Answered step by step
Verified Expert Solution
Question
1 Approved Answer
What testing technique does not provide the pen testers with additional knowledge of the organization or network they are testing prior to the official start
What testing technique does not provide the pen testers with additional knowledge of the organization or network they are testing prior to the official start of the assessment?
Responses
A Black boxBlack box
B White boxWhite box
C Vulnerability testingVulnerability testing
D None of the aboveNone of the above
Question
What type of events are training exercises where professionals within an organization focus on discussing the responsibility of each of their roles during a hypothetical event?
Responses
A Penetration testingPenetration testing
B Tabletop exercisesTabletop exercises
C Capture the flagCapture the flag
D Vulnerability assessmentsVulnerability assessments
Question
What term in physical security describes slipping past a badge reader by convincing someone to hold the door open?
Responses
A Man trapMan trap
B PentestingPentesting
C TailgatingTailgating
D Shoulder surfingShoulder surfing
Question
Which approach to penestration testing are the testers given detailed information about the organization or network they are testing prior to the official start of the pen test?
Responses
A Black boxBlack box
B Blue boxBlue box
C Red boxRed box
D White boxWhite box
Question
As a cyber defender or incident response team member, it is important to know which module of the MITRE ATT&CK framework an alert is related to
Responses
True
True
False
False
Question
What are the core functions of the Cybersecurity Framework?
Responses
A Identify, Protect, Detect, Respond, RecoverIdentify, Protect, Detect, Respond, Recover
B Identify, Authorize, Authenticate, AuditIdentify, Authorize, Authenticate, Audit
C Deceive, Detect, Distract, DefendDeceive, Detect, Distract, Defend
D Protect, Authorize, Defend, Respond, RecoverProtect, Authorize, Defend, Respond, Recover
Question
MITRE ATT&CK framework collects tactics, techniques, and procedures.
Responses
True
True
False
False
Question
What framework used in cybersecurity identifies the top ten web application vulnerabilities periodically?
Responses
A NIST CSFNIST CSF
B MITRE ATT&CKMITRE ATT&CK
C OWASPOWASP
D ISO ISO
Question
Which legal contract used in penetration testing provides a framework for payment, scheduling, and general terms of the organizations conducting business such as the purpose of conducting business, limits of liability, how to handle a breach of contract, dispute resolution, and other information
Responses
A NDANDA
B ROEROE
C MSAMSA
D BAABAA
Question
HIPAA regulations require which legal contract as part of any security test?
Responses
A BAABAA
B SOWSOW
C MSAMSA
D NCANCA
Question
Nondisclosure agreements protect the information a penetration tester may find and provide legal recourse if either organization shares unauthorized information about the other.
Responses
True
True
False
False
Question
Cybersecurity team objectives, such as whether a cybersecurity team will be informed of a penetration test ahead of time, do not need to be documented.
Responses
True
True
False
False
Question
What term is commonly used in penetration testing to describe the most important data andor system within an organizations environment?
Responses
A Crown jewelsCrown jewels
B First priorityFirst priority
C Level assetsLevel assets
D Blue devicesBlue devices
Question
What type of scanning technique conducted from a vulnerability assessment tool does not transmit a signal?
Responses
A Active scanningActive scanning
B Passive scanningPassive scanning
C Credentialed scanningCredentialed scanning
D Noncredentialed scanningNoncredentialed scanning
Question
What type of scan requires no agents on the device?
Responses
A Stateful scanStateful scan
B Black box scanBlack box scan
C Captured scanCaptured scan
D Agentless scanAgentless scan
Question
A
validation result means that a scanner reported the absence of a vulnerability incorrectly, and while the scanner said there was no vulnerability, one does exist.
Question
Which type of vulnerability scan provides the greatest amount of useful information for a penetration tester or attacker?
Responses
A CredentialedCredentialed
B NoncredentialedNoncredentialed
Question
It is best to scan as much of a network as possible in one scan to not add extra traffic to the network continuously.
Responses
True
True
False
False
Question
Scanners are not just for scanning assets to find if patches are missing, but also to test an organizations defenses.
Responses
True
True
False
False
Question
What term is used to describe a cybersecurity test used to determine the resiliency of a network andor devices against both internal and external threats and vulnerabilities?
Responses
A Red team assessmentRed team assessment
B Wirel
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started