CompTIA
PT0-001 · Question #11
PT0-001 Question #11: Real Exam Question with Answer & Explanation
The correct answer is A: Rules of engagement. The Rules of Engagement (ROE) is the formal document that defines the specific technical and operational boundaries of a penetration test, including which IP addresses may be targeted and the permitted scanning windows.
Question
A security consultant receives a document outlining the scope of an upcoming penetration test. This document contains IP addresses and times that each can be scanned. Which of the following would contain this information?
Options
- ARules of engagement
- BRequest for proposal
- CMaster service agreement
- DBusiness impact analysis
Explanation
The Rules of Engagement (ROE) is the formal document that defines the specific technical and operational boundaries of a penetration test, including which IP addresses may be targeted and the permitted scanning windows.
Common mistakes.
- B. A Request for Proposal is a procurement document sent to vendors soliciting bids for services - it precedes the engagement and does not contain technical scanning parameters.
- C. A Master Service Agreement is a high-level legal contract establishing the overall business relationship and liability terms between parties, not granular technical test parameters.
- D. A Business Impact Analysis assesses the potential consequences of disruptions to business operations and is a risk management document unrelated to penetration test scoping.
Concept tested. Penetration test rules of engagement scoping document
Reference. https://www.comptia.org/training/resources/exam-objectives/comptia-pentest-pt0-002-exam-objectives
Community Discussion
No community discussion yet for this question.