Lesson 1- Scoping Organizational/Customer Requirement Flashcards
What is the name of the Standard that requires a Report on Compliance (RoC)
Payment Card Industry Data Security Standard
PCI DSS
True of False - Level 1 and Level 2 Merchants require a RoC?
True
Level 1 must have an external auditor perform the assessment by an approve assessor (QSA)
What state enacted the Stop Hacks and Improve Electronic Data Security also known as SHIELD
New York
Which Special Publications of NIST Focus on Cybersecurity and what specific one is for Information Security and Testing
SP 800 Series
SP 800-115
Which framework provides a holistic structure approach to Penetration Testing
Open-Source Security Testing Methodology Manual - OSSTMM
Which Penetration Testing Framework provides technical guidance
Information Security Assessment Framework (ISSAF)
Which Penetration Standard consists of 7 Main sections and approaches the standard business impact?
Penetration Testing Execution Standard (PTES)
Pre-Engagement Interactions
Intelligence Gathering
Threat Modeling
Vulnerability Analysis
Exploitation
Post Exploitation
Reporting
What is the tool that provides techniques specific to PenTesting and what organization provides this
Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)
from MITRE Corp
What is the main goal of a Penetration Test
Identifying and mitigating vulnerabilities
What is the name of the system that rates the severity of vulnerabilities
Common Vulnerability Scoring System (CVSS)
What is the scheme for identifying vulnerabilities developed my MITRE and adopted by NIST. What is fed into this?
Common Vulnerabilities and Exposure (CVE)
Information from CVSS is fed into CVE.
National Vulnerability Database is superset of the CVE Database
What is the dictionary of software-related vulnerabilities maintained by MITRE called
Common Weakness Enumeration (CWE)
