nerdexam
EC-Council

312-50V11 · Question #482

You are about to be hired by a well known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protect

The correct answer is C. Terms of Engagement. The Terms of Engagement (also called Rules of Engagement) is the document that defines the scope, permitted actions, legal boundaries, and liabilities for both parties in a penetration test.

Information Security and Ethical Hacking Fundamentals

Question

You are about to be hired by a well known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protects both the bank's interest and your liabilities as a tester?

Options

  • AService Level Agreement
  • BNon-Disclosure Agreement
  • CTerms of Engagement
  • DProject Scope

How the community answered

(63 responses)
  • A
    3% (2)
  • B
    2% (1)
  • C
    95% (60)

Why each option

The Terms of Engagement (also called Rules of Engagement) is the document that defines the scope, permitted actions, legal boundaries, and liabilities for both parties in a penetration test.

AService Level Agreement

A Service Level Agreement (SLA) defines performance metrics and uptime guarantees for ongoing services; it does not govern the specific authorized actions and liabilities of a security test.

BNon-Disclosure Agreement

A Non-Disclosure Agreement (NDA) covers confidentiality of information shared between parties but does not define testing scope, permitted violations, or tester liabilities.

CTerms of EngagementCorrect

The Terms of Engagement formally establishes what systems may be tested, what techniques are authorized, the timeline, escalation procedures, and the legal protections for both the tester and the client. It is the primary document that prevents unauthorized activity from being classified as criminal and ensures the bank's assets are protected within agreed boundaries.

DProject Scope

A Project Scope document outlines deliverables and boundaries of a project in general terms but lacks the legal authorization language, violation definitions, and liability protections specific to penetration testing engagements.

Concept tested: Penetration testing rules of engagement documentation

Source: https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#terms of engagement#pen test documentation#legal agreements#scope

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice