Amazon Consulting Corporation provides penetration testing and managed security services
to companies. Legality and regulatory compliance is one of the important components in
conducting a successful security audit. Before starting a test, one of the agreements both the
parties need to sign relates to limitations, constraints, liabilities, code of conduct, and
indemnification considerations between the parties.
Which agreement requires a signature from both the parties (the penetration tester and the company)?
A.
Non-disclosure agreement
B.
Client fees agreement
C.
Rules of engagement agreement
D.
Confidentiality agreement
A
C
All four… None of these can hold up if not both parties have confirmed them by signing/counter-signing them. The non-signing party can always claim the document presented was not the document presented and agreed to
That should read: “The non-signing party can always claim the document presented was not the document *originally* presented and agreed to”
Answer should be C.
Agreed that all 4 require both parties to sign but if you read the question carefully it states: “Before starting a test, one of the agreements both the
parties need to sign relates to limitations, constraints, liabilities, code of conduct, and indemnification considerations between the parties.” So the question it posses after must relate to the above – which gives you answer C.
C
C is the correct answer.
A.
Non-disclosure agreement
D.
Confidentiality agreement
=>signed by pentesting team.
B.
Client fees agreement
=>signed by client.