Читать книгу CompTIA PenTest+ Certification For Dummies - Glen E. Clarke - Страница 74

1. What type of contract outlines the requirements of confidentiality between the two parties and the work being performed?

(A) SOW

(B) NDA

(C) MSA

(D) SLA

2. Bob is performing a penetration test for Company XYZ. During the planning and scoping phase, the company identified two web servers as targets for the penetration test. While scanning the network, Bob identified a third web server. When discussing this new finding with the customer, the customer states that the third server runs critical web applications and needs to be assessed as well. What is this an example of?

(A) Statement of work

(B) Master service agreement

(C) Disclaimer

(D) Scope creep

3. You are drafting the agreement for the penetration test and working on the disclaimer section. What two key points should be covered by the disclaimer? (Choose two.)

(A) Compliance-based

(B) Point-in-time

(C) WSDL document

(D) Comprehensiveness

4. What type of contract is a description of the type of job being performed, the timeline, and the cost of the job?

(A) SOW

(B) NDA

(C) MSA

(D) SLA

5. You have been hired to do the pentest for Company XYZ. You acquired proper written authorization, performed the planning and scoping phase, and are ready to start discovery. You connect your laptop to the customer network and are unable to obtain an IP address from the company DHCP server. Which of the following could be the problem?

(A) MSA

(B) SSID

(C) SOW

(D) NAC

6. You are performing the penetration test for a company and have completed the planning and scoping phase. You wish to do the pentest on the wireless networks. What scoping element would you need?

(A) MSA

(B) NDA

(C) SSID

(D) NAC

7. What type of contract is used to define the terms of the repeat work performed?

(A) MSA

(B) NDA

(C) SOW

(D) NAC

8. You drafted the agreement to perform the penetration test, and you are now looking to have the agreement signed by the customer. Who should sign the agreement on behalf of the customer?

(A) Office manager

(B) IT manager

(C) Security manager

(D) Signing authority

9. You are working on the planning and scoping of the penetration test, and you are concerned that the consultants performing the pentest will be blocked by security controls on the network. What security feature would you look to leverage to allow the pentesters’ systems to communicate on the network?

(A) Blacklisting

(B) Whitelisting

(C) NAC

(D) Certificate pinning

10. You are performing a penetration test for a company that has requested the pentest because it is processing credit card payments from customers. What type of assessment is being performed?

(A) Goal-based assessment

(B) Security-based assessment

(C) Compliance-based assessment

(D) Credit card–based assessment