Section1

Question 1

Regulations

Answer 1

Legally binding mandates which demands strict adherence to data protection rules

Question 2

GDPR - general data protection regulation

Answer 2

Imposes strict rules on data processing and movement within the EU and for businesses or a company dealing with EU citizens data.

Fines up to 4% or 20 million euros

Question 3

GLBA - Gramm-Leach-Bliley Act

Answer 3

Financial service act of 1999

Protect privacy of individuals, financial information held by financial institutions.

Includes encryption, security audits, sec measures

Question 4

HIPAA- health insurance portability and accountability act

Answer 4

Fiscal, admin, technical safeguards.

Regulates confidentiality, and security of healthcare information

Encryption, secure access controls and reg audits

Fines: 100$ -50k. Max pen 1.5m per year

Question 5

PCI DSS - payment card, industry, data security standard

Answer 5

For credit cards/payments

Secure networks, implementing strong, access control, conducting regular network, monitoring, and testing

5k - 100k per month until fixed

Question 6

ISO / IEC 27000 series

Answer 6

Specifications for implementing maintaining and improving IT security management systems

Mitigate legal risks, build customer trust

Question 7

Stakeholder alignment

Answer 7

Ensures that everyone understands the objectives, timelines and outcomes of a pen test

Question 8

Types of Assessments

Answer 8

Network
Wireless
Application
Mobile
Web
Cloud
API

Question 9

Network assessment

Answer 9

Network topology
Firewall configs
Security policies

Question 10

Wireless assessments

Answer 10

Simulate attacks on wireless networks to understand security issues and provide recommendations

Question 11

App assessments

Answer 11

Code audits
Old Dependency audits
App configs

Question 12

Mobile assessments

Answer 12

Check data leaks
Improper session handling
Insecure data storage

Question 13

Web assessments

Answer 13

Look for SQL injection, cross, side, scription, security misconfiguration

Question 14

Cloud assessments

Answer 14

Check cloud configurations and compliance

Question 15

API assessments

Answer 15

Check authentication, authorization, data handling practices

Question 16

Types of agreements

Answer 16

NDA
MSI master service agreements
SOW statements of work
TOS terms of service

Question 17

MSA master serv agreement

Answer 17

Project scope
Payment details
Confidentiality clauses
Liability issues

Question 18

Statement of work SOW

Answer 18

Outline objectives, deliverables, scope of work, timelines, payment schedules, and responsibilities of each party

Question 19

Legal and ethical considerations overview

Answer 19

Authorization letters
Mandatory reporting requirements
Potentials risks to pentester
Establish escalation path

Question 20

Authorization letter

Answer 20

Formally grant’s permissions to pentester to conduct a simulated cyber attack against organizations systems

Question 21

Mandatory reporting

Answer 21

Dictate how and when findings should be disclosed

Question 22

Risks to tester

Answer 22

1.Conduct thorough risk assessment
2.implement precautionary measures to protect system
3.establish mutual understanding with client

Question 23

Escalation path

Answer 23

Outline chain of command.

Mitigates: operation interference, system, interference, accidental breach of data

Question 24

Rules of engagement overview

Answer 24

Exclusions
Test cases
Test window
Goal reprioritization
Business impact analysis

Question 25

Exclusions

Answer 25

Specifically designated areas out of scope and off-limits

Question 26

Test cases

Answer 26

Predefined scenarios to evaluate the security of a system

Question 27

Test window

Answer 27

Time frame to run test

Question 28

Goal reprioritization

Answer 28

Change goals based on findings

Question 29

IP address

Answer 29

Nodes within network or on internet

Question 30

Shared responsibility model

Answer 30

Laid out different rules and responsibilities of stakeholders involved in keeping a hosted environment secure

Question 31

Building model actors

Answer 31

Hosting providers customers penetration testers third party service providers

Question 32

Hosting providers

Answer 32

Secure infrastructure that runs services offered to customers

Question 34

Target selection 4.

Answer 34

CIDR ranges Domains IPs URLs

Question 35

CIDR - classless inter-domain Routing

Answer 35

Method used to allocate IP addresses and route Internet

Question 36

Cloud security out of the box from cloud providers

Answer 36

AWS - AWS trusted advisor and AWS inspector Azure - azure security center and azure advisor GCP - cloud security command center and cloud Armo

Question 37

Before cloud pen testing

Answer 37

Notify service provider

Question 38

3rd party shared responsibility

Answer 38

Software vendors External consultants Partners

Question 39

MITRE ATTACK framework - adversarial tactics techniques Who funds?

Answer 39

Funded by the US computer, emergency readiness team, and the US Department of Homeland security.

Question 40

MITRE tailored models

Answer 40

Enterprise Mobile Cloud And different operating systems

Question 41

MITRE categories

Answer 41

Initial access execution, persistence, privilege escalation, defense, evasion

Question 42

Mitre - initial access category

Answer 42

Spear phishing Drive by compromise

Question 43

Spearphishing

Answer 43

Targeted emails with malicious attachment

Question 45

CIDR block for 192.168.100.0/24

Answer 45

192.168.100.1 - 192.168.100.254

Question 46

Domains

Answer 46

Human readable addresses

Question 48

OWASP ACRONYM

Answer 48

Open Web application security project

Question 49

OWASP general info

Answer 49

Non profit OWASP top 10 - 10 most common vulns

Question 50

OWASP top ten

Answer 50

Broken access control Cryptographic failures Injections Insecure design Sec misconfigurations Outdated components/packages Auth failure Data integrity failure Logging failures SSRF - server-side request forgery

Question 51

Broken access control

Answer 51

Users can access what they shouldn’t be able to

Question 52

Cryptographic failures

Answer 52

Failures related to managing sensitive data securely

Question 53

Injection flaws

Answer 53

SQL, no SQL, command injection

Question 54

MASVS acronym

Answer 54

Mobile application, security verification standard

Question 55

MASVS control groups

Answer 55

MASVS-XXXXX

Question 56

MASVS-STORAGE

Answer 56

Focus on secure storage of sensitive data

Question 57

MASVS-CRYPTO

Answer 57

Cryptographic measures

Question 58

MASVS-AUTH

Answer 58

Ensure strong mechanism to verify user identities and grant appropriate access rate rates

Question 59

MASVS-NETWORK

Answer 59

Security of communication between mobile app and endpoints such as TLS/SSL

Question 60

MASVS-PLATFORM

Answer 60

Focus on how securely app interacts with underlying mobile platform and other apps on same device

Question 61

MASVS-CODE

Answer 61

Secured development of apps code

Question 62

MASVS-RESILIENCE

Answer 62

Ability to withstand and respond to reverse engineering and tampering

Question 63

MASVS-PRIVACY

Answer 63

Implements privacy controls that align with laws and regulations

Question 64

MASVS checklist OWASP

Answer 64

Mobile application, security testing guide (MASTG) MAS Checklist

Question 65

PTES acronym

Answer 65

Penetration testing execution standard

Question 66

PTES - general info

Answer 66

Framework to conduct thorough and effective penetration tests

Question 67

PTES - pre-engagement interactions

Answer 67

First communication and the reason for conducting a penetration test. Time estimation, scoping, additional support, questionnaires, scope, creep, start and end dates, IP ranges and domains, dealing with third parties, acceptable, social engineering, goals, lines of communication, emergency, contact information, rules of engagement, technology in place

Question 69

PTES - Information gathering 3

Answer 69

Compliance driven best practice state sponsored Open source intelligence Footprinting - maps network env

Question 71

PTES - threat modeling

Answer 71

Understanding business assets and processes that need protection and the threats and they’re capabilities

Question 73

CREST defensible penetration test guidelines CDPT - general

Answer 73

Established a standard for conducting penetration tests with a clear structured approach

Question 74

Council of registered ethical security testers (CREST)

Answer 74

An organization of security companies that sets rigorous standards for cyber security services

Question 75

How many companies in CREST

Answer 75

Over 300

Question 76

How to become crest certified?

Answer 76

Extensive audit and accreditation process

Question 77

CREST purpose

Answer 77

Find highly qualified individuals and companies for penetration testing