PenTest+ Practice Exam 2024/2025 with 100% correct answers
1 view 0 purchase
Course
Pent+ Practice
Institution
Pent+ Practice
A small shop that sells novelty items begins taking credit card payments. An IT contractor configures the internal network to comply with cardholder data protection policies. What would the contractor consider as a questionable configuration? correct answersRead/write share access
A new business...
A small shop that sells novelty items begins taking credit card payments. An IT contractor configures the
internal network to comply with cardholder data protection policies. What would the contractor
consider as a questionable configuration? correct answersRead/write share access
A new business that processes credit card transactions must complete a report on compliance (RoC).
What security rank does the business meet? (Select all that apply.) correct answersLevel 1
Level 2
A security auditor reviews a small retailer's credit card data protection strategy. In which area would the
auditor likely request more detailed information to see that industry recommendations are followed?
correct answersPassword Policies
An organization realizes the potential for an attack on their systems. As a result, a resiliency assessment
takes place, and various controls are suggested to be put in place. If an access control list (ACL) is on a
firewall, what type of control does the systems engineer implement? correct answersLogical
A Pentest team performs an exercise at a large financial firm. During the process, it is discovered that a
risk exists due to missing firmware updates on several hardware-based firewalls. The team concludes a
risk rating during which step of the Pentest process? correct answersAnalysis
PenTesters submit a report to a client after a successful engagement exercise. The report contains
suggestions on improving business continuity. Which control type does the report address? correct
answersAdministrative
A PenTest team reports an issue to a client that may have legal ramifications. What does the team leader
report? correct answersAn incorrect network scan
A PenTest team must have a strong ethical background. Which issue is ethics related? correct answersA
failed background check
, A public school system looks to educate its student population with cybersecurity knowledge. Which
resource will staff suggest is part of the curriculum? correct answersOSSTMM
A PenTester simulates an attack on a wireless network by capturing frames and then using the
information to further an attack on a discovered Basic Service Set (ID) of an access point. What specific
tool has the PenTester used to initiate the attack? correct answersAirodump-ng
A business hires a PenTest team with a concern that wireless access points (AP) are vulnerable to an
insider attack. Which tool do the testers use to gain access to an AP? correct answersAireplay-ng
An employee loses a smartphone while on vacation. The device is used in a BYOD program and contains
sensitive data related to the business. Which vulnerability does the company face with the loss of the
phone? correct answersDeperimeterization
Security engineers lead a training session for employees on the safe use of mobile devices. During the
training, an engineer is unknowingly able to connect to an employee's phone and read data. What attack
type has the engineer exposed and explained to the group? correct answersBluesnarfing
A team of Pentesters look to use a tool that can observe and interact with an API on an Android device.
Which tool does the team utilize to test an HTTP API? correct answersPostman
An executive at an organization informs a PenTest team that users have started complaining about
receiving numerous text messages throughout the day. The executive believes the organization has been
hacked. What does a member of the team attribute the activity as? correct answersSMiShing
An organization utilizes a few dozen voice assistants throughout its offices. The devices are made and
branded by an obscure manufacturer. What technological security issue might the organization
encounter with these devices? correct answersLack of automated updates
A PenTest group performs an assessment exercise for a small business. If the exercise targets a particular
subnet that is for VIP use only, which assessment approach does the group use when planning an attack?
(Select all that apply.) correct answersGoals
Objectives
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller QUILLSKY. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.99. You're not tied to anything after your purchase.
