A company hires a cybersecurity consultant to perform penetration tests. What should be the consultant’s first step in validating the engagement scope?
- Confirm the contents of the request for proposal (RFP).
- Request user credentials in accessing targeted systems.
- Question the company contact person and review contracts.
- Ensure that systems and network architectural diagrams are accurate.
Explanation & Hint:
The first step in validating the scope of an engagement is to question the client and review contracts. The consultant must understand the target audience for the penetration testing report. The consultant should also understand the subjects, business units, and any other entity such a penetration testing engagement will assess.