Michael Solomon CompTIA Pentest+ Quiz 5 Flashcards
What term describes the process of changing collected output data to conform to a standard timeframe and format? A.Sanitation B.Normalization C.Alignment D.Cleansing
B.Normalization
Normalizing data that comes from different sources is the process of aligning various output formats with a standard that allows easier correlation and analysis. Sanitization and cleansing refer to removing invalid or unwanted data, and alignment is a generic term that describes any changes to adhere to some goal.
Which of the following tasks is part of the post-engagement cleanup activities? A.Remove shells B.Write penetration testing reports C.Attestation of findings D.Obtaining client acceptance
A.Remove shells
Post-cleanup activities include removing any artifacts left behind from the testing activities, including removing shells and other software. Writing the penetration test report preceded any post-engagement activities. Obtaining client acceptance and attestation of findings are part of the post-report delivery activities, but not post-engagement cleanup.
Which often overlooked phase of a penetration test can provide valuable input for future tests? A.Lessons learned B.Client acceptance C.Attestation of findings D.Report presentation
A.Lessons learned
When any project terminates, the tendency is to wrap everything up and move on. One of the most valuable, and often overlooked, activities in a project is assessing lessons learned. In this activity the team can learn both what went well and what did not. Client acceptance and report presentation are common phases and rarely overlooked, and attestation of findings is not always a required activity.
The PenTest+ objectives list which of the following findings as one of the common findings you might encounter? A.Cross Site Scripting (XSS) B.Sensitive data exposure C.Security misconfiguration D.Weak password complexity
D.Weak password complexity
Weak password vulnerability is one of the common findings listed in the PenTest+ exam objectives. The other vulnerabilities are all commonly found during pen tests, and all exist on the OWASP Top Ten Vulnerabilities list, but are not listed as common findings on the PenTest+ exam objectives.
What term do the PenTest+ objectives use for events that should result in communication to convey some aspect of project status? A.Plan B.Source C.Trigger D.Target
C.Trigger
An event that results in communication is called a communication trigger. Any time a trigger condition is met, such as a critical finding being discovered, communication should be initiated. The communication plan should contain details of communication triggers, and the source and target of each expected communication interaction.
