CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
Comptia Pentest+ 2023 Questions and answer - Part 59
1. Which of the following are the assets, a candidate may avoid for the target selection of a penetration test?
A) Employee bank accounts managed by a different company
B) Technologies
C) Facilities
D) Personnel
2. Select the specific technological challenge that could significantly impact an organization (for example, a mission-critical host or delicate legacy equipment that is scheduled for replacement), which is identified by the target audience of a penetration test.
A) Engagement Scope
B) Non-disclosure Agreement
C) Technical Constraint
D) Statement of Work
3. Select any two types of point-in-time assessments.(Select 2answers)
A) Black Box
B) Compliance-based
C) Goals-based
D) Gray Box
4. Which of the following enumerations is used when an attacker tries to recover valid user information from a web application?
A) Email Enumeration
B) User Enumeration
C) Network Enumeration
D) Token Enumeration
5. Which of the followings are not to be considered as stakeholders in the finding of a penetration test? (Select any two)(Select 2answers)
A) IT department
B) Executive Management
C) Third-party Media Organizations
D) Rival Corporations
A) Employee bank accounts managed by a different company
B) Technologies
C) Facilities
D) Personnel
2. Select the specific technological challenge that could significantly impact an organization (for example, a mission-critical host or delicate legacy equipment that is scheduled for replacement), which is identified by the target audience of a penetration test.
A) Engagement Scope
B) Non-disclosure Agreement
C) Technical Constraint
D) Statement of Work
3. Select any two types of point-in-time assessments.(Select 2answers)
A) Black Box
B) Compliance-based
C) Goals-based
D) Gray Box
4. Which of the following enumerations is used when an attacker tries to recover valid user information from a web application?
A) Email Enumeration
B) User Enumeration
C) Network Enumeration
D) Token Enumeration
5. Which of the followings are not to be considered as stakeholders in the finding of a penetration test? (Select any two)(Select 2answers)
A) IT department
B) Executive Management
C) Third-party Media Organizations
D) Rival Corporations
1. Right Answer: A
Explanation: In this report the detected vulnerabilities are mentioned along with their risk level in red, orange, blue, and green colors indicating high, medium, low and informational findings and the overall risk is high. Vulnerabilities are also formated with their CVSS and CVE codes. Affected programs are also reported.
2. Right Answer: C
Explanation: Assets to be targeted are items that are owned, operated, or deployed by the client organization-in short, anything for which the client organization can explicitly and definitively provide authorization for testing. Such assets include (but are not limited to) personnel, business processes, facilities, and technologies. While it is not unusual for employees to have personal business emails (such as those pertaining to their personal online banking).
3. Right Answer: B,C
Explanation: Technical constraints of an organization are the specific technological challenge that could significantly impact an organization such as mission-critical hosts or delicate legacy equipment that are scheduled for replacement.
4. Right Answer: B
Explanation: The point-in-time assessment types are compliance-based and goals-based testing. Compliance-based testing assesses an organization-s ability to follow and implement a given set of security standards within its environment while, goals-based testing is more strategic in nature and focuses on the penetration tester working to complete a specific desired outcome.
5. Right Answer: C,D
Explanation: User Enumeration is used when an attacker tries to recover valid user information from a web application. The registration form pages, login pages, or password reset pages on web applications are commonly vulnerable to this kind of attack.
Explanation: In this report the detected vulnerabilities are mentioned along with their risk level in red, orange, blue, and green colors indicating high, medium, low and informational findings and the overall risk is high. Vulnerabilities are also formated with their CVSS and CVE codes. Affected programs are also reported.
2. Right Answer: C
Explanation: Assets to be targeted are items that are owned, operated, or deployed by the client organization-in short, anything for which the client organization can explicitly and definitively provide authorization for testing. Such assets include (but are not limited to) personnel, business processes, facilities, and technologies. While it is not unusual for employees to have personal business emails (such as those pertaining to their personal online banking).
3. Right Answer: B,C
Explanation: Technical constraints of an organization are the specific technological challenge that could significantly impact an organization such as mission-critical hosts or delicate legacy equipment that are scheduled for replacement.
4. Right Answer: B
Explanation: The point-in-time assessment types are compliance-based and goals-based testing. Compliance-based testing assesses an organization-s ability to follow and implement a given set of security standards within its environment while, goals-based testing is more strategic in nature and focuses on the penetration tester working to complete a specific desired outcome.
5. Right Answer: C,D
Explanation: User Enumeration is used when an attacker tries to recover valid user information from a web application. The registration form pages, login pages, or password reset pages on web applications are commonly vulnerable to this kind of attack.
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment