Exam (elaborations)
D484 PENETRATION TESTING COURSE STUDY GUIDE WESTERN GOVERNORS’ UNIVERSITY.
- Course
- Institution
D484 PENETRATION TESTING COURSE STUDY GUIDE WESTERN GOVERNORS’ UNIVERSITY.
[Show more]
Content preview
D484 PENETRATION TESTING COURSE STUDY GUIDE WESTERNGOVERNORS’ UNIVERSITY.
1. Administrative security measures implemented to monitor the adher-
controls ence to organizational policies and procedures. Those
include activities such as hiring and termination policies,
employee training along with creating business continuity
and incident response plans.
2. Physical con- restrict, detect and monitor access to specific physical ar-
trols eas or assets. Methods include barriers, tokens, biomet-
rics or other controls such as ensuring the server room
doors are properly locked, along with using surveillance
cameras and access cards.
3. Technical or logi- automate protection to prevent unauthorized access or
cal controls misuse, and include Access Control Lists (ACL), and
Intrusion Detection System (IDS)/ Intrusion Prevention
System (IPS) signatures and antimalware protection that
are implemented as a system hardware, software, or
firmware solution.
4. What is the pri- Reduce overall risk by taking proactive steps to reduce
mary goal of Pen- vulnerabilities.
Testing?
5. Principle of Basic principle of security stating that something should
Least Privilege be allocated the minimum necessary rights, privileges, or
information to perform its role.
6. Risk Likelihood and impact (or consequence) of a threat actor
exercising a vulnerability.
7. Threat represents something such as malware or a natural dis-
aster, that can accidentally or intentionally exploit a vul-
nerability and cause undesirable results.
8. Vulnerability is a weakness or flaw, such as a software bug, system
flaw, or human error. A vulnerability can be exploited by a
threat
9. Risk Analysis is a security process used to assess risk damages that
can affect an organization.
, D484 PENETRATION TESTING COURSE STUDY GUIDE WESTERN
GOVERNORS’ UNIVERSITY.
10. Unified Threat All-in-one security appliances and agents that combine
Management the functions of a firewall, malware scanner, intrusion de-
(UTM) tection, vulnerability scanner, data loss prevention, con-
tent filtering, and so on.
11. Main steps of the Planning and scoping, Reconnaissance, Scanning, Gain-
structured Pen- ing Access, Maintaining Access, Covering Tracks, Analy-
Testing Process: sis, Reporting
12. Unauthorized A hacker operating with malicious intent.
Hacker
13. Payment Card In- Information security standard for organizations that
dustry Data Se- process credit or bank card payments.
curity Standard
(PCI DSS)
14. An organization Maintain secure infrastructure using dedicated appli-
must do the fol- ances and software to monitor and prevent attacks. Imple-
lowing in order to ment best practices like changing default passwords, edu-
protect cardhold- cating users on email safety, and continuously monitoring
er data: for vulnerabilities with updated anti-malware protection.
Enforce strict access controls through the principle of
least privilege and regularly test and monitor networks.
15. PCI DSS Level 1 Large merchant with over six million transactions a year
and external auditor by a Qualified Security Assessor
(QSA), must complete a RoC.
, D484 PENETRATION TESTING COURSE STUDY GUIDE WESTERN
GOVERNORS’ UNIVERSITY.
16. PCI DSS Level 2 merchant with one to six million transactions a year, must
complete a RoC.
17. PCI DSS Level 3 merchant with 20000 to one million transactions a year
18. PCI DSS Level 4 small merchant with under 20000 transactions a year
19. General Data Provisions and requirements protecting the personal data
Protection Regu- of European Union (EU) citizens. Transfers of personal
lation (GDPR) data outside the EU Single Market are restricted unless
protected by like-for-like regulations, such as the US's
Privacy Shield requirements.
20. GDRP Compo- Require consent, Rescind Consent, Global reach, Re-
nents: strict data collection, Violation reporting
21. Stop Hacks and is a law that was enacted in New York state in March 2020
Improve Elec- to protect citizens data. The law requires companies to
tronic Data Secu- bolster their cybersecurity defense methods to prevent a
rity (SHIELD) data breach and protect consumer data.
22. California Con- was enacted in 2020 and outlines specific guidelines
sumer Privacy on how to appropriately handle consumer data. To en-
Act (CCPA) sure that customer data is adequately protected, vendors
should include PenTesting of all web applications, internal
systems along with social engineering assessments.
23. Health Insur- is a law that mandates rigorous requirements for anyone
ance Portability that deals with patient information. Computerized elec-
and Accountabil- tronic patient records are referred to as electronic pro-
ity Act (HIPAA) tected health information (e-PHI). With HIPAA, the e-PHI
of any patient must be protected from exposure, or the
organization can face a hefty fine.
24. Open Web Appli- A charity and community publishing a number of secure
cation Security application development resources.
Project (OWASP)
25. NIST
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller saraciousstuvia. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.89. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80189 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now