Question 1

Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake?

Accepted Answer

Planning

Answer

Documentation

Answer

Budgeting

Answer

Approval

Question 2

Which of the following is NOT a characteristic of a penetration test?

Accepted Answer

Automated

Answer

Performed occasionally

Answer

Finds deep vulnerabilities

Answer

May use internal employees or external consultants

Question 3

Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on?

Accepted Answer

Red Team

Answer

Blue Team

Answer

Purple Team

Answer

White Team

Question 4

Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo?

Accepted Answer

They would have to stay overnight to perform the test.

Answer

Employees may have a reluctance to reveal a vulnerability.

Answer

There may be a lack of expertise.

Answer

The employees could not have inside knowledge of the network that would give them an advantage.

Question 5

What penetration testing level name is given to testers who have no knowledge of the network and no special privileges?

Accepted Answer

Black box

Answer

White box

Answer

Purple box

Answer

Gray box

Question 6

Which of the following is NOT an advantage of crowdsourced penetration testing?

Accepted Answer

Less expensive

Answer

Conducting multiple tests simultaneously

Answer

Faster testing

Answer

Ability to rotate teams

Question 7

Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation?

Accepted Answer

Scope

Answer

Exploitation

Answer

Targets

Answer

Limitations and exclusion

Question 8

Which is the final rule of engagement that would be conducted in a pen test?

Accepted Answer

Reporting

Answer

Communication

Answer

Cleanup

Answer

Exploitation

Question 9

What is another name for footprinting?

Accepted Answer

Active reconnaissance

Answer

Revealing

Answer

High-level reconnaissance

Answer

Modeling

Question 10

When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique?

Accepted Answer

Lateral movement

Answer

Squaring up

Answer

Jumping

Answer

Twirling

Question 11

What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas?

Accepted Answer

Requests for comments (RFCs)

Answer

Blue papers

Answer

White notebooks

Answer

Cybersecurity feeds

Question 12

Which of the following is NOT a general information source that can provide valuable in-depth information on cybersecurity?

Accepted Answer

Twitter

Answer

Vendor websites

Answer

Local industry groups

Answer

Conferences

Question 13

Which of the following is a standard for the handling of customer card information?

Accepted Answer

PCI DSS

Answer

OSS XRS

Answer

RMR CDC

Answer

DRD STR

Question 14

Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals?

Accepted Answer

Regulations

Answer

Legislation

Answer

Benchmarks

Answer

White papers

Question 15

Which group is responsible for the Cloud Controls Matrix?

Accepted Answer

CSA

Answer

OSINT

Answer

CIS

Answer

NIST

Question 16

Tuva’s supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva’s supervisor want to distribute?

Accepted Answer

SSAE SOC 2 Type II

Answer

SSAE SOC 3 Type IV

Answer

SSAE SOC 2 Type III

Answer

SSAE SOC 3 Type X

Question 17

Which ISO contains controls for managing and controlling risk?

Accepted Answer

ISO 31000

Answer

ISO 2711101

Answer

ISO XRS

Answer

ISO 27555

Question 18

Which premise is the foundation of threat hunting?

Accepted Answer

Threat actors have already infiltrated our network.

Answer

Attacks are becoming more difficult.

Answer

Pivoting is more difficult to detect than before.

Answer

Cybercrime will only increase.

Question 19

Which of the following can automate an incident response?

Accepted Answer

SOAR

Answer

SOSIA

Answer

SIEM

Answer

CVCC

Question 20

Which of the following is not something that a SIEM can perform?

Accepted Answer

Incident response

Answer

Sentiment analysis

Answer

User behavior analysis

Related quizzes

Related quizzes