Q. What type of penetration test is not aimed at identifying as many vulnerabilities as possible and instead focuses on vulnerabilities that specifically align with the goals of gaining control of specific systems or data?

View solution

Q. During an on-site penetration test, what scoping element is critical for wireless assessments when working in shared buildings?

View solution

Q. Ruchika has been asked to conduct a penetration test against internal business systems at a mid-sized company that operates only during a normal day shift. The test will be run against critical business systems. What restriction is most likely to be appropriate for the testing?

View solution

Q. During a penetration test specifically scoped to a single web application, Chris discovers that the web server also contains a list of passwords to other servers at the target location. After he notifies the client, they ask him to use them to validate those servers, and he proceeds to test those passwords against the other servers. What has occurred?

View solution

Q. Lucas has been hired to conduct a penetration test of an organization that processes credit cards. His work will follow the recommendations of the PCI DSS. What type of assessment is Lucas conducting?

View solution

Q. The penetration testing agreement document that Greg asks his clients to sign includes a statement that the assessment is valid only at the point in time at which it occurs. Why does he include this language?

View solution

Q. The company that Ian is performing a penetration test for uses a wired network for their secure systems and does not connect it to their wireless network. What environmental consideration should Ian note if he is conducting a partial knowledge penetration test?

View solution

Q. Megan wants to gather data from a service that provides data to an application. What type of documentation should she look for from the application’s vendor?

View solution

Q. Charles has completed the scoping exercise for his penetration test and has signed the agreement with his client. Whose signature should be expected as the counter signature?

View solution

Q. Elaine wants to ensure that the limitations of her red-team penetration test are fully explained. Which of the following are valid disclaimers for her agreement?

View solution

Q. Jen wants to conduct a penetration test and includes mobile application testing. Which standard or methodology is most likely to be useful for her efforts?

View solution

Q. What type of assessment most closely simulates an actual attacker’s efforts?

View solution