Exam (elaborations)
WGU Penetration Testing D484 test with complete verified solutions.
- Course
- Institution
WGU Penetration Testing D484 test with complete verified solutions.
[Show more]
Content preview
WGU Penetration Testing D484test with complete verified
solutions
Administrative controls
security measures implemented to monitor the adherence to
organizational policies and procedures. Those include activities such as
hiring and termination policies, employee training along with creating
business continuity and incident response plans.
Physical controls
restrict, detect and monitor access to specific physical areas or assets.
Methods include barriers, tokens, biometrics or other controls such as
ensuring the server room doors are properly locked, along with using
surveillance cameras and access cards.
Previous
Play
Next
Rewind 10 seconds
Move forward 10 seconds
Unmute
0:00
/
0:15
Full screen
Brainpower
Read More
Technical or logical controls
automate protection to prevent unauthorized access or misuse, and
include Access Control Lists (ACL), and Intrusion Detection System
(IDS)/ Intrusion Prevention System (IPS) signatures and antimalware
,protection that are implemented as a system hardware, software, or
firmware solution.
What is the primary goal of PenTesting?
Reduce overall risk by taking proactive steps to reduce vulnerabilities.
Principle of Least Privilege
Basic principle of security stating that something should be allocated the
minimum necessary rights, privileges, or information to perform its role.
Risk
Likelihood and impact (or consequence) of a threat actor exercising a
vulnerability.
Threat
represents something such as malware or a natural disaster, that can
accidentally or intentionally exploit a vulnerability and cause undesirable
results.
Vulnerability
is a weakness or flaw, such as a software bug, system flaw, or human
error. A vulnerability can be exploited by a threat
Risk Analysis
is a security process used to assess risk damages that can affect an
organization.
Unified Threat Management (UTM)
All-in-one security appliances and agents that combine the functions of a
firewall, malware scanner, intrusion detection, vulnerability scanner, data
loss prevention, content filtering, and so on.
Main steps of the structured PenTesting Process:
Planning and scoping, Reconnaissance, Scanning, Gaining Access,
Maintaining Access, Covering Tracks, Analysis, Reporting
, Unauthorized Hacker
A hacker operating with malicious intent.
Payment Card Industry Data Security Standard (PCI DSS)
Information security standard for organizations that process credit or
bank card payments.
An organization must do the following in order to protect cardholder data:
Maintain secure infrastructure using dedicated appliances and software to
monitor and prevent attacks. Implement best practices like changing
default passwords, educating users on email safety, and continuously
monitoring for vulnerabilities with updated anti-malware protection.
Enforce strict access controls through the principle of least privilege and
regularly test and monitor networks.
PCI DSS Level 1
Large merchant with over six million transactions a year and external
auditor by a Qualified Security Assessor (QSA), must complete a RoC.
PCI DSS Level 2
merchant with one to six million transactions a year, must complete a RoC.
PCI DSS Level 3
merchant with 20000 to one million transactions a year
PCI DSS Level 4
small merchant with under 20000 transactions a year
General Data Protection Regulation (GDPR)
Provisions and requirements protecting the personal data of European
Union (EU) citizens. Transfers of personal data outside the EU Single
Market are restricted unless protected by like-for-like regulations, such as
the US's Privacy Shield requirements.
GDRP Components:
Require consent, Rescind Consent, Global reach, Restrict data collection,
Violation reporting
Stop Hacks and Improve Electronic Data Security (SHIELD)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller BRAINBOOSTERS. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
83637 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now