nerdexam
EC-Council

312-50V9 · Question #349

You are about to be hired by a well known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protect

The correct answer is C. Terms of Engagement. The Terms of Engagement (Rules of Engagement) formally defines the scope, authorized activities, limitations, and liability boundaries for a penetration test engagement.

Introduction to Ethical Hacking

Question

You are about to be hired by a well known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protects both the bank's interest and your liabilities as a tester?

Options

  • AService Level Agreement
  • BNon-Disclosure Agreement
  • CTerms of Engagement
  • DProject Scope

How the community answered

(18 responses)
  • C
    94% (17)
  • D
    6% (1)

Why each option

The Terms of Engagement (Rules of Engagement) formally defines the scope, authorized activities, limitations, and liability boundaries for a penetration test engagement.

AService Level Agreement

A Service Level Agreement defines expected service quality, uptime guarantees, and performance metrics between a service provider and customer, not the specifics of security testing authorization and liability.

BNon-Disclosure Agreement

A Non-Disclosure Agreement covers confidentiality of information exchanged between parties but does not define what testing is permitted, the associated violations, or liability protections for the tester.

CTerms of EngagementCorrect

The Terms of Engagement - sometimes called Rules of Engagement - is the legal and operational document that specifies exactly what systems can be tested, what techniques are authorized, the timeline, notification procedures, and the consequences for violations. It legally protects the bank by defining boundaries the tester cannot cross, and it protects the tester from liability by providing written authorization for activities that would otherwise be illegal. This document is the foundation of any authorized penetration test.

DProject Scope

Project Scope defines the boundaries of what is included in a project but is not a legal document addressing violations, liabilities, or the formal authorization required to conduct offensive security testing.

Concept tested: Rules of Engagement and legal authorization for pen testing

Source: http://www.pentest-standard.org/index.php/Pre-engagement#Rules_of_Engagement

Topics

#terms of engagement#penetration testing#legal documentation#scope definition

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice