Question

A security consultant receives a document outlining the scope of an upcoming penetration test. This document contains IP addresses and times that each can be scanned. Which of the following would contain this information?

a. Rules of engagement
b. Vulnerability assessment
c. Exploitation plan
d. Security policy

Answer 1

The document with IP addresses and times for scanning during a penetration test is the Rules of Engagement, which sets the parameters for the test.

Step-by-step explanation:

A document outlining the scope of an upcoming penetration test, including specific IP addresses and times for scanning, is known as the Rules of Engagement. This crucial document details the parameters within which the pen testers must operate, ensuring that the testing is both authorized and restricted to the agreed-upon infrastructure. It protects both the testing entity and the client from any legal issues that may arise from unauthorized testing and stipulates when and how the testing should occur to avoid disruption to business operations.