When engaging an external party to perform a penetration test, it is MOST important to:
When engaging an external party to perform a penetration test, it is MOST important to:
When engaging an external party to perform a penetration test, it is most important to define the project scope. This involves outlining the objectives, systems, and boundaries of the penetration test, ensuring the external party focuses on relevant areas while avoiding unintended consequences. Proper scope definition aligns the test with organizational goals and ensures that valuable resources are spent effectively.
C: A clearly defined scope
The Q doesn't mention whitebox or blackbox testing therefore providing assent inventory is not correct. even if it was specified, just providing inventory is not enough and would be covered under scope if necessary.
Have to define the scope so they are testing your public IPs and not someone else's IPs. Also do you want risky test that may take down a system etc.
C- Clearly outline the objectives, systems, and boundaries of the penetration test. Helps the external party focus on relevant areas and avoid unintended consequences. Ensures alignment with organizational goals.