Why is it important for a penetration tester to have established an agreement with management as
to which systems and processes are allowed to be tested?
A.
Penetration test results are posted publicly, and some systems tested may contain corporate
secrets.
B.
Penetration testers always need to have a comprehensive list of servers, operating systems, IP
subnets, and department personnel prior to ensure a complete test.
C.
Having an agreement allows the penetration tester to look for other systems out of scope and
test them for threats against the in-scope systems.
D.
Some exploits when tested can crash or corrupt a system causing downtime or data loss.