D332 -Penetration Testing and Vulnerability
Analysis - Actual Exam with Questions and
Answers| Latest Update 2025| Verified Answers
Describe Compliance based assessments? - ✔✔fulfilling the requirements of a specific law or
standard, such as GDPR, HIPAA, or PCI DSS.
Describe Red team/blue team-based assessments - ✔✔two opposing teams in a PenTest or
incident response exercise:
Red Team—represents the attacking team.
Blue Team—represents the defensive team.
Describe Goals-based/objectives-based assessments - ✔✔A particular purpose or reason. ex.
before implementing a new point of sale (PoS) system that accepts credit cards, the PenTesting
team might test the system for any security issues prior to implementation.
Explain "Unknown Environment" test strategy - ✔✔PenTesting team is completely in the
dark; no information is presented to the team prior to testing. This type of assessment will
mimic what an actual threat actor will need to do before launching any attacks. The team will
need to scan available network resources and identify live hosts, listening ports, and running
services prior to exploiting any assets.
Explain "Partially known environment" strategy - ✔✔commonly used to test web
applications for security vulnerabilities. The PenTesting team is given some information, such as
internal functionality and code so they can focus on testing for any issues related to system
defects or improper usage of applications. For example, a partially unknown test might be run
after any software defects are repaired.
,Explain Known environment testing - ✔✔PenTesting team is given all details of the network
and applications. The test is commonly done with the perspective of the user. Because all of the
details are transparent, the team can focus on the test.
What are some elements to review with stakeholders when determining Scope of the test -
✔✔- Scope and in-scope assets
- What is excluded
- Strategy: unknown, partially known, or known environment testing
- Timeline to complete testing and any constraints
- Any restrictions or applicable laws
- Third-party providers, services, or off-site locations
- Communication and updates
What is a MSA? - ✔✔The Master Service Agreement (MSA): a contract that establishes
guidelines for any business documents that are executed between two parties.
- used to cover recurring costs and any unforeseen additional charges that may occur during a
project without the need for an additional contract.
Project scope and a definition of the work that is to be completed
Compensation specifics that include invoicing and any reports required when submitted
Requirements for any permits, licensing, or certifications
Safety guidelines and environmental concerns
Insurances such as general and liability.
What is a SOW? - ✔✔Statement of Work (SOW) is a document that defines the expectations
for a specific business arrangement. It typically includes a list of deliverables, responsibilities of
both parties, payment milestones, schedules, and other terms. provides the details on the work
that the client has agreed to pay. As a result, it has a direct impact on team activities. It also can
be used by the PenTest team to charge for out-of-scope requests
,What is an SLA? - ✔✔service-level agreement (SLA) is a contract that outlines the detailed
terms under which a service is provided, including reasons the contract may be terminated.
The document will lay out the metrics by which that service is measured, and the remedies or
penalties, if any, should the agreed-on service levels not be achieved.
In addition, there may be terms for security access controls and risk assessments, along with
processing requirements for confidential and private data.
Describe the following DNS records: MX, NS, TXT, SRV - ✔✔Mail Exchange (MX) record
provides the mail server that accepts email messages for a particular domain.
Nameserver (NS) record lists the authoritative DNS server for a particular domain.
Text (TXT) record provides information about a resource such as a server or network in human
readable form.
Service (SRV) record provides host and port information on services such as voice over IP (VoIP)
and instant messaging (IM).
Describe hslookup and Dig - ✔✔Nslookup is a command-line tool used in either a Windows
or Linux operating system (OS) that can be used to query a domain and specify various record
types.
Dig is a utility widely used on a Linux OS that can perform reverse lookups to match an IP
address to a domain name.
Explain the highlights of the ollowing source code repositories: GitHub, Bitbucket, CloudForge,
Sourceorge - ✔✔GitHub: location agnostic, free for basic users, reasonable fee for enterprise
, Bitbucket: inline comments, secured workflow, free for small teams
CloudForge: bug & issue tracking, discussion forums, document management (free for 30 days)
Sourceorge: free, discussion orums & issue tracking
What are Some of the sites that offer reverse image search? - ✔✔TinEye
Google
Yandex
Bing
What are 5 tools to investigate a website? - ✔✔browsers, Nmap, Metasploit, DirBuster and
forced browsing (Using known URLs to "predict" unlinked URLs or IPs from a website to gain
access to unprotected resources.)
What is a robots.txt file? - ✔✔file (case sensative) that tells bots where to search, and more
importantly, where NOT to search, found in a website's top-level directory. To display, add it
after the end of the domain name:
https://<domain name>/robots.txt
deny access to the cart page to all user-agents = Disallow: * /cart
allow all bots to access all content:
User-agent: * Disallow:
What is the importance of a digital certificate's SAN? - ✔✔subject alternative name (SAN):
identify specific subdomains that can be covered by the certificate
ex. Common name: *.comptia.org
