Question

Charleen is preparing to conduct a scheduled reconnaissance effort against a client site. Which of the following is not typically part of the rules of engagement that are agreed to with a client for a reconnaissance effort?

A.Add a note hereAdd a note hereTiming
B.Add a note hereAdd a note hereScope
C.Add a note hereAdd a note hereExploitation methods
D.Add a note hereAdd a note hereAuthorization

Answer 1

The element not typically included in the rules of engagement for a reconnaissance effort is exploitation methods, as reconnaissance usually only involves gathering information without actively attempting to exploit any vulnerabilities found.

Step-by-step explanation:

Charleen is in the process of preparing for a reconnaissance effort against a client site. When setting up rules of engagement (ROE) with a client for such efforts, certain elements are typically included to ensure that both parties understand the expectations and limitations of the testing. The rules of engagement usually cover the timing of the reconnaissance, the scope of the effort, and the authorization or permission needed to conduct the test.

However, exploitation methods are not typically part of the ROE for a reconnaissance effort. Reconnaissance generally involves gathering information about a target without actively trying to exploit vulnerabilities. Exploitation methods would come into play during a penetration testing phase, which is a separate effort conducted after the reconnaissance phase.

Key Elements Typically Included in ROE:

• Timing: The specific times when the reconnaissance can occur.
• Scope: The specific systems, networks, or physical locations to be observed.
• Authorization: The necessary permissions obtained from the client to legally conduct the reconnaissance.