Page 1 of 144
D484 / D 484 FINAL EXAMS (LATEST
UPDATES STUDY BUNDLE PACKAGE WITH SOLUTIONS)
PENETRATION TESTING | QUESTIONS AND ANSWERS
| GRADE A | 100% CORRECT (VERIFIED SOLUTIONS) -
WGU
A security professional is researching the latest vulnerabilities
that have been released. Where is a good resource they can go
to in order to look at these?
A.CVSS
B.CVE
C.NVD
D.ISSAF
.....ANSWER.....C.NVD
,Page 2 of 144
To learn more about the vulnerabilities, you can often click on
CVE names, which have hyperlinks to the record in the National
Vulnerability Database (NVD). Once there, you can read more
details.
A new penetration tester is creating a strategy for their first
upcoming process and wants to follow the standard process.
What step takes place after planning?
A.Scanning
B.Recon
C.Gaining access
D.Analysis
.....ANSWER.....B.Recon
A marketing coordinator meets with many high-profile companies
to discuss penetration testing engagements. Which of the
,Page 3 of 144
following is NOT something they might want to show to ensure
confidence and trust in their team?
A.Credentials
B.Pre-Discovered information
C.Background check
D.Clearances
.....ANSWER.....B.Pre-Discovered information
Penetration testing companies should never do work before
entering into an agreement including scope. This could possibly
lead to prosecution.
PTES .....ANSWER.....The Penetration Testing Execution Standard
(PTES) has seven main sections that provide a comprehensive
overview of the proper structure of a complete PenTest. Some of
the sections include details on topics such as pre-engagement
, Page 4 of 144
interactions, threat modeling, vulnerability analysis, exploitation,
and reporting.
ISSAF .....ANSWER.....The ISSAF contains a list of 14 documents
that relate to PenTesting, such as guidelines on business continuity
and disaster recovery along with legal and regulatory
compliance.
A penetration tester has been contracted to do a test for a
hospital and is looking at computerized electronic patient
records. What are these referred to as?
A.HIPAA
B.e-PHI
C.CCPA
D.GDPR
.....ANSWER.....B.e-PHI
D484 / D 484 FINAL EXAMS (LATEST
UPDATES STUDY BUNDLE PACKAGE WITH SOLUTIONS)
PENETRATION TESTING | QUESTIONS AND ANSWERS
| GRADE A | 100% CORRECT (VERIFIED SOLUTIONS) -
WGU
A security professional is researching the latest vulnerabilities
that have been released. Where is a good resource they can go
to in order to look at these?
A.CVSS
B.CVE
C.NVD
D.ISSAF
.....ANSWER.....C.NVD
,Page 2 of 144
To learn more about the vulnerabilities, you can often click on
CVE names, which have hyperlinks to the record in the National
Vulnerability Database (NVD). Once there, you can read more
details.
A new penetration tester is creating a strategy for their first
upcoming process and wants to follow the standard process.
What step takes place after planning?
A.Scanning
B.Recon
C.Gaining access
D.Analysis
.....ANSWER.....B.Recon
A marketing coordinator meets with many high-profile companies
to discuss penetration testing engagements. Which of the
,Page 3 of 144
following is NOT something they might want to show to ensure
confidence and trust in their team?
A.Credentials
B.Pre-Discovered information
C.Background check
D.Clearances
.....ANSWER.....B.Pre-Discovered information
Penetration testing companies should never do work before
entering into an agreement including scope. This could possibly
lead to prosecution.
PTES .....ANSWER.....The Penetration Testing Execution Standard
(PTES) has seven main sections that provide a comprehensive
overview of the proper structure of a complete PenTest. Some of
the sections include details on topics such as pre-engagement
, Page 4 of 144
interactions, threat modeling, vulnerability analysis, exploitation,
and reporting.
ISSAF .....ANSWER.....The ISSAF contains a list of 14 documents
that relate to PenTesting, such as guidelines on business continuity
and disaster recovery along with legal and regulatory
compliance.
A penetration tester has been contracted to do a test for a
hospital and is looking at computerized electronic patient
records. What are these referred to as?
A.HIPAA
B.e-PHI
C.CCPA
D.GDPR
.....ANSWER.....B.e-PHI
