AI Tools 🤖
Learn
PBQs & Labs
Python
UNLOCK ACCESS
Log In
Register

Sign in Sign up

Search for:

AI Tools 🤖
Learn
PBQs & Labs
Python
UNLOCK ACCESS
Log In
Register

Quiz 1 of 0

Exam simulator: Reporting and Communication

Anastasia-Instructor August 30, 2022

Time limit: 0

Quiz Summary

0 of 10 Questions completed

Questions:

Information

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading…

You must sign in or sign up to start the quiz.

You must first complete the following:

Results

Quiz complete. Results are being recorded.

Results

0 of 10 Questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 point(s), (0)

Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)

Categories

Not categorized 0%

Unfortunately, you didn’t pass the quiz, but hey, you have unlimited access.😎
Practice makes you perfect! 👊
Congratulations! 🥳

You have passed the quiz successfully! You are one step closer to pass the real exam!

We hope to see you again on another certification path.✌️

Good luck with the exam! Stay strong.👊

1
2
3
4
5
6
7
8
9
10

Current
Review
Answered
Correct
Incorrect

Question 1 of 10

1. Question
You are performing a penetration test that initially focused on findings the ports which are open on the SQL Server and the Apache web server. After performing a vulnerability scan, you realize that the Apache HTTP web server hosting the web application has major vulnerabilities compared to the SQL Server. Which of the following statement is the reason for communication with the customer during the penetration testing process?
- Situational awareness
- De-confliction
- Goal reprioritization
- De-escalation
Correct

Incorrect
Question 2 of 10

2. Question
You are performing a penetration test for the Acme Corporation and you found out that a number of employees use weak passwords such as ‘1234’, ‘0000’, and ‘abcd’ for their accounts. What action should they perform to fix the problem?
- Enforce minimum password requirements
- Sanitize user inputs
- Removal of unnecessary user accounts
- Not using the same password for different accounts
Correct

Incorrect
Question 3 of 10

3. Question
Which of the following term refers to the level of risk that an organization is prepared to accept in pursuit of its objectives during the pentest?
- Normalization of data
- Attestation of findings
- Disposition report
- Risk appetite
Correct

Incorrect
Question 4 of 10

4. Question
A pentester during a pentest came across a major vulnerability in a system that has the customer wide open to an attack. Then a pentester stopped the pentest immediately and talked to the stakeholder about the critical finding and to determine how to proceed. Which of the following communication triggers is explained in this scenario?
- Stages
- De-escalation
- De-confliction
- Critical findings
Correct

Incorrect
Question 5 of 10

5. Question
You are performing a pentest against the web servers of the Acme Corporation. During the pentest, you notice that the administrator is using the same password across all the accounts. What action should the customer perform to fix the problem?
- Change the passwords to a new one
- Keep the same passwords
- Use a random password generator tool
- Create new accounts and delete the existing
Correct

Incorrect
Question 6 of 10

6. Question
After completing the pentest report for your client, you are preparing the post-engagement cleanup. Which of the following action should you perform during the post-engagement cleanup? (Choose all that apply.)
- Remove rules on the firewall
- Remove shells
- Remove tools
- Remove tester-created credentials
- Remove network adapters
Correct

Incorrect
Question 7 of 10

7. Question
Students at examsdigest.com log in using their username and password. As this method has security issues, ExamsDigest’s team is looking for solutions to increase the security of the login system by requiring students to provide more evidence to prove their identity. Which of the following authentication methods does ExamsDigest need to implement?
- Privilege management
- Single sign-on
- Multifactor authentication
- Active defense
Correct

Incorrect
Question 8 of 10

8. Question
Many web applications using databases in their tech stack to retrieve and display data for their users. Hackers can exploit these applications by performing SQL injection attacks. Which of the following remediation should perform FIRST in order to fix a web application that belongs to this category?
- Sanitize user input
- Implement multifactor authentication
- Randomize credentials
- Encrypt the passwords
Correct

Incorrect
Question 9 of 10

9. Question
You have been hired to perform a pentest for the Acme Corporation. A part of the process is to assess the web applications if it is vulnerable to SQL injection attacks and to assess the database which is connected with the web app. During the pentest, you notice that the database stores customer’s data and passwords in plain text. Which of the following remediation step should the Acme Corporation follow to fix the issue?
- Sanitize user input
- Encrypt the passwords
- Randomize credentials
- Implement multifactor authentication
Correct

Incorrect
Question 10 of 10

10. Question
Which of the following is the NEXT step after presenting the findings and report to your customer who is satisfied with the result of the pen test?
- Post-engagement cleanup
- Client acceptance
- Attestation of findings
- Lessons learned
Correct

Incorrect