PenTest+ Practice Exam 84 Questions and Complete Solutions.
2 views 0 purchase
Course
PenTest+ Practice
Institution
PenTest+ Practice
PenTest+PracticeExam84Questions and
CompleteSolutions.
A small shop that sells novelty items begins taking credit card payments. An IT contractor
configures the internal network to comply with cardholder data protection policies. What
would the contractor consider as a questionable configuratio...
PenTest+ Practice Exam 84 Questions and
Complete Solutions.
A small shop that sells novelty items begins taking credit card payments. An IT contractor
configures the internal network to comply with cardholder data protection policies. What
would the contractor consider as a questionable configuration? - Correct Answer
Read/write share access
A new business that processes credit card transactions must complete a report on
compliance (RoC). What security rank does the business meet? (Select all that apply.) -
Correct Answer Level 1
Level 2
A security auditor reviews a small retailer's credit card data protection strategy. In which
area would the auditor likely request more detailed information to see that industry
recommendations are followed? - Correct Answer Password Policies
An organization realizes the potential for an attack on their systems. As a result, a
resiliency assessment takes place, and various controls are suggested to be put in place.
If an access control list (ACL) is on a firewall, what type of control does the systems
engineer implement? - Correct Answer Logical
A Pentest team performs an exercise at a large financial firm. During the process, it is
discovered that a risk exists due to missing firmware updates on several hardware-based
firewalls. The team concludes a risk rating during which step of the Pentest process? -
Correct Answer Analysis
PenTesters submit a report to a client after a successful engagement exercise. The
report contains suggestions on improving business continuity. Which control type does
the report address? - Correct Answer Administrative
A PenTest team reports an issue to a client that may have legal ramifications. What does
the team leader report? - Correct Answer An incorrect network scan
A PenTest team must have a strong ethical background. Which issue is ethics related? -
Correct Answer A failed background check
, A public school system looks to educate its student population with cybersecurity
knowledge. Which resource will staff suggest is part of the curriculum? - Correct Answer
OSSTMM
A PenTester simulates an attack on a wireless network by capturing frames and then
using the information to further an attack on a discovered Basic Service Set (ID) of an
access point. What specific tool has the PenTester used to initiate the attack? - Correct
Answer Airodump-ng
A business hires a PenTest team with a concern that wireless access points (AP) are
vulnerable to an insider attack. Which tool do the testers use to gain access to an AP? -
Correct Answer Aireplay-ng
An employee loses a smartphone while on vacation. The device is used in a BYOD
program and contains sensitive data related to the business. Which vulnerability does the
company face with the loss of the phone? - Correct Answer Deperimeterization
Security engineers lead a training session for employees on the safe use of mobile
devices. During the training, an engineer is unknowingly able to connect to an
employee's phone and read data. What attack type has the engineer exposed and
explained to the group? - Correct Answer Bluesnarfing
A team of Pentesters look to use a tool that can observe and interact with an API on an
Android device. Which tool does the team utilize to test an HTTP API? - Correct Answer
Postman
An executive at an organization informs a PenTest team that users have started
complaining about receiving numerous text messages throughout the day. The executive
believes the organization has been hacked. What does a member of the team attribute
the activity as? - Correct Answer SMiShing
An organization utilizes a few dozen voice assistants throughout its offices. The devices
are made and branded by an obscure manufacturer. What technological security issue
might the organization encounter with these devices? - Correct Answer Lack of
automated updates
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller alfreddicki. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.99. You're not tied to anything after your purchase.
