Which of the following should be in place before a black box penetration test begins?
A.
IT management approval
B.
Proper communication and awareness training
C.
A clearly stated definition of scope
D.
An incident response plan
Explanation:
Having a clearly stated definition of scope is most important to ensure a proper understanding of risk as well as success criteria, IT management approval may not be required based on senior management decisions.
Communication, awareness and an incident response plan are not a necessary requirement. In fact, a penetration test could help promote the creation and execution of the incident response plan.