nerdexam
EC-Council

312-50V10 · Question #482

You are about to be hired by a well known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protect

The correct answer is C. Terms of Engagement. The Terms of Engagement (also called Rules of Engagement) is the document that outlines testing specifics, permitted actions, associated violations, and liability protections for both the tester and the client organization.

Information Security and Ethical Hacking Fundamentals

Question

You are about to be hired by a well known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protects both the bank's interest and your liabilities as a tester?

Options

  • AService Level Agreement
  • BNon-Disclosure Agreement
  • CTerms of Engagement
  • DProject Scope

How the community answered

(22 responses)
  • A
    5% (1)
  • C
    95% (21)

Why each option

The Terms of Engagement (also called Rules of Engagement) is the document that outlines testing specifics, permitted actions, associated violations, and liability protections for both the tester and the client organization.

AService Level Agreement

A Service Level Agreement defines performance metrics and service delivery expectations, not the legal boundaries or liability protections specific to penetration testing.

BNon-Disclosure Agreement

A Non-Disclosure Agreement covers confidentiality of information exchanged, but does not define testing specifics, permitted techniques, or liability protections.

CTerms of EngagementCorrect

The Terms of Engagement formally defines what tests are authorized, the methods allowed, legal boundaries, consequences for violations, and protections for both parties. It serves as the legal and operational contract that governs the entire penetration testing engagement, shielding the bank from unauthorized activity and the tester from liability.

DProject Scope

A Project Scope document defines what systems or assets are in or out of scope but does not address violations, legal protections, or tester liability.

Concept tested: Penetration testing pre-engagement documentation and legal authorization

Source: https://www.pentest-standard.org/index.php/Pre-engagement

Topics

#terms of engagement#legal agreements#penetration testing#scope

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice