A penetration tester is scoping an engagement for a financial services company. The client wants to test their web application but explicitly excludes the production payment processing servers from scope. Which document should capture this exclusion to protect both the client and the tester legally?
More Engagement Management Questions
14 questions
Full CompTIA PenTest+ Practice Test
All topics covered
All CompTIA PenTest+ Questions
Browse by topic
Related Questions
Which document formally defines the boundaries, objectives, and rules of engagement for a penetratio...
A penetration tester is about to begin an assessment of a cloud-hosted application. Before launching...
During a penetration test, the tester discovers evidence of an active data breach unrelated to the t...
A client requests a penetration test of their environment but insists that only two IT administrator...
Which section of a penetration test report is specifically written for non-technical stakeholders su...
Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy
Discussion
Be the first to share your understanding of this concept
Sign in to join the discussion