100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
WGU D153 - Penetration Testing and Vulnerability Analysis - D153 Actual Exam with Questions and Answers| Latest Update 2025| Verified Answers $14.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. D332 -Penetration And Vulnerability AnalysIS
  4.  
  5. D332 -Penetration and Vulnerability AnalysIS

Exam (elaborations)

WGU D153 - Penetration Testing and Vulnerability Analysis - D153 Actual Exam with Questions and Answers| Latest Update 2025| Verified Answers
 4 views  0 purchase
  • Course
  • D332 -Penetration and Vulnerability AnalysIS
  • Institution
  • D332 -Penetration And Vulnerability AnalysIS

WGU D153 - Penetration Testing and Vulnerability Analysis - D153 Actual Exam with Questions and Answers| Latest Update 2025| Verified Answers

Preview 4 out of 100  pages

Document information

  • October 3, 2024
  • 100
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

Written for

  • D332 -Penetration and Vulnerability AnalysIS
  • D332 -Penetration and Vulnerability AnalysIS

Seller

avatar-seller
Examsplug

Reviews received

Content preview

WGU D153 - Penetration Testing and
Vulnerability Analysis - D153 Actual Exam with
Questions and Answers| Latest Update 2025|
Verified Answers
General Data Protection Regulation (GDPR)

The _____ are provisions and requirements protecting the personal data of European Union
(EU) citizens. Transfers of personal data outside the EU Single Market are restricted unless
protected by like-for-like regulations, such as the US's Privacy Shield requirements.

Stop Hacks and Improve Electronic Data Security (SHIELD)

The _____ is a law that was enacted in New York state in March 2020 to protect citizens data.
The law requires companies to bolster their cybersecurity defense methods to prevent a data
breach and protect consumer data.

California Consumer Privacy Act (CCPA)

The _____ was enacted in 2020 and outlines specific guidelines on how to appropriately handle
consumer data. To ensure that customer data is adequately protected, vendors should include
PenTesting of all web applications, internal systems along with social engineering assessments.

Health Insurance Portability and Accountability Act (HIPAA)

The _____ is a law the mandates rigorous requirements for anyone that deals with patient
information.

electronic protected health information (e-PHI)

Computerized electronic patient records are referred to as _____.

Some of the components of this law includes:


Require consent means a company must obtain your permission to share your information.

,Rescind consent allows a consumer to opt out at any time.
Global reach—GDPR affects anyone who does business with residents of the EU and Britain.
Restrict data collection to only what is needed to interact with the site.
Violation reporting—a company must report a data breach within 72 hours.

List two to three components of GDPR.

Open Web Application Security Project (OWASP)

The _____ is an organization aimed at increasing awareness of web security and provides a
framework for testing during each phase of the software development process. Once on the
site, you'll find open-source tools and testing guidelines such as a list of Top 10 vulnerabilities .

NIST

_____ an organization that develops computer security standards used by U.S. federal agencies
and publishes cybersecurity best practice guides and research.

NIST SP 800-115

_____ is the "Technical Guide to Information Security Testing and Assessment." It was
published in 2008, however contains a great deal of relevant information about PenTesting
planning, techniques, and related activities.

Open-source Security Testing Methodology Manual (OSSTMM)

Developed by the Institute for Security and Open Methodologies (ISECOM), this manual
outlines every area of an organization that needs testing, as well as goes into details about how
to conduct the relevant tests.

Information Systems Security Assessment Framework (ISSAF)

_____ is an open-source resource available to cybersecurity professionals.

Penetration Testing Execution Standard (PTES)

,The _____ was developed by business professionals as a best practice guide to PenTesting and
has even main sections that provide a comprehensive overview of the proper structure of a
complete PenTest.

MITRE Corporation

_____ is a U.S. based non-profit organization that provides research, publications, and tools at
no charge for anyone who accesses the site.

ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) framework

The _____ is a knowledge base maintained by the MITRE Corporation for listing and explaining
specific adversary tactics, techniques, and procedures.

Common Vulnerability Scoring System (CVSS).

The _____ is a risk management approach to quantifying vulnerability data and then taking into
account the degree of risk to different types of systems or information.

Common Vulnerabilities and Exposures (CVE)

The _____ is a scheme for identifying vulnerabilities developed by MITRE and adopted by NIST.

National Vulnerability Database (NVD)

A superset of the CVE database, maintained by NIST is the _____.

Common Weakness Enumeration (CWE)

_____ is a dictionary of software-related vulnerabilities maintained by the MITRE Corporation.

C. Social Engineering

A penetration tester is conducting a physical test on-premise and is attempting to exploit
human errors. What type of risk is the pen tester trying to exploit?


A. Risk
B. Threat

, C. Social Engineering
D. Risk Management

A. 1

A penetration tester is conducting a PCI DSS compliance report for a large company that does
ten million transactions a year. What level should they comply with?
A. 1
B. 2
C. 3
D. 4

D. Criminal charges

A penetration tester has joined a consulting company that performs tests for several varying
clients. The company has stressed about staying within the scope of the project. What is the
worst thing the tester could face if they go outside their scope?
A. Contract negation
B. Fees
C. Fines
D. Criminal charges

D. OWASP

A student is studying penetration testing methodologies and is trying to narrow in their skill
sets to web application testing. Which of the following should they focus on?
A. NIST
B. OSSTMM
C. Hacker Highschool
D. OWASP

C. PTES

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Examsplug. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $14.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

78861 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$14.49
  • (0)
  Add to cart