Chapter 2 Flashcards
What term describes a document created to define project-specific activities, deliverables, and
timelines based on an existing contract?
C. SOW ( Statement of work)
MSA (master services agreement) contract reached between parties, in which the parties agree to most of the terms that will govern future transactions or future agreements.
Maria wants to build a penetration testing process for her organization and intends to
start with an existing standard or methodology.
Which of the following is not suitable for
that purpose?
A. ISSAF
B. OSSTM
C. PTES
D. ATT&CK
D. ATT&CK (Describes adversary tactics)
Which of the following types of penetration test would provide testers with complete visibility into the configuration of a web server without having to compromise the server to gain
that information?
A. Unknown environment
B. Partial knowledge
C. Known environment
D. Zero knowledge
C. Known environment
During a penetration test scoping discussion, Charles is asked to test the organization’s SaaSbased email system.
What concern should he bring up?
A. Cloud-based systems require more time and effort.
B. Determining the scope will be difficult due to the size of cloud-hosted environments.
C. Cloud service providers do not typically allow testing of their services.
D. Testing cloud services is illegal.
C. Cloud service providers do not typically allow testing of their services.
(Large environment that will take awhile to scope)
What type of legal agreement typically covers sensitive data and information that a penetration tester may encounter while performing an assessment?
B. An NDA
What does an MSA typically include?
A. The terms that will govern future agreements
During a penetration test, Alex discovers that he is unable to scan a server that he was able to
successfully scan earlier in the day from the same IP address. What has most likely happened?
A. His IP address was whitelisted.
B. The server crashed.
C. The network is down.
D. His IP address was blacklisted.
D. His IP address was blacklisted.
While performing an on-site penetration test, Cassandra plugs her laptop into an accessible
network jack. When she attempts to connect, however, she does not receive an IP address and
gets no network connectivity. She knows that the port was working previously. What technology has her target most likely deployed?
C. NAC
(Network Access Control) she is unable to access the network until her system is approved.
What type of penetration test is not aimed at identifying as many vulnerabilities as possible
and instead focuses on vulnerabilities that specifically align with the goals of gaining control
of specific systems or data?
An objectives-based assessment
During an on-site penetration test, what scoping element is critical for wireless assessments
when working in shared buildings?
C. SSIDs (Penning the wrong network could cause legal or criminal repercussions)
Ruchika has been asked to conduct a penetration test against internal business systems at a
mid-sized company that operates only during a normal day shift. The test will be run against
critical business systems.
What restriction is most likely to be appropriate for the testing?
A. Time of day
During a penetration test specifically scoped to a single web application, Chris discovers that
the web server also contains a list of passwords to other servers at the target location. After
he notifies the client, they ask him to use them to validate those servers, and he proceeds to
test those passwords against the other servers. What has occurred?
C. Scope creep
(additional items are added to the scope of the assessment)
Lucas has been hired to conduct a penetration test of an organization that processes credit
cards. His work will follow the recommendations of the PCI DSS. What type of assessment is
Lucas conducting?
D. A compliance-based assessment
The penetration testing agreement document that Greg asks his clients to sign includes a
statement that the assessment is valid only at the point in time at which it occurs. Why does
he include this language?
A. His testing may create changes.
B. The environment is unlikely to be the same in the future.
C. Attackers may use the same flaws to change the environment.
D. The test will not be fully comprehensive.
B. The environment is unlikely to be the same in the future.
The company that Ian is performing a penetration test for uses a wired network for their
secure systems and does not connect it to their wireless network.
What environmental
consideration should Ian note if he is conducting a partial knowledge penetration test?
A. He needs to know the IP ranges in use for the secure network.
B. He needs to know the SSIDs of any wireless networks.
C. Physical access to the network may be required.
D. Physical access a nearby building may be required.
C. Physical access to the network may be required.
Megan wants to gather data from a service that provides data to an application. What type
of documentation should she look for from the application’s vendor?
A. Database credentials
B. System passwords
C. API documentation
D. Network configuration settings
C. API documentation
Charles has completed the scoping exercise for his penetration test and has signed the
agreement with his client. Whose signature should be expected as the counter signature?
A. The information security officer
B. The project sponsor
C. The proper signing authority
D. An administrative assistant
C. The proper signing authority
Elaine wants to ensure that the limitations of her red-team penetration test are fully
explained. Which of the following are valid disclaimers for her agreement? (Choose two.)
A. Risk tolerance
B. Point-in-time
C. Comprehensiveness
D. Impact tolerance
B. Point-in-time
C. Comprehensiveness
Jen wants to conduct a penetration test and includes mobile application testing. Which standard or methodology is most likely to be useful for her efforts?
A. NIST
B. OWASP
C. KALI
D. ISSAF
B. OWASP (Open Worldwide Application Security Project)
provides mobile application testing guidelines as part of their documentation
What type of assessment most closely simulates an actual attacker’s efforts?
A. A red-team assessment with a zero knowledge strategy
B. A goals-based assessment with a full knowledge strategy
C. A red-team assessment with a full knowledge strategy
D. A compliance-based assessment with a zero knowledge strategy
A. A red-team assessment with a zero knowledge strategy
What does Goals-based / objectives based assessment include?
Specific reasons, validating new security, testing an app or service, assessing security of an org that has recently been acquired.
What does a compliance-based assessment include?
Designed around the compliance objectives of a law, requires the organization to have an assessment performed.
What does a red-team assessment include?
Attempt to act like an attacker, targeting sensitive data or systems with the goal of acquiring data and access.
What is a known environment test?
Also known as white box, crystal box, or full knowledge tests.
Performed with full knowledge of the
underlying technology, configurations, and settings that make up the target.
