Exam (elaborations)
WGU Penetration Testing D484 – Questions with verified solutions.
- Course
- Institution
WGU Penetration Testing D484 – Questions with verified solutions.
[Show more]
Content preview
WGU PenetrationTesting D484 –
Questions with
verified solutions
When using a structured approach to PenTesting, each step will serve a
purpose with the goal of testing an infrastructure's defenses by
identifying and exploiting any known vulnerabilities. List the four main
steps of the CompTIA Pen Testing process.
Planning and scoping
Information gathering and vulnerability scanning
Attacks and exploits
Reporting and communication
Threat actors follow the same main process of hacking as a professional
PenTester: Reconnaissance, Scanning, Gain Access, Maintain Access, and
Cover Tracks. What steps are added during a structured PenTest?
1) Planning and scoping along with 3) Analysis and reporting.
Previous
Play
Next
Rewind 10 seconds
Move forward 10 seconds
Unmute
0:00
/
0:15
Full screen
Brainpower
,Read More
Part of completing a PenTesting exercise is following the imposed
guidelines of various controls, laws, and regulations. Summarize Key
takeaways of PCI DSS.
Payment Card Industry Data Security Standard (PCI DSS) specifies the
controls that must be in place to securely handle credit card data.
Controls include methods to minimize vulnerabilities, employ strong
access control, along with consistently testing and monitoring the
infrastructure.
With PCI DSS a merchant is ranked according to the number of
transactions completed in a year. Describe a Level 1 merchant.
A Level 1 merchant is a large merchant with over six million transactions a
year.
With PCI DSS, a Level 1 merchant must have an external auditor perform
the assessment by an approved _____.
Qualified Security Assessor (QSA).
Another regulation that affects data privacy is GDPR, which outlines
specific requirements on how consumer data is protected. List two to
three components of GDPR.
Require consent means a company must obtain your permission to share
your information.
Rescind consent allows a consumer to opt out at any time.
Global reach—GDPR affects anyone who does business with residents of
the EU and Britain.
Restrict data collection to only what is needed to interact with the site.
Violation reporting—a company must report a data breach within 72 hours.
What should a company with over 250 employees do to be compliant with
the GDPR?
Under GDPR, any company with over 250 employees will need to audit
their systems and take rigorous steps to protect any data that is
processed within their systems, either locally managed or in the cloud.
Describe some of the resources available at NIST.
NIST has many resources for the cybersecurity professional that include
the Special Publication 800 series, that deals with cyber security policies,
procedures, and guidelines.
Discuss the significance of NIST SP 800-115.
, NIST SP 800-115 is the "Technical Guide to Information Security Testing
and Assessment" and contains a great deal of relevant information about
PenTesting planning, techniques, and related activities.
Explain how the MITRE ATT&CK Framework provides tools and techniques
specific to PenTesting.
Once in the MITRE ATT&CK framework, you will see many columns in the
matrix that describe various tasks that are completed during the PenTest.
Compare and contrast CVE and CWE.
The CWE is a dictionary of software-related vulnerabilities maintained by
the MITRE Corporation that includes a detailed list of weaknesses in
hardware and software. CVE refers to specific vulnerabilities of particular
products.
A couple of your colleagues thought it might be a good idea to share some
guidance on how the team should conduct themselves during the
PenTesting process. What topics should be covered so that all members
exhibit professional behavior before, during and after the PenTest?
The team will need to clearly understand that they are to maintain
confidentiality before, during, and after a PenTest exercise. Once the
testing begins the team will want to proceed with care and notify the team
lead if they have observed any illegal behavior.
The team is involved with planning a PenTest exercise for 515support.com.
Management is concerned that the loading dock is vulnerable to a social
engineering attack, whereby someone can gain access to the building by
asking someone who is on a smoking break. Prior to conducting the tests,
what should the team do to prepare for the test.
Who will notify security personnel that the team is using a social
engineering exercise to gain access into the building?
How many individuals should be testing to see if this type of exploit is
possible?
Can you provide a nonworking key card to make the ploy more believable?
The team is involved with planning a PenTest exercise for 515support.com.
Management has asked the team to run a series of scans at a satellite
facility. Once the team is on site and begins testing, one of the team
members shows you the result of the vulnerability scan. After examining
the scan, you realized the team member has scanned the wrong network.
How should you proceed?
Although this was an accident, you should immediately notify the team
lead, as the test was outside of the scope of the PenTest.
515support.com has an established interactive website, that customers
can visit, place orders, and schedule on-site visits. Because the site
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller BRAINBOOSTERS. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
83637 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now