Q. Why is keeping careful logs during a penetration test important?

View solution

Q. What should be discussed during a scoping exercise regarding the target organization's risk acceptance?

View solution

Q. Why is time and effort limitation important in a penetration test?

View solution

Q. What is scope creep in the context of penetration tests?

View solution

Q. What is the recommended action to handle scope creep during a penetration test?

View solution

Q. How can internal knowledgebase articles support penetration testers?

View solution

Q. What information can be found in configuration files that is valuable for penetration testers?

View solution

Q. Why is understanding the use of software development kits (SDKs) important for penetration testers?

View solution

Q. What is a common security exception for known environment tests?

View solution

Q. What does certificate pinning associate a host with?

View solution

Q. What role does access to user accounts and privileged accounts play in penetration tests?

View solution

Q. What is one of the most powerful tools a penetration tester can have?

View solution

Q. Why is network access important for penetration testers?

View solution

Q. What determines the budget required for a penetration test?

View solution

Q. For external or commercial testers, what might the budget for a penetration test include?

View solution

Q. Which framework provides a knowledgebase of adversary tactics and techniques, including details of mitigations, threat actor groups, and software?

View solution

Q. What does the Open Web Application Security Project (OWASP) provide guides for?

View solution

Q. Which penetration testing standard covers pre-engagement interactions, scoping, and details such as dealing with third parties?

View solution

Q. What does the MITRE ATT&CK Framework stand for?

View solution

Q. What should be considered when using dated penetration testing standards?

View solution