Free CompTIA PenTest+ PT0-002 Practice Question
As a penetration tester, you are contracted to assess the security of a multinational corporation's internal network. The corporation has multiple interconnected sites and relies heavily on cloud services. Which of the following is the most important initial step to ensure that your testing does not impact systems outside of the agreed scope?
Define and discuss a detailed target list with the client, including IP ranges, domains, and specified cloud services that are to be included in the assessment.
Start with an immediate vulnerability assessment of the IP ranges connected to their primary data center to look for potential entry points.
Begin testing on the client’s production cloud services to expose as many vulnerabilities as possible regardless of the scope to showcase due diligence.
Assume all interconnected sites are in scope unless otherwise informed by the client in order to conduct a thorough test of the network.
