John, the penetration testing manager in a pen testing firm, needs to prepare a pen testing
pricing report for a client. Which of the following factors does he need to consider while
preparing the pen testing pricing report?
A.
Number of employees in the client organization
B.
Complete structure of the organization
C.
Number of client computers to be tested and resources required to perform a pen test
D.
Number of servers available in the client organization
B
C
All of them are correct, but A, C and D are part of B… So B is the best answer.
C sure
C.
all could be correct but they are not necessarily correct. i.e. D could be correct if the plan is to pentest all available servers – but this may not be the case. Customer may only want his linux web servers tested!
B could be correct if the whole structure is to be pen tested.
Infact this is why C is definitely correct because it specifically mentions “client computers to be tested” – hence they must be considered for a price quote to be given
C
C is the correct answer.
The number of employees in the client organization (A) and the complete structure of the organization (B) are not the main concerns when preparing the pricing plan. For example, a company with >10000 employees, but test only the computers and the servers of one of the departments, say 100 computers and 10 servers. Can the pentesting firm charge more just because the company is bigger?
C.
Number of client computers to be tested and resources required to perform a pen test
=> the correct answer. It affects the time and money required for the whole project.
D.
Number of servers available in the client organization
=> “available” should be “to be tested.”