CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
Comptia Pentest+ 2023 Questions and answer - Part 12
1. Which one of the following protocols should never be used on a public network?
A) Telnet
B) SFTP
C) HTTPS
D) SSH
2. Which one of the following terms is not typically used to describe the connection of physical devices to a network?
A) ICS
B) SCADA
C) IoT
D) IDS
3. When preparing a penetration test report, the following are recommended as best practice, except _______________.
A) Omission of findings lower than 3.0 on the CVSS 3.0
B) Reduction of redundancy and streamlining of data presented
C) Verification and full documentation of findings
D) Robust accounting of testing methodology
4. Which of the following components of a written penetration test report is meant to provide a high-level overview of findings without getting too wrapped up in technical details?
A) Risk Ratings
B) Methodology
C) Executive Summary
D) Conclusion
5. Which of the following options defines the term -risk appetite with regard to information security?
A) The ability or willingness of an organization to withstand the effects of any events or situations that adversely affect its business assets, such as computer systems or networks
B) The amount and kinds of risk an organization is willing to accept in its information system-s environment
C) A key factor that helps an organization determine if a penetration test is a financially supportable business expense
D) An organization-s understanding and acceptance of the likelihood and impact of a specific threat on its systems or networks
A) Telnet
B) SFTP
C) HTTPS
D) SSH
2. Which one of the following terms is not typically used to describe the connection of physical devices to a network?
A) ICS
B) SCADA
C) IoT
D) IDS
3. When preparing a penetration test report, the following are recommended as best practice, except _______________.
A) Omission of findings lower than 3.0 on the CVSS 3.0
B) Reduction of redundancy and streamlining of data presented
C) Verification and full documentation of findings
D) Robust accounting of testing methodology
4. Which of the following components of a written penetration test report is meant to provide a high-level overview of findings without getting too wrapped up in technical details?
A) Risk Ratings
B) Methodology
C) Executive Summary
D) Conclusion
5. Which of the following options defines the term -risk appetite with regard to information security?
A) The ability or willingness of an organization to withstand the effects of any events or situations that adversely affect its business assets, such as computer systems or networks
B) The amount and kinds of risk an organization is willing to accept in its information system-s environment
C) A key factor that helps an organization determine if a penetration test is a financially supportable business expense
D) An organization-s understanding and acceptance of the likelihood and impact of a specific threat on its systems or networks
1. Right Answer: A
Explanation: Telnet is an insecure protocol that does not make use of encryption. The other protocols mentioned are all considered secure.
2. Right Answer: B
Explanation: Intrusion Detection Systems (IDSs) are a security control used to detect network or host attacks. The Internet of Things (IoT), Supervisory Control And Data Acquisition (SCADA) systems, and Industrial Control Systems (ICSs) are all associated with connecting physical world objects to a network.
3. Right Answer: A
Explanation: Omission of any findings would be unethical and counterproductive to the purpose of a penetration test.
4. Right Answer: C
Explanation: The component described is the executive summary. As hinted in the name, the executive summary aims to provide a 50,000-foot view of the penetration test report without relying on technical terms that may not mean anything to readers.
5. Right Answer: B
Explanation: Risk appetite is defined as the amount and kinds of risk an organization is willing to accept, and can be expected to drive much of the organization-s decision making when pursuing mitigation techniques for vulnerabilities discovered during a penetration test.
Explanation: Telnet is an insecure protocol that does not make use of encryption. The other protocols mentioned are all considered secure.
2. Right Answer: B
Explanation: Intrusion Detection Systems (IDSs) are a security control used to detect network or host attacks. The Internet of Things (IoT), Supervisory Control And Data Acquisition (SCADA) systems, and Industrial Control Systems (ICSs) are all associated with connecting physical world objects to a network.
3. Right Answer: A
Explanation: Omission of any findings would be unethical and counterproductive to the purpose of a penetration test.
4. Right Answer: C
Explanation: The component described is the executive summary. As hinted in the name, the executive summary aims to provide a 50,000-foot view of the penetration test report without relying on technical terms that may not mean anything to readers.
5. Right Answer: B
Explanation: Risk appetite is defined as the amount and kinds of risk an organization is willing to accept, and can be expected to drive much of the organization-s decision making when pursuing mitigation techniques for vulnerabilities discovered during a penetration test.
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment