OA Exams

  • California, TX 70240
  • Info@gmail.com
  • Office Hours: 8:00 AM – 7:45 PM
  • web.groovymark@gmail.com
  • December 5, 2024

Question 21

What is the “unknown environment” test strategy?

a) A method of testing where the team has no prior knowledge of the system
b) A testing strategy for cloud-based systems only
c) Testing that focuses on gathering metadata from files
d) Testing with complete access to source code

Correct Answer: A method of testing where the team has no prior knowledge of the system

Explanation: The unknown environment strategy mimics an attacker with no prior information about the network or system.

Question 22

Explain the “partially known environment” test strategy:

a) Testing where the team has no knowledge of the system
b) Testing conducted with limited information, such as code or internal functionality
c) Testing without source code but with access to physical systems
d) A test conducted only after vulnerabilities are fixed

Correct Answer: Testing conducted with limited information, such as code or internal functionality

Explanation: Partially known environment tests provide limited details to the PenTest team, allowing for focused testing on specific vulnerabilities.

Question 23

What are the three types of environment testing strategies?

a) Cloud, external, and internal testing
b) Black box, white box, and gray box testing
c) Known, unknown, and partially known environment testing
d) Web, mobile, and API testing

Correct Answer: Known, unknown, and partially known environment testing

Explanation: These three testing strategies define how much knowledge the PenTesting team has about the system.

Question 24

What should be discussed with stakeholders when determining the test scope?

a) Scope of assets and excluded elements
b) Only the budget of the test
c) Details of previous vulnerabilities found
d) Social engineering policies

Correct Answer: Scope of assets and excluded elements

Explanation: The test scope should clearly outline which assets are in scope, exclusions, timelines, restrictions, and relevant laws.

Question 25

What is an MSA (Master Service Agreement)?

a) A document that sets the terms of a particular project
b) A contract that outlines ongoing business relationship guidelines between two parties
c) A method for ensuring compliance with PCI DSS
d) A type of firewall setting for PenTest teams

Correct Answer: A contract that outlines ongoing business relationship guidelines between two parties

Explanation: An MSA is a general contract outlining guidelines for future engagements between two parties, allowing for flexibility in specific agreements.

Question 26

What is a SOW (Statement of Work)?

a) A detailed document outlining specific expectations for a business arrangement
b) A type of security assessment for internal assets
c) A test conducted in the post-compromise phase
d) A method for configuring DNS servers

Correct Answer: A detailed document outlining specific expectations for a business arrangement

Explanation: A SOW outlines deliverables, responsibilities, schedules, and other terms for a specific project or business agreement.

Question 27

What is an SLA (Service-Level Agreement)?

a) A type of cybersecurity standard
b) A contract outlining the terms of a service, including performance metrics and penalties
c) A methodology for penetration testing web applications
d) An audit performed after every test

Correct Answer: A contract outlining the terms of a service, including performance metrics and penalties

Explanation: SLAs define the level of service expected between a provider and client, with specific metrics for measuring performance and penalties for non-compliance.

Question 28

What are DNS records like MX, NS, TXT, and SRV used for?

a) To track server vulnerabilities
b) For storing malicious code
c) To provide critical information about domain services like mail servers and text data
d) To test vulnerability scans on DNS servers

Correct Answer: To provide critical information about domain services like mail servers and text data

Explanation: DNS records like MX (mail), NS (nameserver), TXT (text), and SRV (services) provide important information about how domains function.

Question 29

What is nslookup?

a) A tool for performing vulnerability assessments
b) A command-line tool to query domain records in DNS
c) A tool for scanning networks for open ports
d) A type of firewall configuration

Correct Answer: A command-line tool to query domain records in DNS

Explanation: Nslookup is used to query DNS and view records related to a domain.

Question 30

What is Dig used for?

a) A tool for mapping internal network devices
b) A tool for performing reverse DNS lookups and resolving IP addresses to domain names
c) A vulnerability scanner
d) A tool for collecting metadata

Correct Answer: A tool for performing reverse DNS lookups and resolving IP addresses to domain names

Explanation: Dig is used for DNS diagnostics, including reverse lookups that map IP addresses to domain names.

Question 31

 If you want to capture the SQL statement and bind variables when performing a standard statement audit, which value should the AUDIT_TRAIL parameter have?

A) NONE
B) DB
C) DB,EXTENDED
D) OS
E) OS,EXTENDED

Correct Answer: C) DB,EXTENDED

Explanation: The DB,EXTENDED setting for AUDIT_TRAIL captures SQL statements and bind variables during audits.

Question 32

Which of the following statements give user desmond the ability to alter table gl.accounts?

A) grant alter on gl.accounts to desmond;
B) grant alter to desmond on gl.accounts;
C) grant alter table to desmond;
D) allow desmond to alter table gl.accounts;

Correct Answer: A) grant alter on gl.accounts to desmond.

Explanation: The correct syntax for granting the ALTER privilege on a specific table is grant alter on gl.accounts to desmond.

Question 33

Which of the following statements has the correct syntax and gives the ability to grant the privilege to other users?

A) grant alter any table with grant option to desmond;
B) grant alter on gl.accounts to desmond with admin option;
C) grant alter any table to desmond with grant option;
D) grant alter any table to desmond with admin option;

Correct Answer: D) grant alter any table to desmond with admin option.

Explanation: The correct syntax for granting a system privilege with the ability to grant it to others is to use with admin option.

Question 34

Examine the CREATE USER statement and choose which of the following options best applies.

A) JOHN will not be able to log in to the database using SQL Plus until the DBA changes his password.
B) JOHN is authenticated by the database.
C) When tables are being created, if JOHN did not specify the TABLESPACE clause, the table will be created on the DATA01 tablespace.
D) Specifying unlimited space quota on INDEX01 is a redundant step because INDEX01 is JOHN’s default tablespace.

Correct Answer: B) JOHN is authenticated by the database.

Explanation: The user JOHN is authenticated by the database based on the password specified in the CREATE USER statement.

Question 35

User system granted the SELECT privilege on sh.products to user ian using WITH GRANT OPTION. Ian then granted SELECT on sh.products to user stuart. Ian has left the company, and his account has been dropped. What happens to Stuart’s privileges on sh.products?

A) Stuart loses his SELECT privilege on sh.products.
B) Stuart retains his SELECT privilege on sh.products.
C) Stuart loses his SELECT privilege if Ian was dropped with the CASCADE REVOKE option.
D) Stuart retains his SELECT privilege if Ian was dropped with the NOCASCADE REVOKE option.

Correct Answer: A) Stuart loses his SELECT privilege on sh.products.

Explanation: When object privileges are granted through an intermediary, they are revoked when the intermediary is dropped.

Question 36

User system granted the SELECT ANY TABLE privilege to user ian using WITH ADMIN OPTION. Ian then granted SELECT ANY TABLE to user stuart. Ian has left the company, and his account has been dropped. What happens to Stuart’s privileges?

A) Stuart loses his privileges.
B) Stuart retains his privileges.
C) Stuart loses his privileges if Ian was dropped with the CASCADE REVOKE option.
D) Stuart retains his privileges if Ian was dropped with the NOCASCADE REVOKE option.

Correct Answer: B) Stuart retains his privileges.

Explanation: System privileges are not affected by the removal of the user who granted them.

Question 37

Which of the following system privileges should be granted judiciously because they can allow the grantee to masquerade as another user?

A) CREATE ANY JOB
B) ALTER USER
C) CREATE ANY PROCEDURE
D) All of the above

Correct Answer: D) All of the above

Explanation: These system privileges allow actions that can be exploited to execute code or impersonate other users.

Question 38

 Which of the following statements enables the role user_admin in the current session?

A) alter session enable role user_admin;
B) alter session set role user_admin;
C) alter role user_admin enable;
D) set role user_admin;

Correct Answer: D) set role user_admin;

Explanation: The set role statement is used to enable roles within the current session.

Question 39

Which of the following SQL statements allows user augustin to use the privileges associated with the password-protected role info_czar that has been granted to him?

A) set role all;
B) alter user augustin default role all;
C) alter session enable role info_czar;
D) alter session enable info_czar identified by brozo;

Correct Answer: B) alter user augustin default role all.

Explanation: Specifying a role as a default role allows it to be used without explicitly setting it in the session.

Question 40

 By default, how much space can any account use for a new table?

A) None
B) Up to the current free space in the tablespace
C) Unlimited space, including autoextends
D) Up to the default quota established at tablespace creation time

Correct Answer: A) None

Explanation: By default, new user accounts do not have any space quota in tablespaces until a quota is explicitly assigned.

Complete the Captcha to view next question set.

Prev Post
WGU D332 Practice Exam Questions – Set 2 – Part 1
Next Post
WGU D332 Practice Exam Questions – Set 3 – Part 1