EC-Council
312-50V10 · Question #482
312-50V10 Question #482: Real Exam Question with Answer & Explanation
The correct answer is C: Terms of Engagement. The Terms of Engagement (also called Rules of Engagement) is the document that outlines testing specifics, permitted actions, associated violations, and liability protections for both the tester and the client organization.
Information Security and Ethical Hacking Fundamentals
Question
You are about to be hired by a well known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protects both the bank's interest and your liabilities as a tester?
Options
- AService Level Agreement
- BNon-Disclosure Agreement
- CTerms of Engagement
- DProject Scope
Explanation
The Terms of Engagement (also called Rules of Engagement) is the document that outlines testing specifics, permitted actions, associated violations, and liability protections for both the tester and the client organization.
Common mistakes.
- A. A Service Level Agreement defines performance metrics and service delivery expectations, not the legal boundaries or liability protections specific to penetration testing.
- B. A Non-Disclosure Agreement covers confidentiality of information exchanged, but does not define testing specifics, permitted techniques, or liability protections.
- D. A Project Scope document defines what systems or assets are in or out of scope but does not address violations, legal protections, or tester liability.
Concept tested. Penetration testing pre-engagement documentation and legal authorization
Reference. https://www.pentest-standard.org/index.php/Pre-engagement
Topics
#terms of engagement#legal agreements#penetration testing#scope
Community Discussion
No community discussion yet for this question.