Chapter 2 Chapter Questions

Lucas has been hired to conduct a penetration test of an organization that processes credit cards. His work will follow the recommendations of the PCI DSS. What type of assessment is Lucas conducting?

A compliance-based assessment

What type of assessment most closely simulates an actual attacker's efforts?

A red-team assessment with a zero knowledge strategy

The penetration testing agreement document that Greg asks his clients to sign includes a statement that the assessment is valid only at the point in time at which it occurs. Why does he include this language?

The environment is unlikely to be the same in the future.

Megan wants to gather data from a service that provides data to an application. What type of documentation should she look for from the application's vendor?

API (Application programming interface) documentation

Maria wants to build a penetration testing process for her organization and intends to start with an existing standard or methodology. Which of the following is not suitable for that purpose? A.ISSAF B.OSSTM C.PTES D.ATT&CK

ATT&CK

What type of penetration test is not aimed at identifying as many vulnerabilities as possible and instead focuses on vulnerabilities that specifically align with the goals of gaining control of specific systems or data?

An objectives-based assessment

During a penetration test scoping discussion, Charles is asked to test the organization's SaaS(system as a service)-based email system. What concern should he bring up?

Cloud service providers do not typically allow testing of their services.

During a penetration test, Alex discovers that he is unable to scan a server that he was able to successfully scan earlier in the day from the same IP address. What has most likely happened? A.His IP address was whitelisted. B.The server crashed. C.The network is down. D.His IP address was blacklisted.

His IP address was blacklisted

Which of the following types of penetration test would provide testers with complete visibility into the configuration of a web server without having to compromise the server to gain that information? A.Unknown environment B.Partial knowledge C.Known environment D.Zero knowledge

Known Environment

While performing an on-site penetration test, Cassandra plugs her laptop into an accessible network jack. When she attempts to connect, however, she does not receive an IP address and gets no network connectivity. She knows that the port was working previously. What technology has her target most likely deployed?

NAC - Network Access Control

What type of legal agreement typically covers sensitive data and information that a penetration tester may encounter while performing an assessment?

NDA - Non-Disclosure Agreement

Jen wants to conduct a penetration test and includes mobile application testing. Which standard or methodology is most likely to be useful for her efforts? A.NIST B.OWASP C.KALI D.ISSAF

OWASP (Open Web Application Security Project)

The company that Ian is performing a penetration test for uses a wired network for their secure systems and does not connect it to their wireless network. What environmental consideration should Ian note if he is conducting a partial knowledge penetration test?

Physical access to the network may be required.

Elaine wants to ensure that the limitations of her red-team penetration test are fully explained. Which of the following are valid disclaimers for her agreement? (Two Answers) A.Risk tolerance B.Point-in-time C.Comprehensiveness D.Impact tolerance

Point-in-time and Comprehensiveness

What term describes a document created to define project-specific activities, deliverables, and timelines based on an existing contract?

SOW - Statement of Work

During an on-site penetration test, what scoping element is critical for wireless assessments when working in shared buildings?

SSIDs (Service Set identifier)

During a penetration test specifically scoped to a single web application, Chris discovers that the web server also contains a list of passwords to other servers at the target location. After he notifies the client, they ask him to use them to validate those servers, and he proceeds to test those passwords against the other servers. What has occurred?

Scope creep - nearing the end or past of the original goal or scope of his job

Charles has completed the scoping exercise for his penetration test and has signed the agreement with his client. Whose signature should be expected as the counter signature?

The proper signing authority - anyone with proper authority is allowed to sign it, positions with authority can change by company so a specific position cannot be named

What does an MSA (Master Service Agreement) typically include?

The terms that will govern future agreements

Ruchika has been asked to conduct a penetration test against internal business systems at a mid-sized company that operates only during a normal day shift. The test will be run against critical business systems. What restriction is most likely to be appropriate for the testing? A.Time of day B.Types of allowed tests C.Types of prohibited tests D.The physical locations that can be tested

Time of day