Which of the following is the MOST important action to take when engaging third-party consultants to conduct an attack and penetration test?

Which of the following is the MOST important action to take when engaging third-party consultants
to conduct an attack and penetration test?

Which of the following is the MOST important action to take when engaging third-party consultants
to conduct an attack and penetration test?

A.
Request a list of the software to be used

B.
Provide clear directions to IT staff

C.
Monitor intrusion detection system (IDS) and firewall logs closely

D.
Establish clear rules of engagement

Explanation:

It is critical to establish a clear understanding on what is permissible during the engagement.

Otherwise, the tester may inadvertently trigger a system outage or inadvertently corrupt files. Not
as important, but still useful, is to request a list of what software will be used. As for monitoring the
intrusion detection system (IDS) and firewall, and providing directions to IT staff, it is better not to
alert those responsible for monitoring (other than at the management level), so that the
effectiveness of that monitoring can be accurately assessed.



Leave a Reply 0

Your email address will not be published. Required fields are marked *