CIS-4200 Chapter 2 quiz

The actual penetration test, the attack phase of the NIST 800-115 standard, is a cyclical process that is divided into how many steps?

4

The Pen Testing Execution Standard (PTES) recommends how many stages?

7

Which of the following is a PCI DSS control objective of security that must be met in order for a network to be security compliant?

All of the above Regularly monitor and test networks Maintain a vulnerability management program Build and maintain a secure network

Which level of security testing for NSA-IAM involves the use of tools for diagnosing and finding flaws?

Assessment Level II

Which level of security testing for NSA-IAM is called Red Team exercises?

Assessment Level III

Which of the following is a not for profit organization that originated in the UK and offers training and certification in cyber security?

CREST

Which of the following requires the certification test taker to understand relevant cyber laws and to have at least a working knowledge of networking?

CREST

Which of the following statements about CREST is true?

CREST is not a standard; it is a certification.

In which stage of the PTES penetrating testing process will you actually attempt to breach the target network?

Exploitation

Which of the following techniques in the execution phase of the NIST 800-115 standard identifies communication paths and facilitates the determination of network architectures?

Network Discovery

Which of the following is well known for their list of the top vulnerabilities found in web applications in the previous year?

OWASP

Which phase of the NSA-IAM standard includes tasks such as conducting an opening meeting and developing initial recommendations?

On-site assessment

Which of the following is the penetration testing standard used by Visa, Mastercard, American Express, and Discover?

PCI DSS

Which of the following is not one of the three conceptual areas of PCI DSS testing concepts that must be addressed prior to the test engagement?

Planning

Which phase of the NSA-IAM standard includes obtaining expertise to assist you?

Post- Assessment

In which stage of the penetration testing process does the PTES recommend first defining the scope?

Pre-engagement interactions

Which of the following penetration testing standards uses these three phases: Planning, Execution, and Post-Execution?

NIST 800-115

Which security standard provides a board overview of computer security and was written with federal agencies in mind?

NIST 800-12, Revision 1

Which security standard describes 8 principles and 14 practices that can be used to develop security policies, with a significant focus on auditing user activity on a network?

NIST 800-14

Which security standard recommends best practices for initiating, implementing, and maintaining information security management system (ISMS)?

ISO-27002