D484 EXAM QUESTIONS WITH |\ |\ |\ |\
ANSWERS
A security professional is researching the latest vulnerabilities
|\ |\ |\ |\ |\ |\ |\ |\
that have been released. Where is a good resource they can go
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to in order to look at these?
|\ |\ |\ |\ |\ |\
A.CVSS
B.CVE
C.NVD
D.ISSAF - CORRECT ANSWERS ✔✔C.NVD
|\ |\ |\ |\
To learn more about the vulnerabilities, you can often click on
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CVE names, which have hyperlinks to the record in the National
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
Vulnerability Database (NVD). Once there, you can read more
|\ |\ |\ |\ |\ |\ |\ |\ |\
details.
A new penetration tester is creating a strategy for their first
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
upcoming process and wants to follow the standard process.
|\ |\ |\ |\ |\ |\ |\ |\ |\
What step takes place after planning?
|\ |\ |\ |\ |\
A.Scanning
B.Recon
C.Gaining access |\
D.Analysis - CORRECT ANSWERS ✔✔B.Recon |\ |\ |\ |\
,A marketing coordinator meets with many high-profile companies
|\ |\ |\ |\ |\ |\ |\
to discuss penetration testing engagements. Which of the
|\ |\ |\ |\ |\ |\ |\ |\ |\
following is NOT something they might want to show to ensure
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
confidence and trust in their team? |\ |\ |\ |\ |\
A.Credentials
B.Pre-Discovered information |\
C.Background check |\
D.Clearances - CORRECT ANSWERS ✔✔B.Pre-Discovered |\ |\ |\ |\ |\
information
Penetration testing companies should never do work before |\ |\ |\ |\ |\ |\ |\ |\
entering into an agreement including scope. This could possibly
|\ |\ |\ |\ |\ |\ |\ |\ |\
lead to prosecution.
|\ |\
PTES - CORRECT ANSWERS ✔✔The Penetration Testing Execution
|\ |\ |\ |\ |\ |\ |\ |\
Standard (PTES) has seven main sections that provide a
|\ |\ |\ |\ |\ |\ |\ |\ |\
comprehensive overview of the proper structure of a complete |\ |\ |\ |\ |\ |\ |\ |\ |\
PenTest. Some of the sections include details on topics such as
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
pre-engagement interactions, threat modeling, vulnerability |\ |\ |\ |\ |\
analysis, exploitation, and reporting. |\ |\ |\
ISSAF - CORRECT ANSWERS ✔✔The ISSAF contains a list of 14
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
documents that relate to PenTesting, such as guidelines on |\ |\ |\ |\ |\ |\ |\ |\ |\
business continuity and disaster recovery along with legal and
|\ |\ |\ |\ |\ |\ |\ |\ |\
regulatory compliance. |\
A penetration tester has been contracted to do a test for a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
hospital and is looking at computerized electronic patient
|\ |\ |\ |\ |\ |\ |\ |\
records. What are these referred to as? |\ |\ |\ |\ |\ |\
,A.HIPAA
B.e-PHI
C.CCPA
D.GDPR - CORRECT ANSWERS ✔✔B.e-PHI |\ |\ |\ |\
Computerized electronic patient records are referred to as |\ |\ |\ |\ |\ |\ |\ |\
electronic protected health information (e-PHI). With HIPAA, the
|\ |\ |\ |\ |\ |\ |\ |\
e-PHI of any patient must be protected from exposure, or the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
organization can face a hefty fine. |\ |\ |\ |\ |\
The Health Insurance Portability and Accountability Act (HIPAA) is
|\ |\ |\ |\ |\ |\ |\ |\
a law that mandates rigorous requirements for anyone that deals
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
with patient information.
|\ |\ |\
A penetration tester is conducting a PCI DSS compliance report
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
for a large company that does ten million transactions a year.
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
What level should they comply with?
|\ |\ |\ |\ |\
A.1
B.2
C.3
D.4 - CORRECT ANSWERS ✔✔A.1
|\ |\ |\ |\
Level 1 is a large merchant with over six million transactions a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
year and must have an external auditor perform the assessment
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
by an approved Qualified Security Assessor (QSA).
|\ |\ |\ |\ |\ |\
, Level 2 is a merchant with one to six million transactions a year.
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
Both levels 1 and 2 must complete a Report on Compliance
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
(RoC).
Level 3 is a merchant with 20,000 to one million transactions a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
year. Levels 2 through 4 can either have an external auditor or
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
submit a self-test that proves they are taking active steps to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
secure the infrastructure.
|\ |\
Level 4 is a small merchant with under 20,000 transactions a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
year.
A project manager is preparing documentation that covers
|\ |\ |\ |\ |\ |\ |\ |\
recurring costs and any unforeseen additional charges that may
|\ |\ |\ |\ |\ |\ |\ |\ |\
occur during a project without the need for an additional
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
contract. Which of the following should they prepare?
|\ |\ |\ |\ |\ |\ |\
A.SOW
B.MSA
C.SLA
D.NVD - CORRECT ANSWERS ✔✔B.MSA
|\ |\ |\ |\
The Master Service Agreement (MSA) is a contract that
|\ |\ |\ |\ |\ |\ |\ |\ |\
establishes guidelines for any business documents executed |\ |\ |\ |\ |\ |\ |\
between two parties. It can be used to cover recurring costs and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
any unforeseen additional charges.
|\ |\ |\
SOW - CORRECT ANSWERS ✔✔The Statement of Work (SOW) is a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
document that defines the expectations for a specific business
|\ |\ |\ |\ |\ |\ |\ |\ |\
arrangement. It typically includes a list of deliverables, |\ |\ |\ |\ |\ |\ |\ |\
responsibilities of both parties, and others. |\ |\ |\ |\ |\
ANSWERS
A security professional is researching the latest vulnerabilities
|\ |\ |\ |\ |\ |\ |\ |\
that have been released. Where is a good resource they can go
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to in order to look at these?
|\ |\ |\ |\ |\ |\
A.CVSS
B.CVE
C.NVD
D.ISSAF - CORRECT ANSWERS ✔✔C.NVD
|\ |\ |\ |\
To learn more about the vulnerabilities, you can often click on
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CVE names, which have hyperlinks to the record in the National
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
Vulnerability Database (NVD). Once there, you can read more
|\ |\ |\ |\ |\ |\ |\ |\ |\
details.
A new penetration tester is creating a strategy for their first
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
upcoming process and wants to follow the standard process.
|\ |\ |\ |\ |\ |\ |\ |\ |\
What step takes place after planning?
|\ |\ |\ |\ |\
A.Scanning
B.Recon
C.Gaining access |\
D.Analysis - CORRECT ANSWERS ✔✔B.Recon |\ |\ |\ |\
,A marketing coordinator meets with many high-profile companies
|\ |\ |\ |\ |\ |\ |\
to discuss penetration testing engagements. Which of the
|\ |\ |\ |\ |\ |\ |\ |\ |\
following is NOT something they might want to show to ensure
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
confidence and trust in their team? |\ |\ |\ |\ |\
A.Credentials
B.Pre-Discovered information |\
C.Background check |\
D.Clearances - CORRECT ANSWERS ✔✔B.Pre-Discovered |\ |\ |\ |\ |\
information
Penetration testing companies should never do work before |\ |\ |\ |\ |\ |\ |\ |\
entering into an agreement including scope. This could possibly
|\ |\ |\ |\ |\ |\ |\ |\ |\
lead to prosecution.
|\ |\
PTES - CORRECT ANSWERS ✔✔The Penetration Testing Execution
|\ |\ |\ |\ |\ |\ |\ |\
Standard (PTES) has seven main sections that provide a
|\ |\ |\ |\ |\ |\ |\ |\ |\
comprehensive overview of the proper structure of a complete |\ |\ |\ |\ |\ |\ |\ |\ |\
PenTest. Some of the sections include details on topics such as
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
pre-engagement interactions, threat modeling, vulnerability |\ |\ |\ |\ |\
analysis, exploitation, and reporting. |\ |\ |\
ISSAF - CORRECT ANSWERS ✔✔The ISSAF contains a list of 14
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
documents that relate to PenTesting, such as guidelines on |\ |\ |\ |\ |\ |\ |\ |\ |\
business continuity and disaster recovery along with legal and
|\ |\ |\ |\ |\ |\ |\ |\ |\
regulatory compliance. |\
A penetration tester has been contracted to do a test for a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
hospital and is looking at computerized electronic patient
|\ |\ |\ |\ |\ |\ |\ |\
records. What are these referred to as? |\ |\ |\ |\ |\ |\
,A.HIPAA
B.e-PHI
C.CCPA
D.GDPR - CORRECT ANSWERS ✔✔B.e-PHI |\ |\ |\ |\
Computerized electronic patient records are referred to as |\ |\ |\ |\ |\ |\ |\ |\
electronic protected health information (e-PHI). With HIPAA, the
|\ |\ |\ |\ |\ |\ |\ |\
e-PHI of any patient must be protected from exposure, or the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
organization can face a hefty fine. |\ |\ |\ |\ |\
The Health Insurance Portability and Accountability Act (HIPAA) is
|\ |\ |\ |\ |\ |\ |\ |\
a law that mandates rigorous requirements for anyone that deals
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
with patient information.
|\ |\ |\
A penetration tester is conducting a PCI DSS compliance report
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
for a large company that does ten million transactions a year.
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
What level should they comply with?
|\ |\ |\ |\ |\
A.1
B.2
C.3
D.4 - CORRECT ANSWERS ✔✔A.1
|\ |\ |\ |\
Level 1 is a large merchant with over six million transactions a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
year and must have an external auditor perform the assessment
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
by an approved Qualified Security Assessor (QSA).
|\ |\ |\ |\ |\ |\
, Level 2 is a merchant with one to six million transactions a year.
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
Both levels 1 and 2 must complete a Report on Compliance
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
(RoC).
Level 3 is a merchant with 20,000 to one million transactions a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
year. Levels 2 through 4 can either have an external auditor or
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
submit a self-test that proves they are taking active steps to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
secure the infrastructure.
|\ |\
Level 4 is a small merchant with under 20,000 transactions a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
year.
A project manager is preparing documentation that covers
|\ |\ |\ |\ |\ |\ |\ |\
recurring costs and any unforeseen additional charges that may
|\ |\ |\ |\ |\ |\ |\ |\ |\
occur during a project without the need for an additional
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
contract. Which of the following should they prepare?
|\ |\ |\ |\ |\ |\ |\
A.SOW
B.MSA
C.SLA
D.NVD - CORRECT ANSWERS ✔✔B.MSA
|\ |\ |\ |\
The Master Service Agreement (MSA) is a contract that
|\ |\ |\ |\ |\ |\ |\ |\ |\
establishes guidelines for any business documents executed |\ |\ |\ |\ |\ |\ |\
between two parties. It can be used to cover recurring costs and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
any unforeseen additional charges.
|\ |\ |\
SOW - CORRECT ANSWERS ✔✔The Statement of Work (SOW) is a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
document that defines the expectations for a specific business
|\ |\ |\ |\ |\ |\ |\ |\ |\
arrangement. It typically includes a list of deliverables, |\ |\ |\ |\ |\ |\ |\ |\
responsibilities of both parties, and others. |\ |\ |\ |\ |\
