A company hires a cybersecurity consultant to perform penetration tests and review the rules of engagement documents. The consultant notices that one element specifies that the tests should be performed toward only web applications on websites www1.company.com and www2.company.com, with no social engineering attacks and no cross-site scripting attacks. Which element in the document is used for the specification?

  • Post author:
  • Post category:Blog
  • Reading time:2 mins read
  • Post last modified:June 12, 2024

A company hires a cybersecurity consultant to perform penetration tests and review the rules of engagement documents. The consultant notices that one element specifies that the tests should be performed toward only web applications on websites www1.company.com and www2.company.com, with no social engineering attacks and no cross-site scripting attacks. Which element in the document is used for the specification?

  • location of testing 
  • types of allowed or disallowed tests 
  • IP addresses or networks from which testing will originate 
  • the security controls that could potentially detect or prevent testing

Explanation & Hint:

The rules of engagement document specify the conditions under which the security penetration testing engagement will be conducted. The types of allowed or disallowed tests element in the rules of engagement document should specify specific penetration tests that are allowed or disallowed.

For more Questions and Answers:

2.4.3 Quiz – Planning and Scoping a Penetration Testing Assessment Answers Full 100%

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments