PT0-002 · Question #498
PT0-002 Question #498: Real Exam Question with Answer & Explanation
The correct answer is D: Send a preengagement survey to the client to fill out. During the scoping phase, the most effective way for a penetration tester to obtain necessary information to begin testing is by sending a comprehensive pre-engagement survey to the client.
Question
A penetration test is in the scoping phase of an engagement. Which of the following describes how a penetration tester would most effectively obtain the information necessary to begin testing?
Options
- AWait for the client to tell them
- BStart an email chain so communications are documented
- CAsk previous penetration test providers what they looked at
- DSend a preengagement survey to the client to fill out
Explanation
During the scoping phase, the most effective way for a penetration tester to obtain necessary information to begin testing is by sending a comprehensive pre-engagement survey to the client.
Common mistakes.
- A. Simply waiting for the client to spontaneously provide information is passive, inefficient, and often results in incomplete or disorganized details for the engagement.
- B. While an email chain documents communications, it is not as structured or comprehensive as a dedicated pre-engagement survey for systematically collecting all required scoping information.
- C. Asking previous penetration test providers is often not feasible due to NDAs and client privacy, and the information obtained may be outdated or irrelevant to the current engagement's specific scope.
Concept tested. Penetration testing methodology - scoping and information gathering
Reference. https://www.sans.org/white-papers/33342/
Topics
Community Discussion
No community discussion yet for this question.