2.4.4 - Assessment Types (Practice Questions)

Focuses on the end results. The hacker determines the methods.

Which of the following best describes a goal-based penetration test?

Defines how federal government data, operations, and assets are handled.

Which of the following best describes what FISMA does?

Implements accounting and disclosure requirements that increase transparency.

Which of the following best describes what SOX does?

PCI DSS

Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card?

They rely heavily on password policies.

Which of the following is a limitation of relying on regulations?

Compliance-based

Which type of penetration test is required to ensure an organization is following federal laws and regulations?

Company culture

ABC company is in the process of merging with XYZ company. As part of the merger, a penetration test has been recommended. Testing the network systems, physical security, and data security have all been included in the scope of work. What else should be included in the scope of work?

HIPAA

Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows?

Scope of work

Which document explains the details of an objective-based test?

Specific/Measurable/Attainable/Relevant/Timely

A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for?

DMCA

Charles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work?

A member of the purple team.

Heather has been hired to work in a firm's cyber security division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather?

A company provides materials to another company to manufacture a product.

Which of the following best describes a supply chain?