100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
Penetration Testing and Vulnerability Analysis - D332 Questions and Answers (100% Pass) $14.09   Add to cart
Quickly navigate to
Preview
  2.  
  3. Penetration Testing
  4.  
  5. Penetration Testing

Exam (elaborations)

Penetration Testing and Vulnerability Analysis - D332 Questions and Answers (100% Pass)
 0 view  0 purchase
  • Course
  • Penetration Testing
  • Institution
  • Penetration Testing

How do you calculate Risk? Risk = Threat x Vulnerability Describe unified threat management (UTM) All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data loss prevention, content filtering, and so...

[Show more]

Preview 4 out of 102  pages

Document information

  • October 12, 2024
  • 102
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • penetration testing and vulnerability analysis
  • how do you calculate risk risk threat x vulne

Written for

  • Penetration Testing
  • Penetration Testing

Seller

avatar-seller
MASTER01

Reviews received

Content preview

1 | P a g e | © copyright 2024/2025 | Grade A+




Penetration Testing and
Vulnerability Analysis - D332
Questions and Answers (100% Pass)
How do you calculate Risk?


✓ Risk = Threat x Vulnerability




Describe unified threat management (UTM)


✓ All-in-one security appliances and agents that combine the functions

of a firewall, malware scanner, intrusion detection, vulnerability

scanner, data loss prevention, content filtering, and so on.




Describe OWASP


✓ Open Web Application Security Project: A framework for testing during

each phase of the development cycle. Publishes a Top Ten

vulnerabilities list, with a focus on Web Applications.




Describe NIST




Master01 | October, 2024/2025 | Latest update

, 1 | P a g e | © copyright 2024/2025 | Grade A+

✓ United States (U.S.) National Institute of Standards and Technology

(NIST): Develops computer security standards used by US federal

agencies and publishes cybersecurity best practice guides and

research.




What is NIST SP 800-115?


✓ "Technical Guide to Information Security Testing and Assessment."




Describe OSSTMM


✓ Open-source Security Testing Methodology Manual (OSSTMM): this

manual outlines every area of an organization that needs testing, as

well as goes into details about how to conduct the relevant tests.




OSSTMM doesn't provide the tools needed to accomplish a complete

PenTesting exercise, but it does cover other areas, such as Human Security

and Physical Security testing.




Describe ISSAF




Master01 | October, 2024/2025 | Latest update

, 1 | P a g e | © copyright 2024/2025 | Grade A+

✓ Information Systems Security Assessment Framework (ISSAF): Open

Source .rar file, a collection of 14 documents related to Pen Testing

(incldues includes a Security Assessment Contract, Request for Proposal

and Reporting templates)




Describe PTES


✓ Penetration Testing Execution Standard (PTES) has seven main sections

that provide a comprehensive overview of the proper structure of a

complete PenTest. ex. pre-engagement interactions, threat modeling,

vulnerability analysis, exploitation, and reporting.




Explain MITRE ATT&CK


✓ ATT&CK (Adversarial Tactics, Techniques & Common Knowledge): non-

profit, sponsored by US-CERT and DHS, containing specific adversary

tactics, techniques, and procedures




Explain CVSS


✓ Common Vulnerability Scoring System (CVSS): A risk management

approach to quantifying vulnerability data and then taking into

account the degree of risk to different types of systems or information.




Explain CVE

Master01 | October, 2024/2025 | Latest update

, 1 | P a g e | © copyright 2024/2025 | Grade A+

✓ Common Vulnerabilities and Exposures (CVE): The information in a

CVSS is fed into a CVE, with the format CVE-[YEAR]-[NUMBER] and an

explanation of the vulnerability. CVE = SPECIFIC vulnerabilities o

particular products. Most CVEs contain links to the NVD (National

Vulnerability Database) where you can find out more info about the

vulnerabilities.




Explain CWE


✓ Common Weakness Enumeration (CWE): MITRE Database of hardware

and software weaknesses. CWE = dictionary of software-related

vulnerabilities that details software & hardware weaknesses.




What are important considerations when PenTesting a company's web

applications and services?


✓ The client will provide a percentage / discrete value of total number of

web pages or forms that require user interaction to test.




The team should obtain a variety of roles and permissions so each role can

be tested (user, etc.)




What are examples of assets when determining scope of the test?



Master01 | October, 2024/2025 | Latest update

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller MASTER01. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $14.09. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

78861 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$14.09
  • (0)
  Add to cart