D 484 / D484 Final Exam Review
(Latest Update )
Penetration Testing | Study Guide
Questions with Verified Answers |
Grade A | 100% Correct - WGU
Question:
A security team plans a lateral move within a client's Windows network. The
intent is to exploit a flaw in the Distributed Component Object Model
(DCOM) during the move. How does the team achieve this?
A.Issue commands using SMB
B.Use RPC as a transport mechanism
C.Install the WinRM service
D.Use remote access services
Answer:
B.Use RPC as a transport mechanism
The Remote Procedure Call (RPC) enables inter-process communications
between local and remote systems. DCOM applications use RPC as a
transport mechanism.
,Question:
A PenTester looks to automate some scanning that is required at a client site.
What will the Nmap options -sV --script vulners accomplish? (Select all that
apply.)
A.Version detection on open ports
B.OS detection on a target host
C.Look for common vulnerabilities and exposures
D.Exploit vulnerabilities
Answer:
A.Version detection on open ports
C.Look for common vulnerabilities and exposures
Question:
A PenTester conducts a stealth scan of a network server from across a
network. What does the tester know is true about scanning this way with
Nmap? (Select all that apply.)
A.Complete TCP three-way handshake
B.Limited effectiveness
C.Credentials are not used
D.Credentials are used
Answer:
B.Limited effectiveness
C.Credentials are not used
,Question:
A penetration tester focuses on working on a particular server at a host
organization that contains critical information and is of the highest priority
to harden. At this time, there are no regulatory requirements to fulfill. What
approach should the pen tester use to best assess this situation? (Select all
that apply.)
A.Goals
B.Compliance
C.Teams
D.Objectives
Answer:
A.Goals
D.Objectives
Question:
A project manager is reviewing the scope of a penetration test. Which of the
following is least likely to be included?
A.Location
B.Target exclusions
C.Framework
D.Tools
Answer:
C.Framework
, The penetration testing framework is not likely to be included in scoping
discussions. However, this can be beneficial outside the scope.
Question:
A public school system wishes to educate its student population with
cybersecurity knowledge. They're particularly interested in a resource that
provides a holistic, structured approach to PenTesting and offers its core
materials without any cost. Which of the following is most suitable?
A.OWASP
B.NIST
C.OSSTMM
D.PTES
Answer:
C.OSSTMM
The Open-source Security Testing Methodology Manual (OSSTMM) provides
a holistic, structured approach to PenTesting and is open-source, meaning its
core materials are available without cost. This makes it suitable for a public
school system looking to provide cybersecurity education without incurring
additional expenses.
(Latest Update )
Penetration Testing | Study Guide
Questions with Verified Answers |
Grade A | 100% Correct - WGU
Question:
A security team plans a lateral move within a client's Windows network. The
intent is to exploit a flaw in the Distributed Component Object Model
(DCOM) during the move. How does the team achieve this?
A.Issue commands using SMB
B.Use RPC as a transport mechanism
C.Install the WinRM service
D.Use remote access services
Answer:
B.Use RPC as a transport mechanism
The Remote Procedure Call (RPC) enables inter-process communications
between local and remote systems. DCOM applications use RPC as a
transport mechanism.
,Question:
A PenTester looks to automate some scanning that is required at a client site.
What will the Nmap options -sV --script vulners accomplish? (Select all that
apply.)
A.Version detection on open ports
B.OS detection on a target host
C.Look for common vulnerabilities and exposures
D.Exploit vulnerabilities
Answer:
A.Version detection on open ports
C.Look for common vulnerabilities and exposures
Question:
A PenTester conducts a stealth scan of a network server from across a
network. What does the tester know is true about scanning this way with
Nmap? (Select all that apply.)
A.Complete TCP three-way handshake
B.Limited effectiveness
C.Credentials are not used
D.Credentials are used
Answer:
B.Limited effectiveness
C.Credentials are not used
,Question:
A penetration tester focuses on working on a particular server at a host
organization that contains critical information and is of the highest priority
to harden. At this time, there are no regulatory requirements to fulfill. What
approach should the pen tester use to best assess this situation? (Select all
that apply.)
A.Goals
B.Compliance
C.Teams
D.Objectives
Answer:
A.Goals
D.Objectives
Question:
A project manager is reviewing the scope of a penetration test. Which of the
following is least likely to be included?
A.Location
B.Target exclusions
C.Framework
D.Tools
Answer:
C.Framework
, The penetration testing framework is not likely to be included in scoping
discussions. However, this can be beneficial outside the scope.
Question:
A public school system wishes to educate its student population with
cybersecurity knowledge. They're particularly interested in a resource that
provides a holistic, structured approach to PenTesting and offers its core
materials without any cost. Which of the following is most suitable?
A.OWASP
B.NIST
C.OSSTMM
D.PTES
Answer:
C.OSSTMM
The Open-source Security Testing Methodology Manual (OSSTMM) provides
a holistic, structured approach to PenTesting and is open-source, meaning its
core materials are available without cost. This makes it suitable for a public
school system looking to provide cybersecurity education without incurring
additional expenses.
