10 Questions
What document specifies the scope, limitations, and expectations of a penetration test?
SOW
What type of agreement ensures confidentiality of sensitive information shared between a pentester and an organization?
NDA
Which phase is not part of the NIST SP 800-115 methodology?
Maintenance
What type of resource is unlikely to be provided to a pentester during a white box assessment?
PII of employees
What document outlines the terms and conditions of a penetration test, including the scope, timelines, and deliverables?
SOW
What document outlines the scope of work for a penetration test, including timelines and deliverables?
Statement of Work
What type of contract ensures the confidentiality of sensitive information shared between a pentester and an organization?
Non-Disclosure Agreement
What phase is not part of the NIST SP 800-115 methodology?
Disposal
What type of resource is unlikely to be provided to a pentester during a black box assessment?
Employee contact information
What type of assessment provides the pentester with extensive knowledge and access to the target system?
White box assessment
Study Notes
Penetration Test Documentation
- A formal document that states what will and will not be performed during a penetration test is called a Statement of Work (SOW).
Confidentiality Agreements
- A legal contract outlining the confidential material or information that will be shared by the pentester and the organization during an assessment is called a Non-Disclosure Agreement (NDA).
NIST SP 800-115 Methodology
- The NIST SP 800-115 Methodology involves the following steps: Planning, Discovery, and Reporting.
- Scoping is not a step in the NIST SP 800-115 Methodology.
White Box Assessment Support Resources
- Examples of support resources that a pentester might receive as part of a white box assessment include: Network diagrams, SOAP project files, and XSD.
- PII (Personally Identifiable Information) of employees is not an example of a type of support resource that a pentester might receive as part of a white box assessment.
Penetration Test Documentation
- A formal document that states what will and will not be performed during a penetration test is called a Statement of Work (SOW).
Confidentiality Agreements
- A legal contract outlining the confidential material or information that will be shared by the pentester and the organization during an assessment is called a Non-Disclosure Agreement (NDA).
NIST SP 800-115 Methodology
- The NIST SP 800-115 Methodology involves the following steps: Planning, Discovery, and Reporting.
- Scoping is not a step in the NIST SP 800-115 Methodology.
White Box Assessment Support Resources
- Examples of support resources that a pentester might receive as part of a white box assessment include: Network diagrams, SOAP project files, and XSD.
- PII (Personally Identifiable Information) of employees is not an example of a type of support resource that a pentester might receive as part of a white box assessment.
This quiz assesses knowledge of penetration testing, including documents and methodologies used in the field of cybersecurity. It covers topics such as formal documents, legal contracts, and steps in the NIST SP 800-115 Methodology.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free