7.4.5 Practice Questions Flashcards
Question 1.
You have been hired as part of the team that manages an organization’s network defense.
Which security team are you working on?
answer
White
Blue
Red
Purple
Correct Answer:
Blue
Question 2.
As part of a special program, you have discovered a vulnerability in an organization’s website and reported it to the organization. Because of the severity, you are paid a good amount of money.
Which type of penetration test are you performing?
answer:
Bug bounty
White box
Gray box
Black box
Correct Answer:
Bug bounty
Question 3.
Which phase or step of a security assessment is a passive activity?
answer
Privilege escalation
Reconnaissance
Enumeration
Vulnerability mapping
Correct Answer:
Reconnaissance
Question 4.
Which team performs the offensive role in a penetration exercise?
answer
White team
Blue team
Red team
Purple team
Correct Answer:
Red team
Question 5.
The IT department in an accounting firm is gearing up for an external penetration testing engagement to evaluate the organization’s security readiness.
To guarantee a seamless testing process and prevent misunderstandings, the IT team has worked closely with the company’s management and relevant stakeholders to set up the rules of engagement (ROE) for the assessment.
What is the purpose of establishing rules of engagement during a penetration testing engagement?
-To define the scope of the assessment, testing methods, and timeframe for conducting the test.
-To eliminate all security vulnerabilities identified during the testing process.
-To allow penetration testers unrestricted access to all systems and data within the organization.
-To ensure the penetration test results are shared with external parties to strengthen collaboration.
Correct Answer:
To define the scope of the assessment, testing methods, and timeframe for conducting the test.
Question 6.
You have been promoted to team lead of one of the security operations teams.
Which security team are you now a part of?
Blue
Red
White
Purple
Correct Answer:
White
Question 7.
A cybersecurity team is preparing to conduct a comprehensive security assessment. The team has access to system documentation, network diagrams, and source code and has permission to interview IT staff.
What type of testing environment is the team operating within?
answer
-Known environment
-Partially known environment
-Uncontrolled environment
-Unknown environment
Correct Answer:
Known environment
Question 8.
A cybersecurity team at an organization prepares to carry out an assessment that aims to mimic potential attackers’ tactics, techniques, and procedures (TTPs) to identify vulnerabilities and weaknesses in the organization’s digital systems.
What type of penetration test is the team about to conduct?
answer
-Integrated penetration testing
-Offensive penetration testing
-Physical penetration testing
-Defensive penetration testing
Correct Answer:
Offensive penetration testing
Question 9.
The IT security team of a company has concerns about network vulnerabilities and hires an external penetration tester to evaluate its security controls and identify potential risks.
The company provides the penetration tester with fragments of network information and permits them to use reconnaissance techniques for further information gathering.
What penetration testing method is the company using?
answer
-Partially known environment penetration testing
-Open-source intelligence gathering
-Unknown environment penetration testing
-Known environment penetration testing
Correct Answer:
Partially known environment penetration testing
Question 10.
A software company has completed in-house testing and auditing and is bringing in an outside source to attempt to compromise the new software. The project head wants to ensure that the MOST realistic testing goes against the software.
What type of penetration testing will the outside source use on this new software?
answer
-Unknown environment
-Known environment
-Environmental variables
-Partially known environment
Correct Answer:
Unknown environment
