration test to an organization's rival would be damaging to that organization-s good standing and possibly expose them to targeted corporate espionage efforts, in addition to being certain to breach the NDA for the assessment.
2. Right Answer: B
Explanation: Red team attempt to act like an attacker, targeting sensitive data or systems with the goal of acquiring data and access.
3. Right Answer: D
Explanation: White box testing approach is most likely desired by the user due to the provision of authorized administrator credentials and source code for the proprietary web application in use.
4. Right Answer: D
Explanation: A threat actor is an individual or group with the capability and motivation necessary to manifest a threat to an organization and deploy exploits against its assets.
5. Right Answer: A
Explanation: During the threat modeling process, there are some types of threats such as network threats, host threats, and application threats that may be identified.
Explanation: Penetration test findings of media organization or any third party would be guaranteed to be in violation of the NDA for the assessment. Another option is rival corporation because the results of a penetration test to an organization's rival would be damaging to that organization-s good standing and possibly expose them to targeted corporate espionage efforts, in addition to being certain to breach the NDA for the assessment.
2. Right Answer: B
Explanation: Red team attempt to act like an attacker, targeting sensitive data or systems with the goal of acquiring data and access.
3. Right Answer: D
Explanation: White box testing approach is most likely desired by the user due to the provision of authorized administrator credentials and source code for the proprietary web application in use.
4. Right Answer: D
Explanation: A threat actor is an individual or group with the capability and motivation necessary to manifest a threat to an organization and deploy exploits against its assets.
5. Right Answer: A
Explanation: During the threat modeling process, there are some types of threats such as network threats, host threats, and application threats that may be identified.
Comments
0
CA Foundation Business Economics Questions 2023 - Part 32
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 29
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 28
03 Mar 2023
