Q. How are threat actors often rated in terms of their capabilities?

View solution

Q. As you move down the adversary tiers, what generally increases?

View solution

Q. What should organizations assume when facing advanced persistent threats (APTs)?

View solution

Q. What is the likely motive of hacktivists?

View solution

Q. What is a key element in the rules of engagement (RoE) for penetration testing?

View solution

Q. Why might some assessments be intentionally scheduled for non-critical time frames?

View solution

Q. What is a common limitation in the rules of engagement for penetration testing?

View solution

Q. What defensive behaviors might limit the value of a penetration test?

View solution

Q. Why are time commitments from administrators, developers, and other experts important in testing scenarios?

View solution

Q. What should be addressed in the rules of engagement regarding legal concerns?

View solution

Q. What is a key consideration in defining when and how communications will occur during the penetration test?

View solution

Q. Why is defining who is permitted to engage the penetration test team important?

View solution

Q. What is a challenge in determining the detailed scope of a penetration test?

View solution

Q. Why is an understanding of the hosting environment important in scoping a penetration test?

View solution

Q. In what scenario might a penetration tester target network administration infrastructure to access the real target?

View solution

Q. Why are user accounts and privileged accounts important targets for penetration testers?

View solution

Q. What is a key consideration in scoping wireless and wired network testing?

View solution

Q. Why is keeping careful logs during a penetration test important?

View solution

Q. What should be discussed during a scoping exercise regarding the target organization's risk acceptance?

View solution

Q. Why is time and effort limitation important in a penetration test?

View solution