Exam (elaborations)

Penetration Testing and Vulnerability Analysis - D332 Questions and Answers (100% Pass)

5 views 0 purchase

Course
Penetration Testing

Institution
Penetration Testing

How do you calculate Risk? Risk = Threat x Vulnerability Describe unified threat management (UTM) All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data loss prevention, content filtering, and so...

[Show more]

Preview 4 out of 102 pages

View example

Uploaded on October 12, 2024
Number of pages 102
Written in 2024/2025
Type Exam (elaborations)
Contains Questions & answers

penetration testing and vulnerability analysis
how do you calculate risk risk threat x vulne

Institution Penetration Testing
Course Penetration Testing

ExamArsenal Member since 1 year 222 documents sold

$14.09

Added

Add to cart Add to wishlist

100% satisfaction guarantee
Immediately available after payment
Both online and in PDF
No strings attached

1 | P a g e | © copyright 2024/2025 | Grade A+

Penetration Testing and
Vulnerability Analysis - D332
Questions and Answers (100% Pass)
How do you calculate Risk?

✓ Risk = Threat x Vulnerability

Describe unified threat management (UTM)

✓ All-in-one security appliances and agents that combine the functions

of a firewall, malware scanner, intrusion detection, vulnerability

scanner, data loss prevention, content filtering, and so on.

Describe OWASP

✓ Open Web Application Security Project: A framework for testing during

each phase of the development cycle. Publishes a Top Ten

vulnerabilities list, with a focus on Web Applications.

Describe NIST

Master01 | October, 2024/2025 | Latest update

, 1 | P a g e | © copyright 2024/2025 | Grade A+

✓ United States (U.S.) National Institute of Standards and Technology

(NIST): Develops computer security standards used by US federal

agencies and publishes cybersecurity best practice guides and

research.

What is NIST SP 800-115?

✓ "Technical Guide to Information Security Testing and Assessment."

Describe OSSTMM

✓ Open-source Security Testing Methodology Manual (OSSTMM): this

manual outlines every area of an organization that needs testing, as

well as goes into details about how to conduct the relevant tests.

OSSTMM doesn't provide the tools needed to accomplish a complete

PenTesting exercise, but it does cover other areas, such as Human Security

and Physical Security testing.

Describe ISSAF

Master01 | October, 2024/2025 | Latest update

, 1 | P a g e | © copyright 2024/2025 | Grade A+

✓ Information Systems Security Assessment Framework (ISSAF): Open

Source .rar file, a collection of 14 documents related to Pen Testing

(incldues includes a Security Assessment Contract, Request for Proposal

and Reporting templates)

Describe PTES

✓ Penetration Testing Execution Standard (PTES) has seven main sections

that provide a comprehensive overview of the proper structure of a

complete PenTest. ex. pre-engagement interactions, threat modeling,

vulnerability analysis, exploitation, and reporting.

Explain MITRE ATT&CK

✓ ATT&CK (Adversarial Tactics, Techniques & Common Knowledge): non-

profit, sponsored by US-CERT and DHS, containing specific adversary

tactics, techniques, and procedures

Explain CVSS

✓ Common Vulnerability Scoring System (CVSS): A risk management

approach to quantifying vulnerability data and then taking into

account the degree of risk to different types of systems or information.

Explain CVE

Master01 | October, 2024/2025 | Latest update

, 1 | P a g e | © copyright 2024/2025 | Grade A+

✓ Common Vulnerabilities and Exposures (CVE): The information in a

CVSS is fed into a CVE, with the format CVE-[YEAR]-[NUMBER] and an

explanation of the vulnerability. CVE = SPECIFIC vulnerabilities o

particular products. Most CVEs contain links to the NVD (National

Vulnerability Database) where you can find out more info about the

vulnerabilities.

Explain CWE

✓ Common Weakness Enumeration (CWE): MITRE Database of hardware

and software weaknesses. CWE = dictionary of software-related

vulnerabilities that details software & hardware weaknesses.

What are important considerations when PenTesting a company's web

applications and services?

✓ The client will provide a percentage / discrete value of total number of

web pages or forms that require user interaction to test.

The team should obtain a variety of roles and permissions so each role can

be tested (user, etc.)

What are examples of assets when determining scope of the test?

Master01 | October, 2024/2025 | Latest update

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller ExamArsenal. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $14.09. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

62890 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling

Popular Universities in the United States

Popular books

Find notes and summaries for these qualifications

Seller