A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?
To ensure the assessment could proceed as planned and any unexpected issues could be addressed promptly, the security company should have acquired the proper emergency contacts for the client. Emergency contacts would allow the assessment team to quickly address any access issues or other obstacles encountered, especially given the tight timeframe and weekend testing window.
That is unlikely to start testing without credentials. Let's assume that credentials were known. What if e.g. environment maintenance took place over the weekend or MAC were white\blacklisted? D -> Emergency contact is correct
It specifically states in the question: "the client only allowed testing over the weekend and needed the results Monday morning." Therefore, it was known that this needed to happen, therefore this must have been determined. The issue is that this condition could not be met, but the team had no way to notify the client. Therefore, D.
I would go with D
D - gotta know who to contact during weekend hours if you don't have proper info/accesses.
Is not A, B or C because : A. A signed statement of work - "A new security firm is onboarding its first client" - it already has the approval B. The correct user accounts and associated passwords - "the assessment team was not able to access the environment as expected" - is not required to be Credential-based vulnerability assessment ! C. The expected time frame of the assessment - The client only allowed testing over the weekend and needed the results Monday morning - you have a timeframe
I agree with D for the reasons Kiduu stated below
If they had emergency contact information the issue would have been resolved. Answer D they couldnt resolve the issue because they didnt have the emergency contact
D - as per specifics on question stated... In order -> 1. Client only allowed testing over the weekend 2. Needed the results Monday morning. 3. Team not able to access environment as expected until Monday. 4. Which should company have acquired BEFORE start of assessment? SUMMARY: They knew they had to do it over the weekend and have results by Monday morning (yet unrealistic expectations).
It look me awhile to get this answer, but this made sense: A. A signed statement of work: While a signed statement of work is essential for establishing the scope, objectives, and terms of the assessment, it does not provide the necessary credentials or access to the client's environment. It is a contractual agreement outlining the scope of the work to be performed. C. The expected time frame of the assessment: Knowing the expected time frame of the assessment is important for planning purposes, but it does not resolve the issue of the assessment team's inability to access the environment over the weekend. It merely provides an understanding of the duration of the assessment. D. The proper emergency contacts for the client: While having the proper emergency contacts is crucial for communication and addressing any urgent situations during the assessment, it does not directly address the issue of the assessment team's inability to access the environment as expected
I agree with you
C is right. They should have assessed the timeframe to see if the weekend was enough time. There was no emergency here. They just went out of scope by performing the test into Monday.
C isn't saying they should have assessed/confirmed it, it is saying that they have gotten it. But we can already see that the time-frame is known. It's not the best question as it seems a bit open to interpretation but I'd got with D
If by not choosing A - a signed SOW, it means there isn't a signed SOW, then the test shouldn't go ahead. So BEFORE you do anything testing, you MUST have a signed SOW. I think it's a trick question steering people away from the obvious.
the answer is A you need a SOW to start work
It's unlikely to be D, because it doesn't mention anywhere that the team couldn't access contacts/etc. It's not B, because it didn't mention anywhere that there were credential problems. It IS C, because it claims the security team couldn't access the system; therefore, a clear timeline of expected access to said system should've been clarified to cover the security team.
Isn't the weekend and expected results by monday a clarified timeline though?
It's not A,B,C because: NOT-A) If I have to start, I suppose to have already signed SOW. The "was not able to access" suppose I'm trying, so I suppose to have already signed a SOW. NOT-B) We don't know if we are in a white/black box condition, we can assume for so strict times maybe we are in a white box and we received wrong credentials, but only calling the proper emergency contact for the client can solve this situation(D answer) NOT-C) Could be a good answer, but to acquire the expected time frame of the assessment doesn't help the assessment team -not able to access and produce results until Monday. That's why the right answer is D: If I have any doubt or problem or expected time frame compromised, I can advise the emergency contacts.
The user account and passwords must have been given to them, and in the SOW, it must have been included that all these would be provided. So, the emergency contact of the client is very necessary
In a security assessment, having the correct user accounts and associated passwords is crucial for the assessment team to access and test the client's environment. Without proper access credentials, the team might face delays in conducting the assessment, as described in the scenario. Acquiring this information before the start of the assessment helps ensure a smooth and timely process.
We don't now if it's a black box or white box test. I presume it's a black box test, so they have to find out about the credential by them self. If the SOW state that the work has to be done in the weekends, the contact has to be available in the weekend. So if i didn't get access to the system, i would have called the contact to see what was wrong. I would also checked if the system was attacked during that time.
"the assessment team was not able to access the environment as expected until Monday." It's not like the team could not get access to the environment due to failing credentials, it's because they didn't know when to the time frame. That's why it's mentioned they accessed the platform on Monday, and the question doesn't say this was with the assistance of the client. I am changing to C being the correct answer
It specifically states in the question: "the client only allowed testing over the weekend and needed the results Monday morning." Therefore, it was known that this needed to happen, therefore this must have been determined. The issue is that this condition could not be met, but the team had no way to notify the client. Therefore, D.