Examice

Exam CAS-004 All QuestionsBrowse all questions from this exam

Question 489

A company recently migrated its critical web application to a cloud provider’s environment. As part of the company's risk management program, the company intends to conduct an external penetration test. According to the scope of work and the rules of engagement, the penetration tester will validate the web application's security and check for opportunities to expose sensitive company information in the newly migrated cloud environment. Which of the following should be the first consideration prior to engaging in the test?

Prepare a redundant server to ensure the critical web application's availability during the test.

Obtain agreement between the company and the cloud provider to conduct penetration testing.

Ensure the latest patches and signatures are deployed on the web server.

Create an NDA between the external penetration tester and the company.

Correct Answer: B

Prior to engaging in a penetration test on a web application hosted in a cloud environment, it is crucial to obtain an agreement between the company and the cloud provider to conduct the test. This ensures that the test is legal and complies with the cloud provider's policies, which prevents any potential violations or unintended disruptions in the service.

Discussion

23169fdOption: B

B. Obtain agreement between the company and the cloud provider to conduct penetration testing is the most critical first consideration. This ensures that the test is conducted legally and within the cloud provider’s policies, preventing any potential violations or disruptions.