1. What should be included in a penetration testing report?
   1. Executive summary
   2. Statement of methodology
   3. Findings
   4. All of above
2. How does NIST 800-30 categorize risk rating?
   1. Impact of Threat vs Threat Likelihood
   2. Severity vs Impact
   3. Impact vs Mitigation efforts
   4. Severity vs Asset Value
3. What is the common report format that can be imported into the reporting service?
   1. HTML
   2. XML
   3. CSV
   4. DOC
4. Which one of these is not used for web security testing?
   1. nmap
   2. uniscan
   3. dirb
   4. IDA
5. Which one is not used for network scanning?
   1. nmap
   2. xsser
   3. dnsenum
   4. dnsmap