Exam (elaborations)
WGU D484 Penetration Testing with Questions and Answers| Latest Update 2025| Verified Answers
- Course
- Institution
WGU D484 Penetration Testing with Questions and Answers| Latest Update 2025| Verified Answers
[Show more]
Content preview
WGU D484 Penetration Testing with Questionsand Answers| Latest Update 2025| Verified
Answers
.
A penetration tester has been contracted to do a test for a hospital and is looking at
computerized electronic patient records. What are these referred to as?
Computerized electronic patient records are referred to as electronic protected health
information (e-PHI). With HIPAA, the e-PHI of any patient must be protected from exposure, or
the organization can face a hefty fine.
A student is studying penetration testing methodologies and is trying to narrow in their skill
sets to web application testing. Which of the following should they focus on?
The Open Worldwide Application Security Project (OWASP) is an organization aimed at
increasing awareness of web security and provides a framework for testing during each phase
of the software development process.
A penetration tester wants to become more efficient and effective at penetration testing.
What standard provides a comprehensive overview of the proper structure of a complete
PenTest and includes discussion on several topics, such as pre-engagement interactions,
threat modeling, vulnerability analysis, exploitation, and reporting?
The Penetration Testing Execution Standard (PTES) has seven main sections that provide a
comprehensive overview of the proper structure of a complete PenTest. Some of the sections
include details on topics such as pre-engagement interactions, threat modeling, vulnerability
analysis, exploitation, and reporting.
A security professional is researching the latest vulnerabilities that have been released.
Where is a good resource they can go to in order to look at these?
,To learn more about the vulnerabilities, you can often click on CVE names, which have
hyperlinks to the record in the National Vulnerability Database (NVD). Once there, you can read
more details.
A penetration tester has joined a consulting company that performs tests for several varying
clients. The company has stressed about staying within the scope of the project. What is the
worst thing the tester could face if they go outside their scope?
Even though a PenTest is performed with the mutual consent of the customer, the team may
inadvertently violate a local, state, or regional law. This could result in up to criminal charges.
A penetration tester is currently reviewing the adherence to organizational policies and
procedures. Which controls help to monitor this?
Administrative controls are security measures implemented to monitor the adherence to
organizational policies and procedures. These include activities such as hiring and termination
policies, employee training.
A new penetration tester is creating a summary of their first upcoming process and wants to
follow the standard process. What step takes place after planning?
Reconnaissance is next and focuses on gathering as much information about the target as
possible. This process includes searching information on the Internet, using Open-Source
Information Gathering Tools (OSINT), and websites.
A project manager for a penetration company has received a notice about a contract being
terminated due to lack of milestones being completed for an upcoming engagement with the
customer. The project manager wants to review the documentation to see specifically what is
allowed under the termination clauses. Which document should they look at?
A service-level agreement (SLA) is a contract that outlines the detailed terms under which a
service is provided, including reasons the contract may be terminated.
A company has contracted an independent penetration testing company to do API testing.
Which of the following are they most likely testing?
, API testing is common with cloud resources. Companies recognize the vulnerabilities that exist
when dealing with cloud assets. Many have turned to penetration testers to test the strength of
the security mechanisms.
A penetration test is being conducted on a Department of Motor Vehicles' vehicle. What
should the testers take into consideration when performing the assessment?
The Driver's Privacy Protection Act (DPPA) governs the privacy and disclosure of personal
information gathered by state Departments of Motor Vehicles.
A company is contracting a penetration test because they want to save money by going with
a smaller, newer hosting company. However, they are worried the company may have fewer
resources and less security expertise and may be easier to attack than larger, more mature
providers. What kind of web host is this?
Third-party hosted includes assets that are hosted by a vendor or partner of the client
organization, such as cloud-based hosting.
A penetration test is being conducted on a financial institution. Which of the following is
geared to ensure the security and confidentiality of client information?
The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to ensure the security and
confidentiality of client information and take steps to keep customer information secure.
A project manager is preparing documentation that covers recurring costs and any
unforeseen additional charges that may occur during a project without the need for an
additional contract. Which of the following should they prepare?
The Master Service Agreement (MSA) is a contract that establishes guidelines for any business
documents executed between two parties. It can be used to cover recurring costs and any
unforeseen additional charges.
A security firm is looking at expanding operations outside the United States. Which of the
following tools might require careful consideration for legal compliance due to its encryption
capabilities?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Examsplug. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80189 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now