IT Questions Bank Mar 16, 2020 Last Updated: Jun 29, 2023 No Comments Share Tweet Share Pin it IT Questions Bank › Category: Ethical HackerA company hires a cybersecurity consultant to assess vulnerability on crucial web application devices such as web and database servers. Which document should the company provide to help the consultant document and define what systems are in the testing?ITExamAnswers asked 10 months ago • Ethical HackerA company hires a cybersecurity consultant to assess applications using different APIs. Which document should the company provide to the consultant about a query language for APIs and a language for executing queries at runtime?ITExamAnswers asked 10 months ago • Ethical HackerA company hires a cybersecurity consultant to assess applications using different APIs. Which document should the company provide to the consultant about an XML-based language used to document a web service’s functionality?ITExamAnswers asked 10 months ago • Ethical HackerA company hires a cybersecurity consultant to perform penetration tests and review the rules of engagement documents. The consultant notices that one element specifies that the tests should be performed toward only web applications on websites www1.company.com and www2.company.com, with no social engineering attacks and no cross-site scripting attacks. Which element in the document is used for the specification?ITExamAnswers asked 10 months ago • Ethical HackerA company hires a cybersecurity consultant to perform penetration tests and review the rules of engagement documents. What are three examples of typical elements in the rules of engagement document? (Choose three.)ITExamAnswers asked 10 months ago • Ethical HackerA company hires a cybersecurity consultant to perform penetration testing to assess government regulation compliance. The consultant is preparing the final report after the penetration testing is completed. In which section of the report should the consultant cover the limitation of the work performed, such as the only dates when the testing is performed and that the findings mentioned in the report do not guarantee that all vulnerabilities are covered?ITExamAnswers asked 10 months ago • Ethical HackerA company hires a cybersecurity consultant to perform penetration testing to assess government regulation compliance. Which document must the consultant receive that specifies the agreement between the consultant and the company for the penetration testing engagement?ITExamAnswers asked 10 months ago • Ethical HackerA company hires a cybersecurity consultant to perform penetration testing to assess government regulation compliance. The company wants the consultant to disclose information to them and no one else. Which type of NDA agreement should be presented to the consultant?ITExamAnswers asked 10 months ago • Ethical HackerA company hires a cybersecurity professional to perform penetration testing to assess government regulation compliance. Which document will be provided to the cybersecurity professional that specifies a detailed and descriptive list of all the deliverables, including the scope of the project, the timeline and report delivery schedule, the location of the work, and the payment schedule?ITExamAnswers asked 10 months ago • Ethical HackerA company hires a cybersecurity professional to perform penetration tests to assess government regulation compliance. Which legal document should be provided to the cybersecurity professional that specifies the expectations and constraints, including quality of work, timelines, and cost?ITExamAnswers asked 10 months ago • Ethical HackerAn employee of a cybersecurity consulting firm in the U.S. is assigned to help assess the system and operation vulnerabilities of several financial institutions in Europe. The task includes penetration tests for compliance. What is a key element the employee must have before starting the assignment?ITExamAnswers asked 10 months ago • Ethical HackerMatch the parts of Recommendation for Key Management in the NIST SP 800-57 to the description.ITExamAnswers asked 10 months ago • Ethical HackerWhat are two examples of sensitive authentication data associated with a payment card that requires compliance with the Payment Card Industry Data Security Standard (PCI DSS)? (Choose two.)ITExamAnswers asked 10 months ago • Ethical HackerIn e-commerce, what determines the application of the Payment Card Industry Data Security Standard (PCI DSS) requirements?ITExamAnswers asked 10 months ago • Ethical HackerIn the healthcare sector, which term is used to define an entity that provides payment for medical services?ITExamAnswers asked 10 months ago • Ethical Hacker