Q. For what purpose is the technique and method mapping provided by MITRE’s ATT&CK framework valuable?

View solution

Q. What does NIST 800-115 set expectations about?

View solution

Q. What is emphasized as a critical part of penetration testing preparation?

View solution

Q. What do penetration testers need to determine about the test environment?

View solution

Q. What is emphasized as an important aspect of penetration test planning?

View solution

Q. What does target selection in penetration testing determine?

View solution

Q. What is an important consideration in target selection for unknown environment assessments?

View solution

Q. What legal concepts should penetration testers be familiar with in engagement contracts?

View solution

Q. What legal document protects the data and information involved in a penetration test?

View solution

Q. Why is awareness of the legal and regulatory environment important for penetration testers?

View solution

Q. What ensures coverage in the event of issues during a penetration test?

View solution

Q. What drives many penetration tests in terms of compliance?

View solution

Q. What understanding helps in better completing compliance assessments?

View solution

Q. What does compliance with standards like PCI DSS provide in penetration testing?

View solution

Q. What may influence how you conduct your assessment and the rules of engagement in compliance-based assessments?

View solution

Q. What term describes a document created to define project-specific activities, deliverables, and timelines based on an existing contract?

View solution

Q. Maria wants to build a penetration testing process for her organization and intends to start with an existing standard or methodology. Which of the following is not suitable for that purpose?

View solution

Q. Which of the following types of penetration test would provide testers with complete visibility into the configuration of a web server without having to compromise the server to gain that information?

View solution

Q. What type of legal agreement typically covers sensitive data and information that a penetration tester may encounter while performing an assessment?

View solution

Q. During a penetration test scoping discussion, Charles is asked to test the organization’s SaaS-based email system. What concern should he bring up?

View solution