adplus-dvertising

Welcome to the Planning and Scoping Penetration Tests MCQs Page

Dive deep into the fascinating world of Planning and Scoping Penetration Tests with our comprehensive set of Multiple-Choice Questions (MCQs). This page is dedicated to exploring the fundamental concepts and intricacies of Planning and Scoping Penetration Tests, a crucial aspect of CompTIA PenTest+ Certification Exam PT0 002. In this section, you will encounter a diverse range of MCQs that cover various aspects of Planning and Scoping Penetration Tests, from the basic principles to advanced topics. Each question is thoughtfully crafted to challenge your knowledge and deepen your understanding of this critical subcategory within CompTIA PenTest+ Certification Exam PT0 002.

frame-decoration

Check out the MCQs below to embark on an enriching journey through Planning and Scoping Penetration Tests. Test your knowledge, expand your horizons, and solidify your grasp on this vital area of CompTIA PenTest+ Certification Exam PT0 002.

Note: Each MCQ comes with multiple answer choices. Select the most appropriate option and test your understanding of Planning and Scoping Penetration Tests. You can click on an option to test your knowledge before viewing the solution for a MCQ. Happy learning!

Planning and Scoping Penetration Tests MCQs | Page 11 of 12

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

Q101.
Maria wants to build a penetration testing process for her organization and intends to start with an existing standard or methodology. Which of the following is not suitable for that purpose?

a.

ISSAF

b.

OSSTM

c.

PTES

d.

ATT&CK

Discuss
Answer: (d).ATT&CK Explanation:PTES, OSSTMM, and ISSAF are all penetration testing methodologies or standards. MITRE’s ATT&CK framework describes adversary tactics and techniques but does not outline how to perform a penetration test.
Q102.
Which of the following types of penetration test would provide testers with complete visibility into the configuration of a web server without having to compromise the server to gain that information?

a.

Unknown environment

b.

Partial knowledge

c.

Known environment

d.

Zero knowledge

Discuss
Answer: (c).Known environment Explanation:Known environment testing, often also known as β€œcrystal box” or β€œwhite box” testing, provides complete access and visibility. Unknown environment, or black-box testing, provides no information, whereas partial knowledge, or gray-box testing, provides limited information.
Q103.
What type of legal agreement typically covers sensitive data and information that a penetration tester may encounter while performing an assessment?

a.

A noncompete

b.

An NDA

c.

A data security agreement

d.

A DSA

Discuss
Answer: (b).An NDA Explanation:A nondisclosure agreement, or NDA, covers the data and other information that a penetration tester may encounter or discover during their work. It acts as a legal agreement preventing disclosure of that information.
Q104.
During a penetration test scoping discussion, Charles is asked to test the organization’s SaaS-based email system. What concern should he bring up?

a.

Cloud-based systems require more time and effort.

b.

Determining the scope will be difficult due to the size of cloud-hosted environments.

c.

Cloud service providers do not typically allow testing of their services.

d.

Testing cloud services is illegal.

Discuss
Answer: (c).Cloud service providers do not typically allow testing of their services. Explanation:Cloud service providers don’t typically allow testing to be conducted against their services. Charles may recommend that the company ask for third-party security audit information instead. Cloud systems and large environments can be difficult to scope and may require more time, but the primary issue here is the ability to even legitimately conduct the assessment that is being requested.
Q105.
During a penetration test, Alex discovers that he is unable to scan a server that he was able to successfully scan earlier in the day from the same IP address. What has most likely happened?

a.

His IP address was whitelisted.

b.

The server crashed.

c.

The network is down.

d.

His IP address was blacklisted.

Discuss
Answer: (d).His IP address was blacklisted. Explanation:The IP address or network that Alex is sending his traffic from was most likely blacklisted as part of the target organization’s defensive practices. A whitelist would allow him in, and it is far less likely that the server or network has gone down.
Q106.
What does an MSA typically include?

a.

The terms that will govern future agreements

b.

Mutual support during assessments

c.

Microservices architecture

d.

The minimum service level acceptable

Discuss
Answer: (a).The terms that will govern future agreements Explanation:A master service agreement (MSA) is a contract that defines the terms under which future work will be completed. Specific work is then typically handled under a statement of work (SOW).
Q107.
While performing an on-site penetration test, Cassandra plugs her laptop into an accessible network jack. When she attempts to connect, however, she does not receive an IP address and gets no network connectivity. She knows that the port was working previously. What technology has her target most likely deployed?

a.

Jack whitelisting

b.

Jack blacklisting

c.

NAC

d.

802.15

Discuss
Answer: (c).NAC Explanation:The organization that Cassandra is testing has likely deployed network access control (NAC). Her system will not have the proper NAC client installed, and she will be unable to access that network jack without authenticating and having her system approved by the NAC system.
Q108.
What type of penetration test is not aimed at identifying as many vulnerabilities as possible and instead focuses on vulnerabilities that specifically align with the goals of gaining control of specific systems or data?

a.

An objectives-based assessment

b.

A compliance-based assessment

c.

A black-team assessment

d.

A red-team assessment

Discuss
Answer: (a).An objectives-based assessment Explanation:An objectives-based assessment specifically targets goals like gaining access to specific systems or data. A compliance-based assessment focuses on whether systems are properly secured or meet standards. A red-team assessment simulates an actual attack, maximizing access rather than comprehensively identifying all vulnerabilities. Black-team assessments are not a commonly used penetration testing term.
Q109.
During an on-site penetration test, what scoping element is critical for wireless assessments when working in shared buildings?

a.

Encryption type

b.

Wireless frequency

c.

SSIDs

d.

Preshared keys

Discuss
Answer: (c).SSIDs Explanation:Knowing the SSIDs that are in scope is critical when working in shared buildings. Penetrating the wrong network could cause legal or even criminal repercussions for a careless penetration tester!
Q110.
Ruchika has been asked to conduct a penetration test against internal business systems at a mid-sized company that operates only during a normal day shift. The test will be run against critical business systems. What restriction is most likely to be appropriate for the testing?

a.

Time of day

b.

Types of allowed tests

c.

Types of prohibited tests

d.

The physical locations that can be tested

Discuss
Answer: (a).Time of day Explanation:Time-of-day restrictions can be used to ensure tests occur when the systems are not in use, allowing time for recovery or restoration if something goes wrong. Types of allowed tests or denied tests are less likely to be used since they can limit the value of a test, and restricting physical locations is uncommon for smaller organizations that don’t have many distinct locations.
Page 11 of 12

Suggested Topics

Are you eager to expand your knowledge beyond CompTIA PenTest+ Certification Exam PT0 002? We've curated a selection of related categories that you might find intriguing.

Click on the categories below to discover a wealth of MCQs and enrich your understanding of Computer Science. Happy exploring!

HTML

Start your journey in web development with our HTML MCQs. Learn the building blocks...

Cryptography and Network Security

Secure your knowledge of information security with our Cryptography and Network...

Python

Dive into one of the most popular languages with our Python MCQs. Understand...

MS Office

Master the suite of productivity tools with our MS Office MCQs. From Word and Excel...

MongoDB

Learn the leading NoSQL database with our MongoDB MCQs. Understand everything from...

Compiler Design

Unravel the process of translating source code into executable programs with our...

UNIX

Become proficient with the Unix operating system using our UNIX MCQs. Learn about...

Embedded Systems

Dive into the world of specialized computing systems with our Embedded Systems MCQs....

Hadoop

Dive into the world of big data with our Hadoop MCQs. Cover key concepts including...