Home » GIAC » GPEN » What is the MOST important document to obtain before beginning any penetration testing?
What is the MOST important document to obtain before beginning any penetration testing?
A. Project plan
B. Exceptions document
C. Project contact list
D. A written statement of permission
Correct Answer: A
Explanation/Reference:
Reference:
Before starting a penetration test, all targets must be identified. These targets should be obtained from the customer during the initial questionnaire phase. Targets can be given in the form of specific IP addresses, network ranges, or domain names by the customer. In some instances, the only target the customer provides is the name of the organization and expects the testers be able to identify the rest on their own. It is important to define if systems like firewalls and IDS/IPS or networking equipment that are between the tester and the final target are also part of the scope. Additional elements such as upstream providers, and other 3rd party providers should be identified and defined whether they are in scope or not.
Download Printable PDF. VALID exam to help you PASS.
|
|
Ill go with D