Solution Manual For CompTIA PenTest+ Guide to Penetration Testing 1st Edition by Rob Wilson Module 1-13

Document Content and Description Below

Solution Manual For CompTIA PenTest+ Guide to Penetration Testing 1st Edition by Rob Wilson Module 1-13-1. What are two other terms for penetration testing? a. Vulnerability testing b. Pen testing ... c. Ethical hacking d. Blue teaming Answer: b, c Penetration testing is also known as pen testing or ethical hacking and is an authorized series of security-related, non-malicious ―attacks‖ on targets such as computing devices, applications, or an organization‘s physical resources and personnel. 2. The purpose of pen testing is to discover vulnerabilities in targets so that these vulnerabilities can be eliminated or mitigated. a. True b. False Answer: a The purpose of pen testing is to discover vulnerabilities in targets so that the vulnerabilities can be eliminated or mitigated before a threat actor with malicious intent exploits them to cause damage to systems, data, and the organization that owns them. 3. Pen testing should be performed under which of the following circumstances? Choose all that apply. a. A new computer system has been installed. b. A new software system or an update to a software system has been installed. c. Following a regular schedule to make sure no unknown changes have impacted security. d. Performed as dictated by compliance standards such as PCI DSS. Answer: a, b, c, d 2 Pen testing should be performed as a regular practice, to meet compliance standards, and after a major change in a computing environment, such as the installation of a new computer system, application, or update. 4. Which of the following are possible targets for penetration testing? a. Web application. b. Computer. c. Staff. d. All of these are correct. Answer: d Web applications and other software, computers and related systems, and staff or other personnel can be targets for penetration testing. 5. The targets under test and the actions that a pen tester is allowed to perform need to be well-defined, documented, and agreed upon by all parties before pen testing begins. True or false? a. True b. False Answer: a Because pen-testing activities are the same as illegal hacking activities, though with different goals, the pen-testing targets and actions must be well-defined, documented, and agreed upon by all parties before pen testing begins. 6. Use your favorite search engine to research bug bounties. Find three different bug bounties that were paid, and in a one-page report, summarize these bounties. Make sure to include the vulnerability details, the organization that paid the bounty, and how much they paid. Answers will vary, but a good report will follow the instructions and have exactly three bug bounty examples. It will also describe the vulnerability details, the organization that paid the bounty, and the amount. 7. The CIA triad expresses how the cornerstones of confidentiality, integrity, and accessibility are linked together to provide security for computer systems and their data. a. True b. False Answer: a In the CIA triad, confidentiality of information dictates that an object should only be accessible to authorized entities. Integrity of information or systems ensures that an object has not been corrupted or destroyed by unauthorized entities. Availability requires that objects and services must be accessible to authorized entities when needed and should not be made unavailable by threat actors or system failures. 8. Which triad is the antithesis of the CIA triad? a. BAD b. SAD c. ADD d. DAD [Show More]

Last updated: 2 months ago

Preview 5 out of 72 pages