Welcome to the Planning and Scoping Penetration Tests MCQs Page

Dive deep into the fascinating world of Planning and Scoping Penetration Tests with our comprehensive set of Multiple-Choice Questions (MCQs). This page is dedicated to exploring the fundamental concepts and intricacies of Planning and Scoping Penetration Tests, a crucial aspect of CompTIA PenTest+ Certification Exam PT0 002. In this section, you will encounter a diverse range of MCQs that cover various aspects of Planning and Scoping Penetration Tests, from the basic principles to advanced topics. Each question is thoughtfully crafted to challenge your knowledge and deepen your understanding of this critical subcategory within CompTIA PenTest+ Certification Exam PT0 002.

Check out the MCQs below to embark on an enriching journey through Planning and Scoping Penetration Tests. Test your knowledge, expand your horizons, and solidify your grasp on this vital area of CompTIA PenTest+ Certification Exam PT0 002.

Note: Each MCQ comes with multiple answer choices. Select the most appropriate option and test your understanding of Planning and Scoping Penetration Tests. You can click on an option to test your knowledge before viewing the solution for a MCQ. Happy learning!

Planning and Scoping Penetration Tests MCQs | Page 6 of 12

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

01

Penetration Testing

02

Information Gathering 🔒

03

Vulnerability Scanning 🔒

04

Analyzing Vulnerability Scans

05

Exploiting and Pivoting 🔒

06

Exploiting Network Vulnerabilities 🔒

07

Exploiting Physical and Social Vulnerabilities

08

Exploiting Application Vulnerabilities 🔒

09

Attacking Hosts,Cloud Technologies and Specialized Systems 🔒

10

Reporting and Communication

11

Scripting for Penetration Testing 🔒

Q51.

Which penetration testing methodology guide covers analysis, metrics, workflows, human security, physical security, and wireless security but has not been updated since 2010?

PTES

MITRE ATT&CK Framework

OSSTMM

NIST 800-115

Discuss

Answer: (c).OSSTMM Explanation:The Open Source Security Testing Methodology Manual (OSSTMM) covers analysis, metrics, workflows, human security, physical security, and wireless security but has not been updated since 2010.

Q52.

Which organization provides standards that include penetration testing as part of NIST special publication 800-115?

Open Information Systems Security Group (OSSIG)

National Institute of Standards and Technology (NIST)

MITRE

OWASP

Discuss

Answer: (b).National Institute of Standards and Technology (NIST) Explanation:The National Institute of Standards and Technology (NIST) provides standards that include penetration testing as part of NIST special publication 800-115.

Q53.

What is the last update year for the Information Systems Security Assessment Framework (ISSAF)?

2010

2008

2005

2015

Discuss

Answer: (c).2005 Explanation:The last update year for the Information Systems Security Assessment Framework (ISSAF) is 2005.

Q54.

What should modern penetration testers be aware of regarding the ISSAF?

It is the most up-to-date framework.

It is actively maintained with regular updates.

It is a highly detailed penetration testing framework.

It is not relevant for contemporary security testing.

Discuss

Answer: (c).It is a highly detailed penetration testing framework. Explanation:Modern penetration testers should be aware that the ISSAF is a highly detailed penetration testing framework, but it suffers from being dated.

Q55.

What is suggested for organizations and individual penetration testers regarding standards and techniques?

Rely on a single standard for all testing.

Combine multiple standards and techniques to build their own processes and procedures.

Disregard all standards and techniques.

Stick to one framework and avoid variations.

Discuss

Answer: (b).Combine multiple standards and techniques to build their own processes and procedures. Explanation:Organizations and individual penetration testers are suggested to combine multiple standards and techniques to build their own processes and procedures.

Q56.

What legal documents are important for penetration testers to understand before starting a penetration test?

Contracts and service level agreements (SLAs)

Statements of objectives (SOOs) and performance work statements (PWSs)

Noncompete agreements and data ownership agreements

All of the above

Discuss

Answer: (d).All of the above Explanation:Penetration testers need to understand contracts, statements of work (SOWs), service level agreements (SLAs), noncompete agreements, and data ownership agreements before starting a penetration test.

Q57.

What is a document that defines the purpose of the work, what work will be done, what deliverables will be created, the timeline for the work, the price for the work, and any additional terms and conditions for a penetration test?

Master service agreement ( MSA )

Statement of objectives (SOO)

Noncompete agreement ( NCA )

Statement of work (SOW)

Discuss

Answer: (d).Statement of work (SOW) Explanation:A statement of work (SOW) is a document that defines the purpose of the work, what work will be done, what deliverables will be created, the timeline for the work, the price for the work, and any additional terms and conditions for a penetration test.

Q58.

What legal document helps enforce confidential relationships between two parties, outlining the parties, what information is considered confidential, how long the agreement lasts, when and how disclosure is acceptable, and how confidential information should be handled?

Master service agreement ( MSA )

Noncompete agreement ( NCA )

Nondisclosure agreement ( NDA ) or confidentiality agreement ( CA )

Service level agreement (SLA)

Discuss

Answer: (c).Nondisclosure agreement ( NDA ) or confidentiality agreement ( CA ) Explanation:Nondisclosure agreements (NDAs) or confidentiality agreements (CAs) are legal documents that help enforce confidential relationships between two parties by outlining the parties, what information is considered confidential, how long the agreement lasts, when and how disclosure is acceptable, and how confidential information should be handled.

Q59.

What type of agreement asks an individual to agree not to take a job with a competitor or to directly compete with their employer in a future job, typically with a time-limited clause?

Service level agreement ( SLA )

Noncompete agreement ( NCA )

Statement of work (SOW)

Master service agreement (MSA)

Discuss

Answer: (b).Noncompete agreement ( NCA ) Explanation:A noncompete agreement (NCA) asks an individual to agree not to take a job with a competitor or to directly compete with their employer in a future job, typically with a time-limited clause.

Q60.

What is an important consideration regarding data ownership after a penetration test ends?

The penetration tester owns all the data.

Data ownership is not a significant consideration.

Data ownership should be covered in the contract, MSA, or SOW with clear expectations.

The client automatically owns all the data.

Discuss

Answer: (c).Data ownership should be covered in the contract, MSA, or SOW with clear expectations. Explanation:Data ownership after a penetration test ends is an important consideration, and it should be covered in the contract, master service agreement (MSA), or statement of work (SOW) with clear expectations.

Page 6 of 12

Information Gathering 🔒

Vulnerability Scanning 🔒

Exploiting and Pivoting 🔒

Exploiting Network Vulnerabilities 🔒

Exploiting Application Vulnerabilities 🔒

Attacking Hosts,Cloud Technologies and Specialized Systems 🔒

Scripting for Penetration Testing 🔒

Welcome to the Planning and Scoping Penetration Tests MCQs Page

Planning and Scoping Penetration Tests MCQs | Page 6 of 12

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

Penetration Testing

Analyzing Vulnerability Scans

Exploiting Physical and Social Vulnerabilities

Reporting and Communication

Suggested Topics

SQL Server

Human Computer Interaction

Cyber Security

Digital Logic Design

Python

Java Programming

Hadoop

Cryptography and Network Security

Computer Architecture