Match the penetration testing methodology to the description. OWASP WSTG ==> Covers the high-level phases of web application security testing MITRE ATT&CK ==> Collection of different matrices of tactics and…
Which type of penetration test would only provide the tester with limited information such as the domain names and IP addresses in the scope? known-environment test partially known environment test…
What characterizes a known environment penetration test? The test is somewhat of a hybrid approach between unknown and known environment tests. The tester could be provided with network diagrams, IP addresses,…
What characterizes a partially known environment penetration test? The tester must test the electrical grid supporting the infrastructure of the target. The tester is provided with a list of domain…
When conducting an application-based penetration test on a web application, the assessment should also include testing access to which resources? AAA servers cloud services switches, routers, and firewalls back-end databases…
What kind of security weakness is evaluated by application-based penetration tests? firewall security logic flaws wireless deployment data integrity between a client and a cloud provider Explanation & Hints: Application-based…
What is an insider threat attack? An attack perpetrated by a well-funded and motivated group that will typically use the latest attack techniques for financial gain. An attack perpetrated by…
What is a state-sponsored attack? An attack perpetrated by a well-funded and motivated group that will typically use the latest attack techniques for financial gain. An attack perpetrated by governments…
Which type of threat actor uses cybercrime to steal sensitive data and reveal it publicly to embarrass a target? organized crime hacktivist insider threat state-sponsored attacker Explanation & Hints: Hacktivists…
Which threat actor term describes a well-funded and motivated group that will use the latest attack techniques for financial gain? hacktivist state-sponsored attacker organized crime insider threat Explanation & Hints:…
A company hires a cybersecurity consultant to perform penetration tests. What is the key difference between unknown-environment testing and known-environment testing? the types of systems and network to be tested …
A company hires a cybersecurity consultant to perform penetration tests. The consultant is discussing with the company about the penetration testing strategy. Which statement describes the term unknown-environment testing? This…
A company hires a cybersecurity consultant to perform penetration tests. The consultant is working with the company to set up communication procedures. Which two protocols should be considered for exchanging…
A company hires a cybersecurity consultant to perform penetration tests. What should be the consultant's first step in validating the engagement scope? Confirm the contents of the request for proposal…
A company hires a cybersecurity consultant to perform penetration tests. What can cause scope creep of the engagement? lack of up-to-date testing tools lack of system and network architectural diagrams …
A company hires a cybersecurity consultant to assess vulnerability on crucial web application devices such as web and database servers. Which document should the company provide to help the consultant…
A company hires a cybersecurity consultant to assess applications using different APIs. Which document should the company provide to the consultant about a query language for APIs and a language…
A company hires a cybersecurity consultant to assess applications using different APIs. Which document should the company provide to the consultant about an XML-based language used to document a web…
A company hires a cybersecurity consultant to perform penetration tests and review the rules of engagement documents. The consultant notices that one element specifies that the tests should be performed…
A company hires a cybersecurity consultant to perform penetration tests and review the rules of engagement documents. What are three examples of typical elements in the rules of engagement document?…