1 $What is the primary objective of the Planning and Scoping phase in penetration testing?$

A.

To perform active scanning of the network perimeter

B.

To generate the final report for the stakeholders

C.

To exploit known vulnerabilities in the target system

D.

To define the rules of engagement, objectives, and boundaries of the test

2 $Which of the following best describes a Black Box penetration test?$

A.

The tester works alongside the internal security team to audit systems

B.

The tester has full knowledge of the network infrastructure and source code

C.

The tester has zero prior knowledge of the target system, simulating an external attacker

D.

The tester has partial knowledge, such as user credentials but no network diagrams

3 $In the context of the CIA Triad, penetration testing primarily seeks to ensure that security controls maintain:$

A.

Compliance, Inspection, and Auditing

B.

Confidentiality, Integrity, and Availability

C.

Cost, Insurance, and Assessment

D.

Control, Identity, and Authorization

4 $Which document is essential to obtain before starting any penetration testing activities to avoid legal liability?$

A.

Written Authorization (Get Out of Jail Free card)

B.

Service Level Agreement (SLA)

C.

Software License Agreement

D.

Vulnerability Scan Report

5 $In a White Box penetration test, which of the following is typically provided to the tester?$

A.

Only the company name

B.

Physical access badges only

C.

Only a URL to the public website

D.

Network diagrams, source code, and IP addressing schemes

6 $What distinguishes a Vulnerability Assessment from a Penetration Test ?$

A.

Vulnerability assessments identify potential flaws; penetration tests attempt to exploit them to verify risk

B.

There is no difference; the terms are interchangeable

C.

Vulnerability assessments take longer to complete than penetration tests

D.

Vulnerability assessments are manual; penetration tests are automated

7 $Which regulatory standard applies specifically to organizations handling credit card information ?$

A.

FERPA

B.

HIPAA

C.

PCI-DSS

D.

GDPR

8 $According to the PTES (Penetration Testing Execution Standard), which phase immediately follows Pre-engagement Interactions?$

A.

Exploitation

B.

Reporting

C.

Intelligence Gathering

D.

Post-Exploitation

9 $What is the purpose of the Rules of Engagement (RoE) document?$

A.

To detail the cost and payment terms of the contract

B.

To define how the test will be conducted, constraints, timeline, and communication channels

C.

To list the specific exploits that will be used

D.

To report the findings of the test after completion

10 $Which of the following implies a Gray Box testing approach?$

A.

The tester has Administrator access to all servers

B.

The tester audits the physical security of the building only

C.

The tester has no knowledge of the system

D.

The tester acts as an authenticated user with limited knowledge of the backend

11 $When defining Scope, what does the term "Out-of-Scope" refer to?$

A.

Vulnerabilities that cannot be patched

B.

Systems that have critical vulnerabilities

C.

Assets or systems that must explicitly not be tested or touched

D.

Tools that the tester is not allowed to use

12 $Which type of team is responsible for defending the network during a penetration test exercise?$

A.

Purple Team

B.

Blue Team

C.

White Team

D.

Red Team

13 $What is a Purple Team exercise?$

A.

A test conducted strictly by government auditors

B.

A test focused solely on wireless networks

C.

A physical security assessment combined with social engineering

D.

A collaborative effort where Red and Blue teams work together to improve detection and defense

14 $In the context of Risk Management, how is Risk typically calculated conceptually?$

A.

B.

C.

D.

15 $Which standard is specifically known as the Open Source Security Testing Methodology Manual ?$

A.

NIST SP 800-115

B.

OWASP

C.

ISO 27001

D.

OSSTMM

16 $Why is Passive Reconnaissance preferred in the early stages of a stealthy penetration test?$

A.

It generates a large amount of network traffic

B.

It exploits vulnerabilities immediately

C.

It involves direct interaction with the target system

D.

It relies on public information and does not alert the target's IDS/IPS

17 $What is a critical Environmental Consideration when planning a penetration test on a SCADA or Industrial Control System (ICS)?$

A.

These systems are always connected to the internet

B.

These systems are usually robust and can handle heavy scanning traffic

C.

These systems are often fragile; active scanning may cause physical damage or safety hazards

D.

These systems handle high-speed video streaming

18 $Which US regulation requires healthcare organizations to secure Protected Health Information (PHI)?$

A.

GLBA

B.

FISMA

C.

HIPAA

D.

SOX

19 $During the Scoping phase, why is it important to identify Third-Party providers (e.g., Cloud hosts, ISPs)?$

A.

To ask them for free software

B.

To hack them instead of the client

C.

To ensure they are ignored completely

D.

To obtain necessary permission, as testing their infrastructure without consent is illegal

20 $What is the NIST Special Publication that acts as a Technical Guide to Information Security Testing and Assessment?$

A.

NIST SP 800-30

B.

NIST SP 800-37

C.

NIST SP 800-53

D.

NIST SP 800-115

21 $Which test type focuses on the human element of security?$

A.

Social Engineering

B.

SQL Injection

C.

Network Sniffing

D.

Buffer Overflow

22 $In the context of scoping, what is a Blackout Window ?$

A.

A specific time period where no testing is allowed due to critical business operations

B.

A period when the power is turned off

C.

A tool used to block network traffic

D.

The time when Black Box testing is conducted

23 $What is the main advantage of an Internal penetration testing team?$

A.

They are cheaper than automated tools

B.

They do not require any rules of engagement

C.

They bring a completely unbiased external perspective

D.

They have deep contextual knowledge of the organization's culture and systems

24 $Which phase involves cleaning up artifacts, removing user accounts created during the test, and restoring settings?$

A.

Pre-engagement

B.

Vulnerability Mapping

C.

Post-Exploitation / Restoration

D.

Reconnaissance

25 $Which organization manages the Common Vulnerability Scoring System (CVSS) ?$

A.

FIRST.org

B.

FBI

C.

Google

D.

NSA

26 $If a client requests a penetration test but forbids the use of automated scanners to prevent noise, this constraint is part of:$

A.

The CVSS score

B.

The invoice

C.

The Rules of Engagement (RoE)

D.

The Post-Mortem

27 $Which of the following is an example of Open Source Intelligence (OSINT) ?$

A.

Scanning the target's firewall ports

B.

Intercepting internal phone calls

C.

Cracking the Wi-Fi password

D.

Looking up employee email addresses on LinkedIn

28 $What is the difference between Production and Staging environments in the context of scoping?$

A.

Production is for developers; Staging is for customers

B.

Production is live data; Staging is a replica for testing

C.

There is no difference

D.

Staging is more secure than Production

29 $Which legal concept requires the pentester to keep client findings secret?$

A.

Non-Disclosure Agreement (NDA)

B.

Chain of Custody

C.

Statement of Work (SOW)

D.

Indemnification Clause

30 $In the OWASP Top 10, what does OWASP stand for?$

A.

Official Wireless Access Security Protocol

B.

Open Web Application Security Project

C.

Organization for Web Authentication and Security Pentesters

D.

Online Wide Assessment of Security Procedures

31 $What is the primary goal of Physical Penetration Testing ?$

A.

To access the facility, server room, or workstations physically to compromise security

B.

To ensure the website loads fast

C.

To test the firewall throughput

D.

To check if the air conditioning is working

32 $Which term describes a limitation where the tester cannot perform Denial of Service (DoS) attacks?$

A.

White Box Requirement

B.

Rules of Engagement Constraint

C.

Compliance Failure

D.

Scope Creep

33 $During the planning phase, defining Communication Paths ensures:$

A.

The tester can ask the client for passwords

B.

The tester can blog about the findings

C.

The client knows who to contact if the test causes a critical outage

D.

The media is informed of the test

34 $What is Scope Creep ?$

A.

The process of analyzing results

B.

A method of physical entry

C.

The gradual expansion of the project's goals or boundaries beyond the original agreement

D.

A type of slow network scan

35 $Which testing methodology focuses heavily on the business logic and data flow?$

A.

Network Layer Testing

B.

Physical Testing

C.

Wireless Testing

D.

Application Logic Testing

36 $ISO/IEC 27001 is a standard for:$

A.

Information Security Management Systems (ISMS)

B.

Medical Record Storage

C.

Payment Card Processing

D.

Wireless Encryption

37 $In a Double-Blind test:$

A.

Both the tester and the client know everything

B.

The tester knows nothing, and the client's security team is unaware of the test

C.

Two testers work simultaneously

D.

The test is done twice

38 $What is the Statement of Work (SOW) ?$

A.

A formal document defining the timeline, deliverables, and payment for the project

B.

A list of vulnerabilities found

C.

A code snippet used for exploitation

D.

A manual for the testing software

39 $If a pentester discovers evidence of a previous, ongoing criminal compromise during a test, what should they do?$

A.

Include it in the final report next month

B.

Hack the criminal back

C.

Stop the test immediately and notify the client's point of contact

D.

Delete the evidence to clean the system

40 $Which of the following is an example of Active Reconnaissance ?$

A.

Reading employee blogs

B.

Port scanning using Nmap

C.

Searching WHOIS records

D.

Browsing the company website

41 $What does FEDRAMP standardize?$

A.

Password complexity rules

B.

Credit Card processing fees

C.

European data privacy

D.

Security assessment and authorization for cloud products used by US federal agencies

42 $Which scanning type identifies open ports and services?$

A.

Social Engineering

B.

Phishing

C.

Vulnerability Scanning

D.

Port Scanning

43 $In the context of the Cyber Kill Chain, which phase corresponds to the actual execution of malicious code on the target?$

A.

Exploitation

B.

Reconnaissance

C.

Weaponization

D.

Actions on Objectives

44 $Why is Shodan a relevant tool in the planning phase?$

A.

It cracks passwords

B.

It generates reports

C.

It is a virus scanner

D.

It is a search engine for Internet-connected devices

45 $What is Lateral Movement ?$

A.

Exfiltrating data out of the network

B.

Moving deeper into a network from a compromised host to access other resources

C.

Escalating privileges on a single machine

D.

Moving physically from one office to another

46 $A Targeted Testing approach generally means:$

A.

Testing only on weekends

B.

The IT team and the pentester work together to test a specific system

C.

Testing without any authorization

D.

Random testing of all systems

47 $Which of the following represents a Technical constraint in scoping?$

A.

Legal restrictions

B.

Budget limitations

C.

Holiday schedules

D.

Bandwidth limitations or unstable network connections

48 $What is the primary focus of GDPR compliance testing?$

A.

Protecting the privacy and personal data of EU citizens

B.

Securing medical devices

C.

Ensuring credit card transactions are fast

D.

Protecting US Government Data

49 $When is the Chain of Custody relevant in penetration testing?$

A.

When ordering lunch

B.

When writing the invoice

C.

When handling physical evidence or forensic data found during a test

D.

When scheduling the test

50 $Mathematically, in the CVSS v3.1 equations, the Base Score is a function of:$

A.

B.

C.

D.

Unit 1 - Practice Quiz