Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
ethical hacking f1
| Question | Answer |
|---|---|
| What kind of security weakness is evaluated by application-based penetration tests? Group of answer choices wireless deployment firewall security data integrity between a client and a cloud provider logic flaws | logic flaws |
| Which penetration testing methodology is a comprehensive guide focused on web application testing? Group of answer choices OSSTMM OWASP WSTG NIST SP 800-115 MITRE ATT&CK | OWASP WSTG |
| Which tools should be used to perform a wireless infrastructure penetration test? Group of answer choices proxy interception tools web vulnerability detection tools de-authorizing network devices tools traffic manipulation tools | de-authorizing network devices tools |
| Which two options are phases in the Information Systems Security Assessment Framework (ISSAF)? (Choose two.) Group of answer choices Vulnerability identification Pre-engagement interactions Post-exploitation Reporting Maintaining access | Vulnerability identification Maintaining access |
| What is an insider threat attack? | An attack perpetrated by disgruntled employees inside an organization. |
| What characterizes a partially known environment penetration test? | The test is a hybrid approach between unknown and known environment tests. |
| Which statement best describes the term ethical hacker? | a person who mimics an attacker to evaluate the security posture of a network |
| What does the “Health Monitoring” requirement mean when setting up a penetration test lab environment? | The tester needs to be able to determine the causes when something crashes. |
| A company hires a cybersecurity consultant to perform penetration tests. What is the key difference between unknown-environment testing and known-environment testing? | the amount of information provided to the consultant |
| Which U.S. government agency is responsible for enforcing the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act (GLB Act)? | Federal Trade Commission (FTC) |
| A company hires a cybersecurity consultant to perform penetration tests. What can cause scope creep of the engagement? | ineffective identification of what technical and nontechnical elements will be required for the penetration test |
| A company hires a cybersecurity consultant to assess applications using different APIs. Which document should the company provide to the consultant about an XML-based language used to document a web service’s functionality? | Web Services Description Language (WSDL) document |
| A company hires a cybersecurity professional to perform penetration tests to assess government regulation compliance. Which legal document should be provided to the cybersecurity professional that specifies the expectations and constraints | service-level agreement (SLA) |
| In the healthcare sector, which term defines an entity that processes nonstandard health information it receives from another entity into a standard format? | healthcare clearinghouse |
| What are two examples of sensitive authentication data associated with a payment card that requires compliance with the Payment Card Industry Data Security Standard (PCI DSS)? (Choose two.) | full magnetic strip data or equivalent data on a chip CAV2/CVC2/CVV2/CID |
| When conducting an application-based penetration test on a web application, the assessment should also include testing access to which resources? | back-end databases |
| What characterizes a partially known environment penetration test? | The test is a hybrid approach between unknown and known environment tests. |
| Which statement best describes the term ethical hacker? | a person who mimics an attacker to evaluate the security posture of a network |
| What is the purpose of bug bounty programs used by companies? | reward security professionals for finding vulnerabilities in the systems of the company |
| In the healthcare sector, which term is used to define an entity that provides payment for medical services? | health plan |
| In e-commerce, what determines the application of the Payment Card Industry Data Security Standard (PCI DSS) requirements? | primary account number |
| What are two examples of sensitive authentication data associated with a payment card that requires compliance with the Payment Card Industry Data Security Standard (PCI DSS)? (Choose two.) | full magnetic strip data or equivalent data on a chip CAV2/CVC2/CVV2/CID |
Created by:
f3xo