PT0-002 Question #223: Real Exam Question with Answer & Explanation

Question

A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester. Which of the following would be the most appropriate NEXT step?

Options

• ATerminate the contract.
• BUpdate the ROE with new signatures.
• CScan the 8-bit block to map additional missed hosts.
• DContinue the assessment.

Explanation

After a client provides updated IP addresses for an assessment due to an initial scope mismatch, the most appropriate next step for a penetration tester is to formally update the Rules of Engagement (ROE) to reflect the new scope.

Common mistakes.

• A. Terminating the contract is an extreme measure not warranted when the client is actively collaborating to provide correct scope information.
• C. An '8-bit block' (a /8 network) is significantly larger than the initial '16-bit block' (a /16 network), and scanning an arbitrarily larger block is unlikely to be the correct or most efficient next step when specific 'updated IPs' are provided.
• D. While the assessment will continue, updating the ROE to reflect the new scope is a critical administrative and ethical step that precedes resuming technical assessment activities with the new targets.

Concept tested. Penetration testing scope and Rules of Engagement (ROE)

Reference. https://www.nist.gov/document/nist-sp-800-115-technical-guide-information-security-testing-and-assessment

No community discussion yet for this question.