Q. Assuming no significant changes in an organization’s cardholder data environment, how often does PCI DSS require that a merchant accepting credit cards conduct penetration testing?

View solution

Q. Which one of the following is not a benefit of using an internal penetration testing team?

View solution

Q. Which one of the following is not a reason to conduct periodic penetration tests of systems and applications?

View solution

Q. Rich recently got into trouble with a client for using an attack tool during a penetration test that caused a system outage. During what stage of the penetration testing process should Rich and his clients have agreed on the tools and techniques that he would use during the test?

View solution

Q. Which one of the following steps of the Cyber Kill Chain does not map to the Attacking and Exploiting stage of the penetration testing process?

View solution

Q. Beth recently conducted a phishing attack against a penetration testing target in an attempt to gather credentials that she might use in later attacks. What stage of the penetration testing process is Beth in?

View solution

Q. Which one of the following security assessment tools is not commonly used during the Information Gathering and Vulnerability Scanning phase of a penetration test?

View solution

Q. During what phase of the Cyber Kill Chain does an attacker steal information, use computing resources, or alter information without permission?

View solution

Q. Grace is investigating a security incident where the attackers left USB drives containing infected files in the parking lot of an office building. What stage in the Cyber Kill Chain describes this action?

View solution

Q. Which one of the following is not an open-source intelligence gathering tool?

View solution

Q. Which one of the following tools is an exploitation framework commonly used by penetration testers?

View solution

Q. Which one of the following tools is not a password-cracking utility?

View solution

Q. Which one of the following vulnerability scanners is specifically designed to test the security of web applications against a wide variety of attacks?

View solution

Q. Which one of the following debugging tools does not support Windows systems?

View solution

Q. What is the final stage of the Cyber Kill Chain?

View solution

Q. Which one of the following activities assumes that an organization has already been compromised?

View solution

Q. Alan is creating a list of recommendations that his organization can follow to remediate issues identified during a penetration test. In what phase of the testing process is Alan participating?

View solution