Question Details.csv

Full Transcript

Which of the following best describes hacktivists? Which of the following best characterizes ethical hackers? Which of the following describes threat actors in cybersecurity? Which aspect of cybersecurity is the primary focus of a network infrastructure penetration test? The purpose of bug bounty programs used by companies is to: A known environment penetration test is characterized by: The penetration testing methodology that is a comprehensive guide focused on web application testing is: Which tool would be useful when performing a network infrastructure penetration test? A contractor is hired to review and perform cybersecurity vulnerability assessments for a local health clinic facility. Which U.S. government regulation must the contractor understand before the contractor can start? An Internal Revenue Service office in New York is considering moving some services to a cloud computing platform. Which U.S. government regulation must the office follow in the process? An employee of a cybersecurity consulting firm in the U.S. is assigned to help assess the system and operation vulnerabilities of several financial institutions in Europe. The task includes penetration tests for compliance. What is a key element the employee must have before starting the assignment? “A company hires a cybersecurity professional to perform penetration tests to assess government regulation compliance. Which legal document should be provided to the cybersecurity professional that specifies the expectations and constraints, including quality of work, timelines, and cost?” Which of the following best describes the purpose of a non-disclosure agreement (NDA) in the context of penetration testing? Which of the following best defines the purpose of rules of engagement (ROE) in penetration testing? Which of the following describes threat actors in cybersecurity? Which of the following statements best describes the General Data Protection Regulation (GDPR)? Scope creep in a penetration testing engagement can occur due to various factors. Which of the following is NOT likely to cause scope creep? What tool could be used to gather DNS information passively? Which of the following describes the primary function of WHOIS in internet governance? Why would a penetration tester perform a passive reconnaissance scan instead of an active one? What type of server is a penetration tester enumerating when they enter the nmap -sU command? What is the disadvantage of conducting an unauthenticated scan of a target when performing a penetration test? In which circumstance would a penetration tester perform an unauthenticated scan of a target? What is the purpose of host enumeration when beginning a penetration test? “When a penetration test identifies a vulnerability, how should the vulnerability be further verified?” Which of the following best defines the purpose of the Common Vulnerabilities and Exposures (CVE) system? Which of the following describes the primary function of the Common Vulnerability Scoring System (CVSS)? Which of the following best describes a watering hole attack? “A threat actor has altered the host file for a commonly accessed website on the computer of a victim. Now when the user clicks on the website link, they are redirected to a malicious website. What type of attack has the threat actor accomplished?” Why would a threat actor use the Social-Engineering Toolkit (SET)? Which social engineering physical attack statement is correct? Which of the following best defines the Browser Exploitation Framework (BeEF) in the realm of cybersecurity? Which is a characteristic of a DNS poisoning attack? Which of the following defines a pass-the-hash attack? Which Wi-Fi protocol is most vulnerable to a brute-force attack during a Wi-Fi network deployment? What is a DNS resolver cache on a Windows system? Which kind of attack is an IP spoofing attack? An on-path attack is also know as a ____________ attack. Which of the following best characterizes OpenVAS? Which of the following accurately defines Kerberos