Читать книгу CompTIA PenTest+ Certification For Dummies - Glen E. Clarke - Страница 75

Answers

Оглавление

1 B. A non-disclosure agreement (NDA) is designed to outline the requirements of confidentiality between two parties and the work performed. See “Understanding Key Legal Concepts.”

2 D. Scope creep is when the scope of the project is modified as the project is being performed. Review “Scope creep.”

3 B, D. The disclaimer should cover the fact that the pentest is a point-in-time assessment and stress that the comprehensiveness of the assessment is based on the scope. Check out “Understanding Key Legal Concepts.”

4 A. The statement of work (SOW) is a description of the work being performed, includes the timeline for the project, and contains a breakdown of the cost for the project. Peruse “Understanding Key Legal Concepts.”

5 D. Network access control (NAC) is a suite of technologies that limits connections to the network based on health criteria. Take a look at “Defining Targets for the PenTest.”

6 C. The SSIDs of the wireless network should be identified during the planning and scoping phase so that you can be sure you have authorization to perform the assessment on the correct wireless networks. Peek at “Defining Targets for the PenTest.”

7 A. The master service agreement (MSA) is used when repeat engagements occur. It contains the terms of the work being performed and is referenced from the statement of work (SOW). Look over “Understanding Key Legal Concepts.”

8 D. The signing authority for the company, such as the business owner, should sign the agreement as proof of authorization. Study “Understanding Key Legal Concepts.”

9 B. Whitelisting is a method to allow systems to access network resources and bypass the security controls. Whitelisted systems and applications are considered authorized systems and applications, as opposed to blacklisted systems, which are non-authorized components. Peek at “Defining Targets for the PenTest.”

10 C. A compliance-based assessment is an assessment that is driven by the need to be compliant with laws and regulations that are governing an organization. See “Conducting Compliance-based Assessments.”

CompTIA PenTest+ Certification For Dummies

Подняться наверх