Podcast
Questions and Answers
What document specifies the scope, limitations, and expectations of a penetration test?
What document specifies the scope, limitations, and expectations of a penetration test?
- NDA
- MSA
- Corporate Policy
- SOW (correct)
What type of agreement ensures confidentiality of sensitive information shared between a pentester and an organization?
What type of agreement ensures confidentiality of sensitive information shared between a pentester and an organization?
- SOW
- Corporate Policy
- MSA
- NDA (correct)
Which phase is not part of the NIST SP 800-115 methodology?
Which phase is not part of the NIST SP 800-115 methodology?
- Scoping
- Reporting
- Exploitation
- Maintenance (correct)
What type of resource is unlikely to be provided to a pentester during a white box assessment?
What type of resource is unlikely to be provided to a pentester during a white box assessment?
What document outlines the terms and conditions of a penetration test, including the scope, timelines, and deliverables?
What document outlines the terms and conditions of a penetration test, including the scope, timelines, and deliverables?
What document outlines the scope of work for a penetration test, including timelines and deliverables?
What document outlines the scope of work for a penetration test, including timelines and deliverables?
What type of contract ensures the confidentiality of sensitive information shared between a pentester and an organization?
What type of contract ensures the confidentiality of sensitive information shared between a pentester and an organization?
What phase is not part of the NIST SP 800-115 methodology?
What phase is not part of the NIST SP 800-115 methodology?
What type of resource is unlikely to be provided to a pentester during a black box assessment?
What type of resource is unlikely to be provided to a pentester during a black box assessment?
What type of assessment provides the pentester with extensive knowledge and access to the target system?
What type of assessment provides the pentester with extensive knowledge and access to the target system?
Flashcards are hidden until you start studying
Study Notes
Penetration Test Documentation
- A formal document that states what will and will not be performed during a penetration test is called a Statement of Work (SOW).
Confidentiality Agreements
- A legal contract outlining the confidential material or information that will be shared by the pentester and the organization during an assessment is called a Non-Disclosure Agreement (NDA).
NIST SP 800-115 Methodology
- The NIST SP 800-115 Methodology involves the following steps: Planning, Discovery, and Reporting.
- Scoping is not a step in the NIST SP 800-115 Methodology.
White Box Assessment Support Resources
- Examples of support resources that a pentester might receive as part of a white box assessment include: Network diagrams, SOAP project files, and XSD.
- PII (Personally Identifiable Information) of employees is not an example of a type of support resource that a pentester might receive as part of a white box assessment.
Penetration Test Documentation
- A formal document that states what will and will not be performed during a penetration test is called a Statement of Work (SOW).
Confidentiality Agreements
- A legal contract outlining the confidential material or information that will be shared by the pentester and the organization during an assessment is called a Non-Disclosure Agreement (NDA).
NIST SP 800-115 Methodology
- The NIST SP 800-115 Methodology involves the following steps: Planning, Discovery, and Reporting.
- Scoping is not a step in the NIST SP 800-115 Methodology.
White Box Assessment Support Resources
- Examples of support resources that a pentester might receive as part of a white box assessment include: Network diagrams, SOAP project files, and XSD.
- PII (Personally Identifiable Information) of employees is not an example of a type of support resource that a pentester might receive as part of a white box assessment.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
