Q. What should testers observe regarding data retention and destruction at the conclusion of a penetration testing engagement?

View solution

Q. What type of report is the client requesting when they ask for a letter documenting the penetration test results for compliance files?

View solution

Q. Wendy is reviewing the results of a penetration test and learns that her organization uses the same local administrator password on all systems. Which one of the following tools can help her resolve this issue?

View solution

Q. Which one of the following is not a normal communication trigger for a penetration test?

View solution

Q. Gary ran an Nmap scan of a system and discovered that it is listening on port 22 despite the fact that it should not be accepting SSH connections. What finding should he report?

View solution

Q. Tom’s organization currently uses password-based authentication and would like to move to multifactor authentication. Which one of the following is an acceptable second factor?

View solution

Q. Which one of the following items is not appropriate for the executive summary of a penetration testing report?

View solution

Q. Which one of the following activities is not commonly performed during the post-engagement cleanup phase?

View solution

Q. Who is the most effective person to facilitate a lessons learned session after a penetration test?

View solution

Q. Which one of the following is not an example of an operational control that might be implemented to remediate an issue discovered during a penetration test?

View solution

Q. Which one of the following techniques is not an appropriate remediation activity for a SQL injection vulnerability?

View solution

Q. When should system hardening activities take place?

View solution

Q. Biometric authentication technology fits into what multifactor authentication category?

View solution