Which of the following should be in place before a black box penetration test begins?
A.
IT management approval
B.
Proper communication and awareness training
C.
A clearly stated definition of scope
D.
An incident response plan
Explanation:
Having a clearly stated definition of scope is most important to ensure a proper understanding of
risk as well as success criteria, IT management approval may not be required based on senior
management decisions. Communication, awareness and an incident response plan are not a
necessary requirement. In fact, a penetration test could help promote the creation and execution
of the incident response plan.