D484 COMPREHENSIVE QUESTIONS AND
VERIFIED SOLUTIONS
A security professional is researching the latest vulnerabilities that have been
released. Where is a good resource they can go to in order to look at these?
A.CVSS B.CVE C.NVD D.ISSAF - ✔✔C.NVD To learn more about the
vulnerabilities, you can often click on CVE names, which have hyperlinks to
the record in the National Vulnerability Database (NVD). Once there, you can
read more details. A new penetration tester is creating a strategy for their first
upcoming process and wants to follow the standard process. What step takes
place after planning? A.Scanning B.Recon C.Gaining access D.Analysis -
✔✔B.Recon A marketing coordinator meets with many high-profile companies
to discuss penetration testing engagements. Which of the following is NOT
something they might want to show to ensure confidence and trust in their
team? A.Credentials B.Pre-Discovered information C.Background check
D.Clearances - ✔✔B.Pre-Discovered information Penetration testing companies
should never do work before entering into an agreement including scope. This
could possibly lead to prosecution. PTES - ✔✔The Penetration Testing
Execution Standard (PTES) has seven main sections that provide a
comprehensive overview of the proper structure of a complete PenTest. Some of
the sections include details on topics such as pre-engagement interactions,
threat modeling, vulnerability analysis, exploitation, and reporting. ISSAF -
✔✔The ISSAF contains a list of 14 documents that relate to PenTesting, such
as guidelines on business continuity and disaster recovery along with legal and
regulatory compliance. A penetration tester has been contracted to do a test for
a hospital and is looking at computerized electronic patient records. What are
these referred to as? A.HIPAA B.e-PHI C.CCPA D.GDPR - ✔✔B.e-PHI
Computerized electronic patient records are referred to as electronic protected
health information (e-PHI). With HIPAA, the e-PHI of any patient must be
protected from exposure, or the organization can face a hefty fine. The Health
Insurance Portability and Accountability Act (HIPAA) is a law that mandates
rigorous requirements for anyone that deals with patient information. A
penetration tester is conducting a PCI DSS compliance report for a large
company that does ten million transactions a year. What level should they
comply with? A.1 B.2 C.3 D.4 - ✔✔A.1 Level 1 is a large merchant with over six
million transactions a year and must have an external auditor perform the
assessment by an approved Qualified Security Assessor (QSA). Level 2 is a
,merchant with one to six million transactions a year. Both levels 1 and 2 must
complete a Report on Compliance (RoC). Level 3 is a merchant with 20,000 to
one million transactions a year. Levels 2 through 4 can either have an external
auditor or submit a self-test that proves they are taking active steps to secure
the infrastructure. Level 4 is a small merchant with under 20,000 transactions
a year. A project manager is preparing documentation that covers recurring
costs and any unforeseen additional charges that may occur during a project
without the need for an additional contract. Which of the following should they
prepare? A.SOW B.MSA C.SLA D.NVD - ✔✔B.MSA The Master Service
Agreement (MSA) is a contract that establishes guidelines for any business
documents executed between two parties. It can be used to cover recurring
costs and any unforeseen additional charges. SOW - ✔✔The Statement of Work
(SOW) is a document that defines the expectations for a specific business
arrangement. It typically includes a list of deliverables, responsibilities of both
parties, and others. A penetration test is being conducted on a financial
institution. Which of the following is geared to ensure the security and
confidentiality of client information? A.GLBA B.DPPA C.HIPAA D.ISSAF -
✔✔A.GLBA The Gramm-Leach-Bliley Act (GLBA) requires financial institutions
to ensure the security and confidentiality of client information and take steps
to keep customer information secure. DPPA - ✔✔The Driver's Privacy Protection
Act (DPPA) governs the privacy and disclosure of personal information gathered
by state Departments of Motor Vehicles. A security firm is looking at expanding
operations outside the United States. Which of the following tools might require
careful consideration for legal compliance due to its decryption capabilities?
A.InterMapper B.Nmap C.OpenVAS D.Wireshark - ✔✔D.Wireshark Wireshark
is a powerful open-source protocol analysis tool that can decrypt numerous
protocols, such as IPsec, Kerberos, and SSL/TLS. While not restricted by U.S.
export regulations, its use in countries with strict encryption import laws
should be approached with caution due to its decryption capabilities. A project
manager is reviewing the scope of a penetration test. Which of the following is
least likely to be included? A.Location B.Target exclusions C.Framework
D.Tools - ✔✔C.Framework The penetration testing framework is not likely to be
included in scoping discussions. However, this can be beneficial outside the
scope. A penetration tester is working on a project and sees a fairly recent VoIP
vulnerability has come out. Which of the following records would best help
them narrow down potential targets? A.TXT B.NS C.SRV D.MX - ✔✔C.SRV
Service (SRV) record provides host and port information on services such as
voice over IP (VoIP) and instant messaging (IM). NS - ✔✔Nameserver (NS) record
lists the authoritative DNS server for a particular domain. A standard DNS
, query will use DNS servers to identify the Internet Protocol (IP) address behind
a particular domain or resource name. MX - ✔✔Mail Exchange (MX) record
provides the mail server that accepts email messages for a particular domain. A
penetration tester wants to gather email information for a targeted phishing
campaign. Which of the following tools could they use to collect this? A.Shodan
B.Dirbuster C.Metagoofil D.theHarvester - ✔✔D.theHarvester Shodan -
✔✔Shodan is a search engine designed to locate and index IoT devices that are
connected to the Internet. Dirbuster - ✔✔Dirbuster is specifically geared
towards website enumeration. DirBuster is a web application brute-force finder
for directories and files. It comes with nine different lists, including default
directories and common names given by developers. Metagoofil - ✔✔Metagoofil
uses various python libraries such as PdfMiner, GoogleSearch, and Hachoir to
scrape the metadata, and then displays the information using Hypertext
Markup Language (HTML). A security professional is checking for domains
based on certificates that are no longer allowed. What could they check for
this? A.ncpa.cpl B.SAN C.SET D.CRL - ✔✔D.CRL The Certification Revocation
List (CRL) is a list of certificates that in some way have been deemed invalid.
Although effective, most online services have moved to the newer OCSP to
check the validity of the certificate. SET - ✔✔The Social Engineering Toolkit
(SET) is a Python-based collection of tools that can be used when conducting a
social engineering PenTest. A cyber attacker has managed to manipulate DNS
entries, leading victims to a malicious website that looks like a legitimate one,
even when they type the correct URL in their browsers. What type of attack is
this? A.Phishing B.Pharming C.Baiting D.Malvertising - ✔✔B.Pharming A
penetration tester covertly follows an authorized employee who is unaware that
anyone is behind them. What is this called? A.Tailgating B.Piggybacking
C.Badge cloning D.Scaling - ✔✔A.Tailgating Tailgating is an attack where the
malicious actor slips in through a secure area while covertly following an
authorized employee who is unaware that anyone is behind them. A
penetration tester is trying to use Google Hacking to find more instances of
Cisco CallManager. What should they use? A.intitle:"DPH" "web login setting"
B.inurl:"ccmuser/logon.asp" C.intitle:"Grandstream Device Configuration"
password D.inurl:"CallManager" - ✔✔B.inurl:"ccmuser/logon.asp"
inurl:"ccmuser/logon.asp" would be used to find Cisco CallManager instances.
They can also try some other Google Hacking to find more information on VoIP
phones that you can use to launch the attack. A security consultant is
attempting to look for default passwords for a client's D-Link phones. Which of
the following should they use? A.intitle:"DPH" "web login setting"
B.inurl:"ccmuser/logon.asp" C.intitle:"Grandstream Device Configuration"
VERIFIED SOLUTIONS
A security professional is researching the latest vulnerabilities that have been
released. Where is a good resource they can go to in order to look at these?
A.CVSS B.CVE C.NVD D.ISSAF - ✔✔C.NVD To learn more about the
vulnerabilities, you can often click on CVE names, which have hyperlinks to
the record in the National Vulnerability Database (NVD). Once there, you can
read more details. A new penetration tester is creating a strategy for their first
upcoming process and wants to follow the standard process. What step takes
place after planning? A.Scanning B.Recon C.Gaining access D.Analysis -
✔✔B.Recon A marketing coordinator meets with many high-profile companies
to discuss penetration testing engagements. Which of the following is NOT
something they might want to show to ensure confidence and trust in their
team? A.Credentials B.Pre-Discovered information C.Background check
D.Clearances - ✔✔B.Pre-Discovered information Penetration testing companies
should never do work before entering into an agreement including scope. This
could possibly lead to prosecution. PTES - ✔✔The Penetration Testing
Execution Standard (PTES) has seven main sections that provide a
comprehensive overview of the proper structure of a complete PenTest. Some of
the sections include details on topics such as pre-engagement interactions,
threat modeling, vulnerability analysis, exploitation, and reporting. ISSAF -
✔✔The ISSAF contains a list of 14 documents that relate to PenTesting, such
as guidelines on business continuity and disaster recovery along with legal and
regulatory compliance. A penetration tester has been contracted to do a test for
a hospital and is looking at computerized electronic patient records. What are
these referred to as? A.HIPAA B.e-PHI C.CCPA D.GDPR - ✔✔B.e-PHI
Computerized electronic patient records are referred to as electronic protected
health information (e-PHI). With HIPAA, the e-PHI of any patient must be
protected from exposure, or the organization can face a hefty fine. The Health
Insurance Portability and Accountability Act (HIPAA) is a law that mandates
rigorous requirements for anyone that deals with patient information. A
penetration tester is conducting a PCI DSS compliance report for a large
company that does ten million transactions a year. What level should they
comply with? A.1 B.2 C.3 D.4 - ✔✔A.1 Level 1 is a large merchant with over six
million transactions a year and must have an external auditor perform the
assessment by an approved Qualified Security Assessor (QSA). Level 2 is a
,merchant with one to six million transactions a year. Both levels 1 and 2 must
complete a Report on Compliance (RoC). Level 3 is a merchant with 20,000 to
one million transactions a year. Levels 2 through 4 can either have an external
auditor or submit a self-test that proves they are taking active steps to secure
the infrastructure. Level 4 is a small merchant with under 20,000 transactions
a year. A project manager is preparing documentation that covers recurring
costs and any unforeseen additional charges that may occur during a project
without the need for an additional contract. Which of the following should they
prepare? A.SOW B.MSA C.SLA D.NVD - ✔✔B.MSA The Master Service
Agreement (MSA) is a contract that establishes guidelines for any business
documents executed between two parties. It can be used to cover recurring
costs and any unforeseen additional charges. SOW - ✔✔The Statement of Work
(SOW) is a document that defines the expectations for a specific business
arrangement. It typically includes a list of deliverables, responsibilities of both
parties, and others. A penetration test is being conducted on a financial
institution. Which of the following is geared to ensure the security and
confidentiality of client information? A.GLBA B.DPPA C.HIPAA D.ISSAF -
✔✔A.GLBA The Gramm-Leach-Bliley Act (GLBA) requires financial institutions
to ensure the security and confidentiality of client information and take steps
to keep customer information secure. DPPA - ✔✔The Driver's Privacy Protection
Act (DPPA) governs the privacy and disclosure of personal information gathered
by state Departments of Motor Vehicles. A security firm is looking at expanding
operations outside the United States. Which of the following tools might require
careful consideration for legal compliance due to its decryption capabilities?
A.InterMapper B.Nmap C.OpenVAS D.Wireshark - ✔✔D.Wireshark Wireshark
is a powerful open-source protocol analysis tool that can decrypt numerous
protocols, such as IPsec, Kerberos, and SSL/TLS. While not restricted by U.S.
export regulations, its use in countries with strict encryption import laws
should be approached with caution due to its decryption capabilities. A project
manager is reviewing the scope of a penetration test. Which of the following is
least likely to be included? A.Location B.Target exclusions C.Framework
D.Tools - ✔✔C.Framework The penetration testing framework is not likely to be
included in scoping discussions. However, this can be beneficial outside the
scope. A penetration tester is working on a project and sees a fairly recent VoIP
vulnerability has come out. Which of the following records would best help
them narrow down potential targets? A.TXT B.NS C.SRV D.MX - ✔✔C.SRV
Service (SRV) record provides host and port information on services such as
voice over IP (VoIP) and instant messaging (IM). NS - ✔✔Nameserver (NS) record
lists the authoritative DNS server for a particular domain. A standard DNS
, query will use DNS servers to identify the Internet Protocol (IP) address behind
a particular domain or resource name. MX - ✔✔Mail Exchange (MX) record
provides the mail server that accepts email messages for a particular domain. A
penetration tester wants to gather email information for a targeted phishing
campaign. Which of the following tools could they use to collect this? A.Shodan
B.Dirbuster C.Metagoofil D.theHarvester - ✔✔D.theHarvester Shodan -
✔✔Shodan is a search engine designed to locate and index IoT devices that are
connected to the Internet. Dirbuster - ✔✔Dirbuster is specifically geared
towards website enumeration. DirBuster is a web application brute-force finder
for directories and files. It comes with nine different lists, including default
directories and common names given by developers. Metagoofil - ✔✔Metagoofil
uses various python libraries such as PdfMiner, GoogleSearch, and Hachoir to
scrape the metadata, and then displays the information using Hypertext
Markup Language (HTML). A security professional is checking for domains
based on certificates that are no longer allowed. What could they check for
this? A.ncpa.cpl B.SAN C.SET D.CRL - ✔✔D.CRL The Certification Revocation
List (CRL) is a list of certificates that in some way have been deemed invalid.
Although effective, most online services have moved to the newer OCSP to
check the validity of the certificate. SET - ✔✔The Social Engineering Toolkit
(SET) is a Python-based collection of tools that can be used when conducting a
social engineering PenTest. A cyber attacker has managed to manipulate DNS
entries, leading victims to a malicious website that looks like a legitimate one,
even when they type the correct URL in their browsers. What type of attack is
this? A.Phishing B.Pharming C.Baiting D.Malvertising - ✔✔B.Pharming A
penetration tester covertly follows an authorized employee who is unaware that
anyone is behind them. What is this called? A.Tailgating B.Piggybacking
C.Badge cloning D.Scaling - ✔✔A.Tailgating Tailgating is an attack where the
malicious actor slips in through a secure area while covertly following an
authorized employee who is unaware that anyone is behind them. A
penetration tester is trying to use Google Hacking to find more instances of
Cisco CallManager. What should they use? A.intitle:"DPH" "web login setting"
B.inurl:"ccmuser/logon.asp" C.intitle:"Grandstream Device Configuration"
password D.inurl:"CallManager" - ✔✔B.inurl:"ccmuser/logon.asp"
inurl:"ccmuser/logon.asp" would be used to find Cisco CallManager instances.
They can also try some other Google Hacking to find more information on VoIP
phones that you can use to launch the attack. A security consultant is
attempting to look for default passwords for a client's D-Link phones. Which of
the following should they use? A.intitle:"DPH" "web login setting"
B.inurl:"ccmuser/logon.asp" C.intitle:"Grandstream Device Configuration"
