Prior to having a third party perform an attack and penetration test against an organization, the
MOST important action is to ensure that:
A.
the third party provides a demonstration on a test system.
B.
goals and objectives are clearly defined.
C.
the technical staff has been briefed on what to expect.
D.
special backups of production servers are taken.
Explanation:
The most important action is to clearly define the goals and objectives of the test. Assuming that
adequate backup procedures are in place, special backups should not be necessary. Technical
staff should not be briefed nor should there be a demo as this will reduce the spontaneity of the
test.