CompTIA PenTest+ for Dummies Chapter 2 Test Prep

Question 1

What type of contract outlines the requirements of confidentiality between the two parties and the work being performed?
A.SOW
B.NDA
C.MSA
D.SLA

Answer 1

B.NDA

Explanation:
A non-disclosure agreement (NDA) is designed to outline the requirements of confidentiality between two parties and the work performed

Question 2

Bob is performing a pentest for Company XYZ.
During the planning and scoping phase, the company identified two web servers as targets for the pentest.
While scanning the network, Bob identified a third web server.
When discussing this new finding with the customer, the customer states the third server runs critical web applications and needs to be assessed as well.
What is this an example of?
A.Statement of Work
B.Master Service Agreement
C.Disclaimer
D.Scope Creep

Answer 2

D.Scope Creep

Explanation:
Scope creep is when the scope of the project is modified as the project is being performed

Question 3

You are drafting the agreement for the pentest and working on the disclaimer section.
What two key points should be covered by the disclaimer?
A.Compliance-based
B.Point-in-time
C.WSDL
D.Comprehensiveness

Answer 3

B.Point-in-time
D.Comprehensiveness

Explanation:
The disclaimer should cover the fact that the pentest is a point-in-time assessment and stress that the comprehensiveness of the assessment is based on the scope

Question 4

What type of contract is a description of the type of job being performed, the timeline and the cost of the job?
A.SOW
B.NDA
C.MSA
D.SLA

Answer 4

A.SOW

Explanation:
The statement of work (SOW) is a description of the work being performed, includes the timeline for the project and contains a breakdown of the cost for the project

Question 5

You have been hired to do the pentest for Company XYZ.
You acquired proper written authorization, performed the planning and scoping phase, and are ready to start discovery.
You connect your laptop to the customer network and are unable to obtain an IP Address from the company DHCP server.
WHich of the following could be the problem?
A.MSA
B.SSID
C.SOW
D.NAC

Answer 5

D.NAC

Explanation:
Network Access Control (NAC) is a suite of technologies that limits connections to the network based on health criteria

Question 6

You are performing the pentest for a company and have completed the planning and scoping phase.
You wish to do the pentest on the wireless networks.
What scoping element would you need?
A.MSA
B.NDA
C.SSID
D.NAC

Answer 6

C.SSID

Explanation:
The SSIDs of the wireless network should be identified during the planning and scoping phase so that you can be sure you have authorization to perform the assessment on the correct wireless networks

Question 7

What type of contract is used to define the terms of the repeat work performed?
A.MSA
B.NDA
C.SOW
D.NAC

Answer 7

A.MSA

Explanation:
The master service agreement (MSA) is used when repeat engagement occurs.
It contains the terms of the work being performed and is referenced from the statement of work (SOW)

Question 8

You drafted the agreement to perform the pentest, and you are now looking to have the agreement signed by the customer.
Who should sign the agreement on behalf of the customer?
A.Office Manager
B.IT Manager
C.Security Manager
D.Signing Authority

Answer 8

D.Signing Authority

Explanation:
The signing authority for the company, such as the business owner, should sign the agreement as proof of authorization

Question 9

You are working on the planning and scoping of the pentest, and you are concerned that the consultants performing the pentest will be blocked by security controls on the network.
What security feature would you look to leverage to allow the pentesters systems to communicate on the network?
A.Blacklisting
B.Whitelisting
C.NAC
D.Certificate Pinning

Answer 9

B.Whitelisting

Explanation:
Whitelisting is a method to allow systems to access network resources and bypass the security controls.

Whitelisted systems and applications are considered authorized systems and applications, as opposed to blacklisted systems, which are non-authorized components

Question 10

You are performing a pentest for a company that has requested the pentest because it is processing credit card payments from customers.
What type of assessment is being performed?
A.Goal-based assessment
B.Security-based assessment
C.Compliance-based assessment
D.Credit Card-based assessment

Answer 10

C.Compliance-based assessment

Explanation:
A compliance-based assessment is an assessment that is driven by the need to be compliant with laws and regulations that are governing an organization