Q. What does the PCI DSS standard define regarding a cardholder data environment (CDE) penetration test?

View solution

Q. What is the General Data Protection Regulation (GDPR)?

View solution

Q. According to GDPR, what are individuals' rights regarding their personal information?

View solution

Q. Why can compliance-based assessments be challenging?

View solution

Q. What is the Gramm–Leach–Bliley Act (GLBA) primarily concerned with?

View solution

Q. What does SOX (Sarbanes–Oxley Act) set standards for?

View solution

Q. What is the primary focus of FIPS 140-2?

View solution

Q. What recommendation does NIST provide regarding penetration testing in the context of HIPAA?

View solution

Q. What is the purpose of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requirement for a risk analysis?

View solution

Q. What is the primary purpose of scoping in a penetration test?

View solution

Q. Why is it important to understand the target audience of the final report in a penetration test?

View solution

Q. What is a common part of a penetration tester's path to starting an engagement?

View solution

Q. Which standards and frameworks can penetration testers use to design, build, and enhance their penetration testing processes?

View solution

Q. What is a consideration regarding protected health information (PHI) in penetration testing, particularly in the context of laws like HIPAA?

View solution

Q. Why is understanding the purpose and audience of a penetration test essential?

View solution

Q. What is the primary focus of the rules of engagement in penetration test planning?

View solution

Q. Which standards are openly available for penetration testing?

View solution

Q. What specialized knowledge can enhance penetration testing practices?

View solution

Q. For what purpose is the technique and method mapping provided by MITRE’s ATT&CK framework valuable?

View solution

Q. What does NIST 800-115 set expectations about?

View solution