What testing technique does not provide the pen testers with additional knowledge of the organization or network they are testing prior to the official start of the assessment?

Responses

A Black boxBlack box

B White boxWhite box

C Vulnerability testingVulnerability testing

D None of the aboveNone of the above

Question $2$

What type of events are training exercises where professionals within an organization focus on discussing the responsibility of each of their roles during a hypothetical event?

Responses

A Penetration testingPenetration testing

B Tabletop exercisesTabletop exercises

C Capture the flagCapture the flag

D Vulnerability assessmentsVulnerability assessments

Question $3$

What term in physical security describes slipping past a badge reader by convincing someone to hold the door open?

Responses

A Man trapMan trap

B PentestingPentesting

C TailgatingTailgating

D Shoulder surfingShoulder surfing

Question $4$

Which approach to penestration testing are the testers given detailed information about the organization or network they are testing prior to the official start of the pen test?

Responses

A Black boxBlack box

B Blue boxBlue box

C Red boxRed box

D White boxWhite box

Question $5$

As a cyber defender or incident response team member, it is important to know which module of the MITRE ATT&CK framework an alert is related to$.$

Responses

True

True

False

False

Question $6$

What are the core functions of the Cybersecurity Framework?

Responses

A Identify, Protect, Detect, Respond, RecoverIdentify, Protect, Detect, Respond, Recover

B Identify, Authorize, Authenticate, AuditIdentify, Authorize, Authenticate, Audit

C Deceive, Detect, Distract, DefendDeceive, Detect, Distract, Defend

D Protect, Authorize, Defend, Respond, RecoverProtect, Authorize, Defend, Respond, Recover

Question $7$

MITRE ATT&CK framework collects tactics, techniques, and procedures.

Responses

True

True

False

False

Question $8$

What framework used in cybersecurity identifies the top ten web application vulnerabilities periodically?

Responses

A NIST CSFNIST CSF

B MITRE ATT&CK$$MITRE ATT&CK$$

C OWASPOWASP

D ISO $27000$ISO $27000$

Question $9$

Which legal contract used in penetration testing provides a framework for payment, scheduling, and general terms of the organizations conducting business $($such as the purpose of conducting business, limits of liability, how to handle a breach of contract, dispute resolution, and other information$)?$

Responses

A NDANDA

B ROEROE

C MSAMSA

D BAABAA

Question $10$

HIPAA regulations require which legal contract as part of any security test?$$

Responses

A BAABAA

B SOWSOW

C MSAMSA

D NCANCA

Question $11$

Nondisclosure agreements protect the information a penetration tester may find and provide legal recourse if either organization shares unauthorized information about the other.$$

Responses

True

True

False

False

Question $12$

Cybersecurity team objectives, such as whether a cybersecurity team will be informed of a penetration test ahead of time, do not need to be documented.

Responses

True

True

False

False

Question $13$

What term is commonly used in penetration testing to describe the most important data and$/$or system within an organization$$s environment?

Responses

A Crown jewelsCrown jewels

B First priorityFirst priority

C Level $1$ assetsLevel $1$ assets

D Blue devicesBlue devices

Question $14$

What type of scanning technique conducted from a vulnerability assessment tool does not transmit a signal?

Responses

A Active scanningActive scanning

B Passive scanningPassive scanning

C Credentialed scanningCredentialed scanning

D Non$-$credentialed scanningNon$-$credentialed scanning

Question $15$

What type of scan requires no agents on the device?

Responses

A Stateful scanStateful scan

B Black box scanBlack box scan

C Captured scanCaptured scan

D Agentless scanAgentless scan

Question $16$

A

validation result means that a scanner reported the absence of a vulnerability incorrectly, and while the scanner said there was no vulnerability, one does exist.$$

Question $17$

Which type of vulnerability scan provides the greatest amount of useful information for a penetration tester or attacker?

Responses

A CredentialedCredentialed

B Non$-$credentialedNon$-$credentialed

Question $18$

It is best to scan as much of a network as possible in one scan to not add extra traffic to the network continuously.$$

Responses

True

True

False

False

Question $19$

Scanners are not just for scanning assets to find if patches are missing, but also to test an organization$$s defenses.

Responses

True

True

False

False

Question $20$

What term is used to describe a cybersecurity test used to determine the resiliency of a network and$/$or device$($s$)$ against both internal and external threats and vulnerabilities?

Responses

A Red team assessmentRed team assessment

B Wirel