Domain 5: Procedures

Question 1

What is the importance of documenting security assessments?

Answer 1

Documentation provides evidence of testing, helps in tracking progress, and aids in compliance and reporting.

Question 2

What should be included in a penetration testing report?

Answer 2

Executive summary, findings, recommendations, risk assessment, and remediation strategies.

Question 3

Describe the importance of change management in security.

Answer 3

Change management ensures that changes to systems are made systematically to avoid introducing new vulnerabilities.

Question 4

What are some common post-exploitation techniques?

Answer 4

Maintaining access, escalating privileges, and covering tracks.

Question 5

What are some best practices for securing a web application?

Answer 5

Input validation, using HTTPS, implementing proper authentication and authorization, and regularly updating software.

Question 6

What is a risk assessment?

Answer 6

The process of identifying, analyzing, and evaluating risks to an organization’s information systems and assets.

Question 7

Describe the process of incident response.

Answer 7

Identifying, analyzing, containing, eradicating, recovering from, and learning from security incidents.