.png){kind=logo}
D 484 / D484 Final Exam Review (Latest Update 2025 / 2026) Penetration Testing | Study Guide Questions with Verified Answers | Grade A | 100% Correct - WGU
Question:
A security team plans a lateral move within a client's Windows network. The intent is to exploit a flaw in the Distributed Component Object Model (DCOM) during the move. How does the team achieve this?A.Issue commands using SMB B.Use RPC as a transport mechanism C.Install the WinRM service D.Use remote access services
Answer:
B.Use RPC as a transport mechanism
The Remote Procedure Call (RPC) enables inter-process communications between local and remote systems. DCOM applications use RPC as a transport mechanism.
- / 4
Question:
A PenTester looks to automate some scanning that is required at a client site.What will the Nmap options -sV --script vulners accomplish? (Select all that apply.) A.Version detection on open ports B.OS detection on a target host C.Look for common vulnerabilities and exposures D.Exploit vulnerabilities
Answer:
A.Version detection on open ports C.Look for common vulnerabilities and exposures
Question:
A PenTester conducts a stealth scan of a network server from across a network. What does the tester know is true about scanning this way with Nmap? (Select all that apply.) A.Complete TCP three-way handshake B.Limited effectiveness C.Credentials are not used D.Credentials are used
Answer:
B.Limited effectiveness C.Credentials are not used 2 / 4
Question:
A penetration tester focuses on working on a particular server at a host organization that contains critical information and is of the highest priority to harden. At this time, there are no regulatory requirements to fulfill. What approach should the pen tester use to best assess this situation? (Select all that apply.) A.Goals B.Compliance C.Teams D.Objectives
Answer:
A.Goals D.Objectives
Question:
A project manager is reviewing the scope of a penetration test. Which of the following is least likely to be included?A.Location B.Target exclusions C.Framework D.Tools
Answer:
C.Framework
- / 4
The penetration testing framework is not likely to be included in scoping discussions. However, this can be beneficial outside the scope.
Question:
A public school system wishes to educate its student population with cybersecurity knowledge. They're particularly interested in a resource that provides a holistic, structured approach to PenTesting and offers its core materials without any cost. Which of the following is most suitable?
A.OWASP
B.NIST
C.OSSTMM
D.PTES
Answer:
C.OSSTMM
The Open-source Security Testing Methodology Manual (OSSTMM) provides a holistic, structured approach to PenTesting and is open-source, meaning its core materials are available without cost. This makes it suitable for a public school system looking to provide cybersecurity education without incurring additional expenses.
- / 4
.png)