TestOut- Chapter 2 Practice Questions
Internal
You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed?
Black box
You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing?
A member of the purple team.
Heather has been hired to work in a firm's cybersecurity division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather?
Change order
Heather is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task?
The ethical hacker has partial information about the target or network.
Which of the following best describes a gray box penetration test?
A contract where parties agree to the terms that will govern future actions.
Which of the following best describes a master service agreement?
A common legal contract outlining confidential material that will be shared during the assessment.
Which of the following best describes a non-disclosure agreement?
The art of deceiving and manipulating others into doing what you want.
Which of the following best describes social engineering?
An agreement between 41 countries to enforce similar export controls for weapons, including intrusion software.
Which of the following best describes the Wassenaar Arrangement?
Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data.
Which of the following best describes the rules of engagement document?
PCI DSS
Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card?
Scope of Work
Which of the following documents details exactly what can be tested during a penetration test?
Human
Which of the following elements is generally considered the weakest link in an organization's security?
Security exception
Which of the following is a deviation from standard operating security protocols?
Gain access
Which of the following is the third step in the ethical hacking methodology?
Sensitive data handling policy
Which of the following policies would cover what you should do in case of a data breach?
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.
Which statement best describes a suicide hacker?
Compliance-based
Which type of penetration test is required to ensure an organization is following federal laws and regulations?
White hat
Which type of threat actor only uses skills and knowledge for defensive purposes?
BYOD policy
Yesenia was recently terminated from her position, where she was using her personal cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following corporate policies allows this action?
Scope creep
A client asking for small deviations from the scope of work is called:
Specific/Measurable/Attainable/Relevant/Timely
A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for?
Tolerance
After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process?
Reach out to an attorney for legal advice.
During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do?
Add the cloud host to the scope of work.
Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do?
Scanning and enumeration
Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing?
HIPAA
Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows?
Gray hat
Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario?
OWASP
Miguel is performing a penetration test on his client's web-based application. Which penetration test frameworks should Miguel utilize?
Whitelisting
Miguel is performing a penetration test. His client needs to add Miguel's computer to the list of devices allowed to connect to the network. What type of security exception is this?
Ethical hacking
Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term?
Performs offensive security tasks to test the network's security.
Randy was just hired as a penetration tester for the red team. Which of the following best describes the red team?
Reporting
The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. Which of the following is the key difference between these methodologies?
Threat modeling
The process of analyzing an organization's security and determining its security holes is known as:
Corporate policies
What are the rules and regulations defined and put in place by an organization called?
Risk assessment
What does an organization do to identify areas of vulnerability within their network and security systems?
Scope of Work
Which document explains the details of an objective-based test?
Focuses on the end results. The hacker determines the methods.
Which of the following best describes a goal-based penetration test?