Save
Upgrade to remove ads
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Ethical Hack M1&2

QuestionAnswer
Which three options are phases in the Penetration Testing Execution Standard (PTES)? (Choose three.) Threat modeling Exploitation Reporting
Which threat actor term describes a well-funded and motivated group that will use the latest attack techniques for financial gain? organized crime
Which option is a Linux distribution that includes penetration testing tools and resources? BlackArch
What characterizes a known environment penetration test? The tester could be provided with network diagrams, IP addresses, configurations, and user credentials.
What is a state-sponsored attack? An attack perpetrated by governments worldwide to disrupt or steal information from other nations.
Which type of threat actor uses cybercrime to steal sensitive data and reveal it publicly to embarrass a target? hacktivist
Which tools should be used for testing the server and client platforms in an environment? vulnerability scanning tools
Which statement best describes the term ethical hacker? a person who mimics an attacker to evaluate the security posture of a network
What two resources are evaluated by a network infrastructure penetration test? (Choose two.) IPSs AAA servers
What does the “Health Monitoring” requirement mean when setting up a penetration test lab environment? The tester needs to be able to determine the causes when something crashes.
Which U.S. government agency is responsible for enforcing the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act (GLB Act)? Federal Trade Commission (FTC)
In the healthcare sector, which term defines an entity that processes nonstandard health information it receives from another entity into a standard format? healthcare clearinghouse
What are two examples of sensitive authentication data associated with a payment card that requires compliance with the Payment Card Industry Data Security Standard (PCI DSS)? (Choose two.) CAV2/CVC2/CVV2/CID full magnetic strip data or equivalent data on a chip
A company hires a cybersecurity consultant to perform penetration tests. The consultant is working with the company to set up communication procedures. Which two protocols should be considered for exchanging emails securely? (Choose two.) S/MIME PGP
In the healthcare sector, which term is used to define an entity that provides payment for medical services? health plan
A company hires a cybersecurity consultant to perform penetration tests. What can cause scope creep of the engagement? ineffective identification of what technical and nontechnical elements will be required for the penetration test
An US university in California plans to offer online courses to students in partner universities in France and Germany. Which regulation should the university follow when those courses are offered? GDPR
An Internal Revenue Service office in New York is considering moving some services to a cloud computing platform. Which U.S. government regulation must the office follow in the process? FedRAMP
In e-commerce, what determines the application of the Payment Card Industry Data Security Standard (PCI DSS) requirements? primary account number
A company hires a cybersecurity consultant to assess vulnerability on crucial web application devices such as web and database servers. Which document should the company provide to help the consultant document and define what systems are in the testing? system and network architectural diagram
Which tools should be used to perform a wireless infrastructure penetration test? de-authorizing network devices tools
Which penetration testing methodology is a comprehensive guide focused on web application testing? OWASP WSTG
Which type of penetration test would only provide the tester with limited information such as the domain names and IP addresses in the scope? unknown-environment test
What is the purpose of bug bounty programs used by companies? reward security professionals for finding vulnerabilities in the systems of the company
Which two options are phases in the Open Source Security Testing Methodology Manual (OSSTMM)? (Choose two.) Work Flow Trust Analysis
What is an insider threat attack? An attack perpetrated by disgruntled employees inside an organization.
Which two options are phases in the Information Systems Security Assessment Framework (ISSAF)? (Choose two.) Maintaining access Vulnerability identification
A company hires a cybersecurity consultant to assess applications using different APIs. Which document should the company provide to the consultant about a query language for APIs and a language for executing queries at runtime? GraphQL documentation
A company hires a cybersecurity consultant to perform penetration tests. What is the key difference between unknown-environment testing and known-environment testing? the amount of information provided to the consultant
A company hires a cybersecurity consultant to perform penetration tests. What should be the consultant’s first step in validating the engagement scope? Question the company contact person and review contracts.
A company hires a cybersecurity consultant to assess applications using different APIs. Which document should the company provide to the consultant about an XML-based language used to document a web service’s functionality? Web Services Description Language (WSDL) document
A company hires a cybersecurity consultant to perform penetration testing to assess government regulation compliance. Which document must the consultant receive that specifies the agreement between the consultant and the company for the penetration contract
What kind of security weakness is evaluated by application-based penetration tests? logic flaws
Match the penetration testing methodology to the description.
MITRE ATT&CK collection of different matrices of tactics and techniques that adversaries use while preparing for an attack
OWASP WSTG covers the high-level phases of web application security testing
NIST SP 800-115 provides organizations with guidelines on planning and conducting information security testing
OSSTMM lays out repeatable and consistent security testing
PTES provides information about types of attacks and methods
Sometimes a tester cannot virtualize a system to do the proper penetration testing. What action should be taken if a system cannot be tested in a virtualized environment? a full backup of the system
A company hires a cybersecurity consultant to perform penetration testing to assess government regulation compliance. The company wants the consultant to disclose information to them and no one else. Which type of NDA agreement should be presented to the unilateral NDA
A company hires a cybersecurity professional to perform penetration testing to assess government regulation compliance. Which document will be provided to the cybersecurity professional that specifies a detailed and descriptive list of all the deliverable statement of work (SOW)
A company hires a cybersecurity consultant to perform penetration tests and review the rules of engagement documents. What are three examples of typical elements in the rules of engagement document? (Choose three.) preferred method of communication testing timeline location of testing
Which tool should be used to perform an application-based penetration test? interception proxies tool
Which tool would be useful when performing a network infrastructure penetration test? bypassing firewalls and IPSs tool
What characterizes a partially known environment penetration test? The test is a hybrid approach between unknown and known environment tests.
Which option is a Linux distribution URL that provides a convenient learning environment about pen testing tools and methodologies? parrotsec.org
A company hires a cybersecurity professional to perform penetration tests to assess government regulation compliance. Which legal document should be provided to the cybersecurity professional that specifies the expectations and constraints, including qual service-level agreement (SLA)
Match the parts of Recommendation for Key Management in the NIST SP 800-57 to the description.
Part 1: General provides general guidance and best practices for the management of cryptographic keying material
Part 2: Best Practices for Key Management Organization provides guidance on policy and security planning requirements for U.S. government agencies
Part 3: Application Specific Key Management Guidance provides guidance when using the cryptographic features of current systems
A company hires a cybersecurity consultant to perform penetration tests and review the rules of engagement documents. The consultant notices that one element specifies that the tests should be performed toward only web applications on websites www1.compan types of allowed or disallowed tests
When conducting an application-based penetration test on a web application, the assessment should also include testing access to which resources? back-end databases
Which tools should be used to perform a wireless infrastructure penetration test? de-authorizing network devices tools
A company hires a cybersecurity consultant to assess vulnerability on crucial web application devices such as web and database servers. Which document should the company provide to help the consultant document and define what systems are in the testing? system and network architectural diagram
An employee of a cybersecurity consulting firm in the U.S. is assigned to help assess the system and operation vulnerabilities of several financial institutions in Europe. The task includes penetration tests for compliance. What is a key element the emplo documentation of permission for performing the tests from the client institutions
A company hires a cybersecurity professional to perform penetration testing to assess government regulation compliance. Which document will be provided to the cybersecurity professional that specifies a detailed and descriptive list of all the deliverable
Created by: jxxnixx
 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards