Podcast
Questions and Answers
What document specifies the scope, limitations, and expectations of a penetration test?
What document specifies the scope, limitations, and expectations of a penetration test?
What type of agreement ensures confidentiality of sensitive information shared between a pentester and an organization?
What type of agreement ensures confidentiality of sensitive information shared between a pentester and an organization?
Which phase is not part of the NIST SP 800-115 methodology?
Which phase is not part of the NIST SP 800-115 methodology?
What type of resource is unlikely to be provided to a pentester during a white box assessment?
What type of resource is unlikely to be provided to a pentester during a white box assessment?
Signup and view all the answers
What document outlines the terms and conditions of a penetration test, including the scope, timelines, and deliverables?
What document outlines the terms and conditions of a penetration test, including the scope, timelines, and deliverables?
Signup and view all the answers
What document outlines the scope of work for a penetration test, including timelines and deliverables?
What document outlines the scope of work for a penetration test, including timelines and deliverables?
Signup and view all the answers
What type of contract ensures the confidentiality of sensitive information shared between a pentester and an organization?
What type of contract ensures the confidentiality of sensitive information shared between a pentester and an organization?
Signup and view all the answers
What phase is not part of the NIST SP 800-115 methodology?
What phase is not part of the NIST SP 800-115 methodology?
Signup and view all the answers
What type of resource is unlikely to be provided to a pentester during a black box assessment?
What type of resource is unlikely to be provided to a pentester during a black box assessment?
Signup and view all the answers
What type of assessment provides the pentester with extensive knowledge and access to the target system?
What type of assessment provides the pentester with extensive knowledge and access to the target system?
Signup and view all the answers
Study Notes
Penetration Test Documentation
- A formal document that states what will and will not be performed during a penetration test is called a Statement of Work (SOW).
Confidentiality Agreements
- A legal contract outlining the confidential material or information that will be shared by the pentester and the organization during an assessment is called a Non-Disclosure Agreement (NDA).
NIST SP 800-115 Methodology
- The NIST SP 800-115 Methodology involves the following steps: Planning, Discovery, and Reporting.
- Scoping is not a step in the NIST SP 800-115 Methodology.
White Box Assessment Support Resources
- Examples of support resources that a pentester might receive as part of a white box assessment include: Network diagrams, SOAP project files, and XSD.
- PII (Personally Identifiable Information) of employees is not an example of a type of support resource that a pentester might receive as part of a white box assessment.
Penetration Test Documentation
- A formal document that states what will and will not be performed during a penetration test is called a Statement of Work (SOW).
Confidentiality Agreements
- A legal contract outlining the confidential material or information that will be shared by the pentester and the organization during an assessment is called a Non-Disclosure Agreement (NDA).
NIST SP 800-115 Methodology
- The NIST SP 800-115 Methodology involves the following steps: Planning, Discovery, and Reporting.
- Scoping is not a step in the NIST SP 800-115 Methodology.
White Box Assessment Support Resources
- Examples of support resources that a pentester might receive as part of a white box assessment include: Network diagrams, SOAP project files, and XSD.
- PII (Personally Identifiable Information) of employees is not an example of a type of support resource that a pentester might receive as part of a white box assessment.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz assesses knowledge of penetration testing, including documents and methodologies used in the field of cybersecurity. It covers topics such as formal documents, legal contracts, and steps in the NIST SP 800-115 Methodology.
