Security + Mod 2 Quiz
Planning
Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake?
Red Team
Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on?
They would have to stay overnight to perform the test.
Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo?
Scope
Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation?
Requests for comments (RFCs)
What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas?
Active reconnaissance
What is another name for footprinting?
Black box
What penetration testing level name is given to testers who have no knowledge of the network and no special privileges?
Lateral movement
When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique?
ISO 31000
Which ISO contains controls for managing and controlling risk?
CSA
Which group is responsible for the Cloud Controls Matrix?
Reporting
Which is the final rule of engagement that would be conducted in a pen test?
Regulations
Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals?
SOAR
Which of the following can automate an incident response?
Automated
Which of the following is NOT a characteristic of a penetration test?
Which of the following is NOT a general information source that can provide valuable in-depth information on cybersecurity?
Less expensive
Which of the following is NOT an advantage of crowdsourced penetration testing?
PCI DSS
Which of the following is a standard for the handling of customer card information?
Incident response
Which of the following is not something that a SIEM can perform?
Threat actors have already infiltrated our network.
Which premise is the foundation of threat hunting?
