Q. Which one of the following activities assumes that an organization has already been compromised?

View solution

Q. What is the final stage of the Cyber Kill Chain?

View solution

Q. Which one of the following debugging tools does not support Windows systems?

View solution

Q. Which one of the following vulnerability scanners is specifically designed to test the security of web applications against a wide variety of attacks?

View solution

Q. Which one of the following tools is not a password-cracking utility?

View solution

Q. Which one of the following tools is an exploitation framework commonly used by penetration testers?

View solution

Q. Which one of the following is not an open-source intelligence gathering tool?

View solution

Q. Grace is investigating a security incident where the attackers left USB drives containing infected files in the parking lot of an office building. What stage in the Cyber Kill Chain describes this action?

View solution

Q. During what phase of the Cyber Kill Chain does an attacker steal information, use computing resources, or alter information without permission?

View solution

Q. Which one of the following security assessment tools is not commonly used during the Information Gathering and Vulnerability Scanning phase of a penetration test?

View solution

Q. Beth recently conducted a phishing attack against a penetration testing target in an attempt to gather credentials that she might use in later attacks. What stage of the penetration testing process is Beth in?

View solution

Q. Which one of the following steps of the Cyber Kill Chain does not map to the Attacking and Exploiting stage of the penetration testing process?

View solution

Q. Rich recently got into trouble with a client for using an attack tool during a penetration test that caused a system outage. During what stage of the penetration testing process should Rich and his clients have agreed on the tools and techniques that he would use during the test?

View solution

Q. Which one of the following is not a reason to conduct periodic penetration tests of systems and applications?

View solution

Q. Which one of the following is not a benefit of using an internal penetration testing team?

View solution

Q. Assuming no significant changes in an organization’s cardholder data environment, how often does PCI DSS require that a merchant accepting credit cards conduct penetration testing?

View solution

Q. Edward Snowden gathered a massive quantity of sensitive information from the National Security Agency and released it to the media without permission. What type of attack did he wage?

View solution

Q. Brian ran a penetration test against a school’s grading system and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type of control should he recommend to the school’s cybersecurity team to prevent students from engaging in this type of activity?

View solution

Q. Tom is running a penetration test in a web application and discovers a flaw that allows him to shut down the web server remotely. What goal of penetration testing has Tom most directly achieved?

View solution

Q. In which phase of the penetration testing process do testers share their findings with the target organization?

View solution