EC-Council
312-50V9 · Question #349
312-50V9 Question #349: Real Exam Question with Answer & Explanation
The correct answer is C: Terms of Engagement. The Terms of Engagement (Rules of Engagement) formally defines the scope, authorized activities, limitations, and liability boundaries for a penetration test engagement.
Question
You are about to be hired by a well known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protects both the bank's interest and your liabilities as a tester?
Options
- AService Level Agreement
- BNon-Disclosure Agreement
- CTerms of Engagement
- DProject Scope
Explanation
The Terms of Engagement (Rules of Engagement) formally defines the scope, authorized activities, limitations, and liability boundaries for a penetration test engagement.
Common mistakes.
- A. A Service Level Agreement defines expected service quality, uptime guarantees, and performance metrics between a service provider and customer, not the specifics of security testing authorization and liability.
- B. A Non-Disclosure Agreement covers confidentiality of information exchanged between parties but does not define what testing is permitted, the associated violations, or liability protections for the tester.
- D. Project Scope defines the boundaries of what is included in a project but is not a legal document addressing violations, liabilities, or the formal authorization required to conduct offensive security testing.
Concept tested. Rules of Engagement and legal authorization for pen testing
Reference. http://www.pentest-standard.org/index.php/Pre-engagement#Rules_of_Engagement
Community Discussion
No community discussion yet for this question.