PT0-002 · Question #229
PT0-002 Question #229: Real Exam Question with Answer & Explanation
The correct answer is D: To ensure someone is available if something goes wrong. A customer's requirement to conduct penetration testing activities only during normal business hours is primarily to ensure that technical staff are available to respond promptly if any issues or disruptions arise from the testing.
Question
A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?
Options
- ATo meet PCI DSS testing requirements
- BFor testing of the customer's SLA with the ISP
- CBecause of concerns regarding bandwidth limitations
- DTo ensure someone is available if something goes wrong
Explanation
A customer's requirement to conduct penetration testing activities only during normal business hours is primarily to ensure that technical staff are available to respond promptly if any issues or disruptions arise from the testing.
Common mistakes.
- A. While PCI DSS requires penetration testing, it does not specifically mandate that these activities must occur exclusively during normal business hours.
- B. Testing the customer's SLA with their ISP involves different metrics and testing methodologies, and scheduling penetration tests during business hours is not directly related to this.
- C. Limiting activities to business hours often increases the risk of impacting operational bandwidth during peak usage times, which contradicts the goal of avoiding performance issues due to bandwidth limitations.
Concept tested. Penetration testing scope and risk management
Topics
Community Discussion
No community discussion yet for this question.