Q. What is included in the scope of penetration tests according to PCI DSS?

View solution

Q. What is the frequency requirement for external penetration testing according to PCI DSS?

View solution

Q. What are the two major benefits of using internal teams for penetration testing?

View solution

Q. What are the primary disadvantages of using internal teams for penetration testing?

View solution

Q. What is important if an organization chooses to use an internal penetration testing team?

View solution

Q. What benefit do external penetration testing teams generally bring?

View solution

Q. What is the significance of conducting periodic penetration tests?

View solution

Q. For what reason are periodic penetration tests considered necessary?

View solution

Q. Why is it important to rotate team members in penetration testing?

View solution

Q. What is the primary focus of the Information Gathering and Vulnerability Scanning stage in the penetration testing process?

View solution

Q. What is the Cyber Kill Chain model?

View solution

Q. How many stages are there in the Cyber Kill Chain model?

View solution

Q. What is the equivalent phase in the penetration testing process to the Cyber Kill Chain's "Reconnaissance" phase?

View solution

Q. What is the purpose of the "Weaponization" phase in the Cyber Kill Chain?

View solution

Q. What happens during the "Delivery" phase in the Cyber Kill Chain?

View solution

Q. What is the objective of the "Installation" phase in the Cyber Kill Chain?

View solution

Q. What is the purpose of the "Command and Control" stage in a cyber attack?

View solution

Q. What may the attacker do during the "Actions on Objectives" stage of an attack?

View solution

Q. How might the attacker use a compromised system during the "Actions on Objectives" stage?

View solution

Q. What does the "Actions on Objectives" stage of an attack include?

View solution