CIS-4200 Chapter 2 quiz
The actual penetration test, the attack phase of the NIST 800-115 standard, is a cyclical process that is divided into how many steps?
4
The Pen Testing Execution Standard (PTES) recommends how many stages?
7
Which of the following is a PCI DSS control objective of security that must be met in order for a network to be security compliant?
All of the above Regularly monitor and test networks Maintain a vulnerability management program Build and maintain a secure network
Which level of security testing for NSA-IAM involves the use of tools for diagnosing and finding flaws?
Assessment Level II
Which level of security testing for NSA-IAM is called Red Team exercises?
Assessment Level III
Which of the following is a not for profit organization that originated in the UK and offers training and certification in cyber security?
CREST
Which of the following requires the certification test taker to understand relevant cyber laws and to have at least a working knowledge of networking?
CREST
Which of the following statements about CREST is true?
CREST is not a standard; it is a certification.
In which stage of the PTES penetrating testing process will you actually attempt to breach the target network?
Exploitation
Which of the following techniques in the execution phase of the NIST 800-115 standard identifies communication paths and facilitates the determination of network architectures?
Network Discovery
Which of the following is well known for their list of the top vulnerabilities found in web applications in the previous year?
OWASP
Which phase of the NSA-IAM standard includes tasks such as conducting an opening meeting and developing initial recommendations?
On-site assessment
Which of the following is the penetration testing standard used by Visa, Mastercard, American Express, and Discover?
PCI DSS
Which of the following is not one of the three conceptual areas of PCI DSS testing concepts that must be addressed prior to the test engagement?
Planning
Which phase of the NSA-IAM standard includes obtaining expertise to assist you?
Post- Assessment
In which stage of the penetration testing process does the PTES recommend first defining the scope?
Pre-engagement interactions
Which of the following penetration testing standards uses these three phases: Planning, Execution, and Post-Execution?
NIST 800-115
Which security standard provides a board overview of computer security and was written with federal agencies in mind?
NIST 800-12, Revision 1
Which security standard describes 8 principles and 14 practices that can be used to develop security policies, with a significant focus on auditing user activity on a network?
NIST 800-14
Which security standard recommends best practices for initiating, implementing, and maintaining information security management system (ISMS)?
ISO-27002